Example probe rules file
The following is an example of a rules file.
probe.rules
#---------------------------------------------------------------------
# Licensed Materials - Property of IBM
# 5725-Q09
#
# (C) Copyright IBM Corporation 2017, 2018 All Rights Reserved.
# US Government Users Restricted Rights - Use, duplication
# or disclosure restricted by GSA ADP Schedule Contract
# with IBM Corp.
#---------------------------------------------------------------------
#---------------------------------------------------------------------
#
# Rules file intended to generate events from ASM, under Class 45111,
# from kafka topic itsm.status.json
#
#---------------------------------------------------------------------
if( match( @Manager, "ProbeWatch" ) )
{
switch(@Summary)
{
case "Running ...":
@Severity = 1
@AlertGroup = "probestat"
@Type = 2
case "Going Down ...":
@Severity = 5
@AlertGroup = "probestat"
@Type = 1
case "Start resynchronization" | "Finish resynchronization":
@Severity = 2
@AlertGroup = "probestat"
@Type = 13
case "Connection to source lost":
@Severity = 5
@AlertGroup = "probestat"
@Type = 1
default:
@Severity = 1
}
@AlertKey = @Agent
@Summary = @Agent + " probe on " + @Node + ": " + @Summary
}
else
{
################################################
# Input from ASM
#
# guaranteed json fields:
#
# statusId - the topology service status _id
# resources.0._id - the topology service resource _id
#
# tenantId - the topology service tenant _id
# providerName - the name of the resource provider
#
# status - the type of status affecting the resource
# state - the current resource state wrt this status
#
# resources.0.uniqueId - provider's id for the resource
#
# optional json fields:
#
# resources.0.name - resource name, as shown in the UI (falls back to uniqueId)
# observerName - the name of the observer generating this status
# description - human readable description of the status (falls back to the status type)
# severity - current severity of the status (defaults to 'indeterminate')
# eventType - type of event (defaults to 'ASM Status')
# expiryTimeSeconds - optional expiryTime for the event
#
################################################
##########################################################################################
# @AlertGroup # Purpose # @Type #
##########################################################################################
# ASM Status # Status about observed resources # Problem / Resolution #
# ASM Self Monitoring # Status about ASM itself # Problem / Resolution #
# ASM Resource Creation # Identifies newly created ASM resources # Information #
# ASM Resource Deletion # Identifies deleted ASM resources # Information #
##########################################################################################
@EventId = $status
@Manager = $observerName
@Customer = $tenantId
@Agent = $providerName
@NodeAlias = $(resources.0.uniqueId)
@LocalNodeAlias = $(resources.0._id)
if ( exists($statusId) )
{
@AsmStatusId = $statusId
}
@Node = $(resources.0.uniqueId)
if ( exists( $(resources.0.name) ) )
{
# This is a user-friendly string identifying the resource
@Node=$(resources.0.name)
}
@AlertGroup = "ASM Status"
if ( exists($eventType) )
{
@AlertGroup=$eventType
}
@ExpireTime = 0
if ( exists($expiryTimeSeconds) )
{
@ExpireTime=$expiryTimeSeconds
}
switch(@AlertGroup)
{
case "ASM Status" | "ASM Self Monitoring":
switch($state)
{
case "open":
@Type = 1
case "clear":
@Type = 2
case "closed":
@Type = 2
default:
@Type = 1
}
case "ASM Resource Creation":
@Type = 13
case "ASM Resource Deletion":
@Type = 13
default:
@Type = 13
}
@Severity=1
if ( exists($severity) )
{
switch($severity)
{
case "clear":
@Severity = 1
case "indeterminate":
@Severity = 1
case "warning":
@Severity = 2
case "minor":
@Severity = 3
case "major":
@Severity = 4
case "critical":
@Severity = 5
default:
@Severity = 1
}
}
@Summary=$status
if ( exists($description) )
{
@Summary=$description
}
if ( exists($observedTime) )
{
# The Object Server uses seconds, whereas ASM uses milliseconds
$seconds = regreplace($observedTime, "(.*?)\d\d\d$", "\1")
$milliseconds = regreplace($observedTime, ".*?(\d\d\d)$", "\1")
@LastOccurrence = $seconds
@LastOccurrenceUSec = int($milliseconds) * 1000
}
@AlertKey=$uniqueId + "->" + $status + "->" + @Agent + "->" + @Customer
@Identifier=@AlertKey + @Type
@Class = 45111