Configuring a probe to flag events for acceleration
If the conditions for accelerated event notification are complex, determine whether to set up the conditions within the probe rules file.
About this task
You might also need to add a dedicated event column to the alerts.status table to flag events for acceleration, and use this field in your probe rules file.
The following sample probe rules file depicts how an event stream can be parsed in order to determine which events are considered high priority. At the top of the rules file, elements (indicated by the $ symbol) are assigned to ObjectServer fields (indicated by the @ symbol). The conditional statement uses the $Summary element to set the AlertKey and FastTrack values in the alerts.status table.
The statement translates to: if the Summary value begins with 'Port failure', then insert the port number value into the AlertKey field in the alerts.status table, and insert a value of 1 into the FastTrack field in the alerts.status table. Otherwise, if the Summary value begins with the string 'Diskspace', insert the concatenated percent value and % full string into the AlertKey field in the alerts.status table.
@Manager = "Simnet Probe"
@Class = 3300
@Node = $Node
@Agent = $Agent
@AlertGroup = $Group
@Summary = $Summary
@Severity = $Severity
@Identifier = $Node + $Agent + $Severity + $Group
if (nmatch($Summary, "Port failure"))
{
@AlertKey = $PortNumber
@FastTrack = 1
}
else if (nmatch($Summary, "Diskspace"))
{
@AlertKey = $PercentFull + "% full"
}