Example of rules file processing
This example shows how source data from Network Manager is processed by the rules
file to generate the output data that is inserted in the alerts.status
table.
The following sample code shows a Network Manager event data record that is passed to the Probe for Tivoli Netcool/OMNIbus for processing. In this record, a resolution event was created when ncp_ctrl started the ncp_store process.
{
EventName='ItnmServiceState';
Severity=1;
EntityName='BACKUP';
Description='ncp_store process [15299] has started';
ExtraInfo={
EVENTTYPE=2;
SOURCE='ncp_ctrl';
ALERTGROUP='ITNM Status';
EVENTMAP='ItnmStatus';
SERVICE='ncp_store';
PID=15299;
};
}The following excerpt from the probe rules file shows the syntax used to process and map these input fields to alerts.status fields:
...
#
# populate some standard fields
#
@Severity = $Severity
@Summary = $Description
@EventId = $EventName
@Type = $ExtraInfo_EVENTTYPE
@AlertGroup = $ExtraInfo_ALERTGROUP
@NmosEventMap = $ExtraInfo_EVENTMAP
@Agent = $ExtraInfo_SOURCE
if (exists($ExtraInfo_ACCESSIPADDRESS))
{
@Node = $ExtraInfo_ACCESSIPADDRESS
}
else
{
@Node = $EntityName
}
#
# Stamp the event with the name of its originating domain
#
@NmosDomainName = $Domain
@Manager = "ITNM"
@Class = 8000
#
# populate fields for RCA
#
@LocalNodeAlias = @Node
...
#
# Now set the AlertKey and Identifier
#
if (match(@AlertGroup, "ITNM Status"))
{
switch ($EventName)
{
case ...
...
case "ItnmServiceState":
@LocalPriObj = $ExtraInfo_SERVICE
...
case ...
....
}
}
#
# Both the Identifier and the AlertKey contain the domain name. This ensures
# that in a multi-domain setup, events are handled on a per-domain basis
#
#
# Include the LocalPriObj in the AlertKey or the link-downs on
# all interfaces will cleared by a link-up on any interface
#
@AlertKey = $EntityName + @LocalPriObj + "->" + $EventName + @NmosDomainName
#
# Set up deduplication identifier and include the LocalPriObj
# so we can correctly handle de-duplication of events raised on interfaces
#
@Identifier = $EntityName + @LocalPriObj + "->" + $EventName + @Type + @NmosDomainName
}
When rules file processing is complete, the output data that is forwarded to the ObjectServer takes the following form:
CMonitorProbeApp::ProcessStatusEvent
{
AlertGroup='ITNM Status';
EventId='ItnmServiceState';
Type=2;
Severity=1;
Summary='ncp_store process [15299] has started';
Node='BACKUP';
NmosDomainName='PRIMARY';
LocalNodeAlias='BACKUP';
LocalPriObj='ncp_store';
LocalRootObj='';
RemoteNodeAlias='';
AlertKey='BACKUPncp_store->ItnmServiceStateVIRTUAL';
Identifier='BACKUPncp_store->ItnmServiceState2VIRTUAL';
Class=8000;
Agent='ncp_ctrl';
LastOccurrence=1267122089;
}Based on the rules file processing in this example, it can be seen that the Network Manager input fields map to the alerts.status fields as follows:
| Network Manager field | alerts.status field |
|---|---|
| EventName | EventId |
| Severity | Severity |
| EntityName | Node |
| Description | Summary |
| ExtraInfo->EVENTTYPE | Type |
| ExtraInfo->SOURCE | Agent |
| ExtraInfo->ALERTGROUP | AlertGroup |
| ExtraInfo->EVENTMAP | NmosEventMap |
| ExtraInfo->SERVICE | LocalPriObj |