AEC allows the matching of events based on patterns instead of fixed strings. These text patterns are known as regular expressions, and they are stored in the match event fields of AEC. AEC uses the Perl-compatible Regular Expression Library for the evaluation of regular expressions.
Regular expressions evaluate text data and return an answer of true or false. That is, either the input string matches or it does not. Regular expressions consist of characters to be matched as well as a series of special characters that further describe the data. The description specified by special characters (also called meta characters) can be in the form of position, range, repetition, and placeholders.
Within AEC, rules can be specified for the set of possible events that you want to match. Regular expressions can also be used to split the event apart in various ways. Regular expressions are also used to extract parts of strings and store the parts as tokens.
All fields of the Match Event accept regular expressions, including the following:
AEC correlates only those messages whose node, user, station, message string, and so on, matches what is specified in the match event of a rule, and then triggers that rule.
For a list of regular expressions and their meanings, see the online help.
Note: For more information about Advanced Event Correlation, see the guide Inside Event Management and Alert Management and the online help for any of the AEC help systems.
|
Copyright © 2010 CA.
All rights reserved.
|
|