This scenario describes how to receive events from a group of systems, but avoiding multiple notifications of the same event when that event occurs within a specified time.
A security administrator needs to know about all events that have the class Security from the Cruet group. The administrator wants the events to be sent by an eventlist to the workstation admin.reo.dec.com. However, if the same event recurs within 60 seconds, it is to be ignored. Notification begins again when that event occurs more than 60 seconds from the original notification.
One action, one filter and one dispatch are required. The action will use the eventlist action routine to dispatch the events.
Assume that the events, classes and serviced systems have already been created in the configuration database, and that the systems are in a group called Cruet. Also, the DECwindows Motif transport is TCP/IP.
To set up the filtering mechanism for duplicate events from a group of systems, do the following:
|
Step |
Action |
CLI |
C3 |
|---|---|---|---|
|
1. |
Start the configuration editor |
Starting the Configuration Editor in Chapter 4, “Modifying the Configuration Database” |
Starting the Configuration Editor in Chapter 4, “Modifying the Configuration Database” |
|
2. |
Create an action with the following attributes: Name Enter Security Information Enter Security events on the Cruet Group Command Enter: CONSOLE$EVENTLIST Action Type Select the “ALL events and EACH userdata item” option Parameters |
Adding Actions in Chapter 11, “Setting Up the ENS Components” |
Adding Actions in Chapter 11, “Setting Up the ENS Components” |
|
3. |
Create a filter with the following attributes: Name Enter Security Information Enter Security events on the Cruet Group Event Set to 60 seconds Interval Events Deselect All Events Classes1 Deselect All Classes, and select only the Security class Systems Deselect All Systems Groups Deselect All Groups, and select only the Cruet Group Subsystems Select All Subsystems Priorities Select All Priorities. |
Adding Filters and Dispatches in Chapter 11, “Setting Up the ENS Components” |
Adding Filters in Chapter 11, “Setting Up the ENS Components” |
|
4. |
Create a dispatch for the filter with the following attributes: Action to Enter Security Dispatch Information Enter Security events Userdata Enter admin.reo.dec.com 0 0 tcpip Select Execute at all Times on All Days |
Adding Filters and Dispatches in Chapter 11, “Setting Up the ENS Components” |
Adding Dispatches for Your Actions in Chapter 11, “Setting Up the ENS Components” |
|
Copyright © 2010 CA.
All rights reserved.
|
|