This section includes all the policy sections that you created for this example:
<Catalog version="1.0" globalextends="GLOBAL!">
<!-- ======Event Class====== --> <EventClass name="Item"> <!-- Classify --> <Classify>
<Field input="snmp_varbindoids" pattern=".*1\.3\.6\.1\.4\.1\.11203\.9.*$" output="eventtype" outval="ITActivity" />
</Classify> <Parse>
<Field input="snmp_varbindvals" output="temp_nodetype,temp_nodename,temp_domain,temp_applname,temp_applgen,temp_ jobname,temp_jobequal,temp_state,temp_status" pattern="^(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?)$" />
</Parse> <Format>
<!-- Non-Correlatable properties -->
<Field output="MdrElementID" format="{0}" input="AlertedMdrElementID" />
</Format> </EventClass> <!-- ======Event Class====== --> <EventClass name="ITActivity" extends="Item"> <Normalize>
<Field input="temp_state" type="map" output="activityState"> <mapentry mapin="[Uu][Nn][Kk][Nn][Oo][Ww][Nn]" mapout="Unknown" /> <mapentry mapin="[Cc][Oo][Mm][Pp][Ll][Ee][Tt][Ee]" mapout="Finished" /> <mapentry mapin="[Mm][Oo][Nn][Ii][Tt][Oo][Rr]" mapout="Normal" /> <mapentry mapin="[Ee][Xx][Ee][Cc]" mapout="Normal-Running" /> <!-- Informational --> <mapentry mapin="[Ff][Aa][Ii][Ll][Ee][Dd]" mapout="Trouble" /> <mapentry mapin="[Pp][Rr][Ee][Mm][Aa][Tt][Uu][Rr][Ee] [Ee][Nn][Dd]" mapout="Obstructed" /> <mapentry mapin="[Ii][Nn][Aa][Cc][Tt][Ii][Vv][Ee]" mapout="Normal-Waiting" /> <mapentry mapin="[Oo][Vv][Ee][Rr][Dd][Uu][Ee]" mapout="Obstructed" /> <mapentry mapin="[Ss][Uu][Bb][Ee][Rr][Rr][Oo][Rr]" mapout="Finished-Completed" /> <mapentry mapin="[Aa][Gg][Ee][Nn][Tt] [Dd][Oo][Ww][Nn]" mapout="Trouble" /> <!-- Fatal --> <mapentry mapin="[Rr][Ee][Aa][Dd][Yy]" mapout="Normal" /> <mapentry mapin="[Aa][Bb][Aa][Nn][Dd][Oo][Nn] [Ss][Uu][Bb][Mm][Ii][Ss][Ss][Ii][Oo][Nn]" mapout="Finished-Abandoned" /> </Field>
</Normalize> <Format>
<!-- Correlatable properties, must populate at least one -->
<Field output="ActivityID" format="{0}" input="temp_jobname" />
<Field conditional="snmp_agent" output="DeviceIPV4Address" format="{0}" input="snmp_agent" />
<!-- verify that at least one property is set -->
<Field conditional="DeviceIPV4Address" output="temp_atleastoneset" format="{0}" input="DeviceIPV4Address" />
<Field conditional="!temp_atleastoneset" output="Error" format="At least one correlatable property is not set" input="" />
<!-- Non-Correlatable properties -->
<Field output="RuntimeName" format="{0}.{1}.{2}" input="temp_applname,temp_applgen,temp_jobname" />
<Field output="RuntimeDiscriminator" format="{0}" input="temp_applgen" />
<Field output="DefinitionName" format="{0}.{1}" input="temp_applname,temp_jobname" />
<Field output="ActivityTypes" format="Job" input="" />
<Field conditional="activityState" output="ActivityState" format="{0}" input="activityState" />
<Field conditional="temp_state" output="StateDescription" format="{0} present status is {1}" input="temp_jobname,temp_state" />
</Format> </EventClass> <!-- ======Event Class====== --> <EventClass name="Alert"> <Parse>
<Field input="snmp_varbindvals" output="temp_nodetype,temp_nodename,temp_domain,temp_applname,temp_applgen,temp_jobname,temp_jobequal,temp_state,temp_status" pattern="^(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?)$" />
</Parse> <Normalize>
<Field input="temp_state" type="map" output="severity"> <mapentry mapin="[Uu][Nn][Kk][Nn][Oo][Ww][Nn]" mapout="Unknown" /> <mapentry mapin="[Cc][Oo][Mm][Pp][Ll][Ee][Tt][Ee]" mapout="Normal" /> <mapentry mapin="[Mm][Oo][Nn][Ii][Tt][Oo][Rr]" mapout="Normal" /> <mapentry mapin="[Ee][Xx][Ee][Cc]" mapout="Normal" /> <!-- Informational --> <mapentry mapin="[Ff][Aa][Ii][Ll][Ee][Dd]" mapout="Critical" /> <mapentry mapin="[Pp][Rr][Ee][Mm][Aa][Tt][Uu][Rr][Ee] [Ee][Nn][Dd]" mapout="Critical" /> <mapentry mapin="[Ii][Nn][Aa][Cc][Tt][Ii][Vv][Ee]" mapout="Minor" /> <mapentry mapin="[Oo][Vv][Ee][Rr][Dd][Uu][Ee]" mapout="Major" /> <mapentry mapin="[Ss][Uu][Bb][Ee][Rr][Rr][Oo][Rr]" mapout="Major" /> <mapentry mapin="[Aa][Gg][Ee][Nn][Tt] [Dd][Oo][Ww][Nn]" mapout="Critical" /> <!-- Fatal --> <mapentry mapin="[Rr][Ee][Aa][Dd][Yy]" mapout="Normal" /> <mapentry mapin="[Aa][Bb][Aa][Nn][Dd][Oo][Nn] [Ss][Uu][Bb][Mm][Ii][Ss][Ss][Ii][Oo][Nn]" mapout="Unknown" /> </Field>
</Normalize> <Format>
<!-- Correlatable properties, must populate at least one -->
<!-- Non-Correlatable properties -->
<Field output="MdrElementID" format="alert-{0}:{1}:{2}" input="snmp_agent,temp_applname,temp_jobname" />
<Field output="OccurrenceTimestamp" format="{0}" input="{xsdateTime(now)}" />
<Field output="ReportTimestamp" format="{0}" input="{xsdateTime(now)}" />
<Field output="AlertType" format="{0}" input="Risk-Fault" />
<Field conditional="severity" output="Severity" format="{0}" input="severity" />
<Field output="AlertedMdrProduct" format="CA:00036" input="" />
<Field output="AlertedMdrProdInstance" format="{0}" input="{fqdn(snmp_agent)}" />
<!-- Assign instance name -->
<Field conditional="snmp_agent" output="Section1" format="{0}" input="snmp_agent" />
<Field conditional="!snmp_agent" output="Flag" format="false" input="" />
<Field conditional="temp_applname" output="Section2" format="{0}" input="temp_applname" />
<Field conditional="!temp_applname" output="Flag" format="false" input="" />
<Field conditional="temp_jobname" output="Section3" format="{0}" input="temp_jobname" />
<Field conditional="!temp_jobname" output="Flag" format="false" input="" />
<Field conditional="Flag" output="AlertedMdrElementID" format="" input="" />
<Field conditional="!Flag" output="AlertedMdrElementID" format="{0}:{1}:{2}" input="Section1,Section2,Section3" />
<Field output="Summary" format="{0}" input="temp_status" />
<Field conditional="temp_state" output="Message" format="{0} alert on {1} scheduled on host {2}" input="temp_state,temp_jobname,snmp_agent" />
<Field output="MetricName" format="{0}" input="Job Status" />
<Field output="MetricType" format="{0}" input="Unknown" />
<Field output="MetricUnitDefinition" format="{0}" input="Number" />
<Field output="MetricDataType" format="{0}" input="String" />
</Format> </EventClass> <!-- ======Event Class====== --> <EventClass name="USM-Entity" /> </EventClass>
</Catalog>
|
Copyright © 2013 CA.
All rights reserved.
|
|