An event policy is a combination of event search patterns and an action to perform when the patterns match. You can do the following with event policies:
Event policies let you manage when and how events become alerts in CA SOI. The following action types are available:
Lets you exclude events that match search patterns from becoming alerts. For example, you can discard all events with a severity that is less severe than Major so that only events with high severities appear as alerts. You can also explicitly 'include' matching events rather than discarding them.
Lets you create a new event when a match occurs. You specify all property values for the new event, which can be custom values or based on values in the matching events. For example, you can create a new event based on a correlated set of events that, when occurring together, indicates a more severe problem.
Lets you add information to an event from outside sources when a match occurs. For example, you can add contact information to events from an external database or use the Map only feature and add static information.
Lets you configure custom mappings from raw event properties to USM alert properties. For example, you can normalize SNMP traps from a specific source so that their variable bindings map to their appropriate USM properties.
Event policy helps ensure that as events become alerts that appear in the Operations Console, they represent a consolidated, high quality, actionable set of conditions.
|
Copyright © 2013 CA.
All rights reserved.
|
|