Previous Topic: Maintain Filtered Events

Next Topic: Troubleshoot Integration

Integrating with Other ProductsCA NSM IntegrationPost Integration ProcessFilter Rule ConsiderationsMaintain Filtered EventsExample

Example

Following is an example of how one organization implemented filtered events in an integrated installation of CA SDM and CA NSM.

To automatically create requests when a critical status appears on the CA NSM WorldView map, the CA SDM administrator (Ken) must create an event filter rule to identify the events to which he wants to respond. He must also create an event writer rule to specify the action to perform when events of this type are received.

Ken decides that he will use one simple filter rule at first. Then, as he becomes more familiar with the system, he will use a more complex set of rules. He decides to capture each critical event from U.S. servers. His system uses the convention that names all servers located in the contiguous United States as usaxxx, so this is very simple.

Ken first edits the tngfilter_rule.dat filter rule file in the $NX_ROOT/site/eh/IP directory on the CA SDM server, where IP is the IP address of the CA SDM server. He uses the UNIX vi editor, although he could use any text editor that does not add extraneous control characters (we recommend that Windows users use WordPad to edit files).

In the tngfilter_rule.dat file, the pound sign (#) is the comment character. Any characters after the pound sign are ignored when the rules are read. Most of the lines in Ken's tngfilter_rule.dat file are commented out, but he notices the following lines: 

# Report All Events (separately) 
uni:::*:::*:::.*:::(0,1) 
tng:::*:::*:::.*:::(0,1)

These lines constitute an open filter; that is, a filter that will pass all events to the event writer.

Ken changes these lines to: 

# Report All Events (separately) 
# uni:::*:::*:::.*:::(0,1) 
tng:::*:::*:::Object_Status_Updated.*Critical.*:::(0,1)

Ken comments out the uni line because he is currently interested only in Windows CA NSM events. He enters Object_Status_Updated.*Critical.* in the event_ID field in the tng line because he wants the filter to pass only Object_Status_Updated.*Critical.* events. CA NSM generates Object_Status_Updated.*Critical.* events when the state of an object becomes critical.

After saving the filter rule file, Ken edits the tngwriter_rule.dat writer rule file found in $NX_ROOT/site/eh/IP on the CA SDM server, where IP is the IP address of the CA SDM server.

As with the filter rules, most of the lines in the file are comments. The last two lines in the file show the default writer rule definitions. Ken wants to pay attention to events from Windows CA NSM only, so he comments out the first of these two lines.

Ken formats the second line following these steps:

  1. He has already set his filter to pass only critical events, so he leaves the event ID open with .*.
  2. He wants to accept events from U.S. servers only, so he enters usa.* in the device field.
  3. He wants to accept events from any user, so the user field remains asterisk (*).
  4. He wants to write a new request for each critical event, so he leaves CR_CREATE in the action field.
  5. He has already entered a suitable request template in the system, so he enters its name, CriticalTemplate, in the template field.
  6. He does not want any other logging done, so the logging field remains NONE.

Here are the results of Ken's edit: 

# .*:::.*:::*:::uni:::*:::CR_CREATE:::::::::NONE 
.*:::usa.*:::*:::tng:::*:::CR_CREATE:::CriticalTemplate::::::NONE

Ken saves the writer rule file, and then recycles the CA SDM server. He is ready to receive events and write requests automatically.