NerveCenterTM: Integration with Micromuse Netcool/OMNIbus - Sample Rules File - Sample Nervecenter.rules File -
Sample Rules File      NerveCenterTM 3.8: Node Classification

Sample Nervecenter.rules File

The sample that follows shows the complete rules file.

########################################################################

# Copyright (C) 1998 Omnibus Transport Technologies Ltd.

# All Rights Reserved

# RESTRICTED RIGHTS:

# This file may have been supplied under a license.

# It may be used, disclosed, and/or copied only as permitted

# under such license agreement. Any copy must contain the

# above copyright notice and this restricted rights notice.

# Use, copying, and/or disclosure of the file is strictly

# prohibited unless otherwise provided in the license agreement.

# Ident: $Id: nervecenter.rules 1.1 1998/07/07 09:23:42 nic Development $

#######################################################################

table interfaces = "/opt/Omnibus/probes/hpux10/Tables/interfaces.lookup"

default="NoMatch"

table fr = "/opt/Omnibus/probes/hpux10/Tables/fr.lookup"

default="NoMatch"

table bgp = "/opt/Omnibus/probes/hpux10/Tables/bgp.lookup"

default="NoMatch"

table junction = "/opt/Omnibus/probes/hpux10/Tables/junction.lookup"

default="NoMatch"

table abbreviations = "/opt/Omnibus/probes/hpux10/Tables/abbreviations.lookup"

default="9999"

table supportdefinitions = "/opt/Omnibus/probes/hpux10/Tables/supportdefinitions.lookup"

default="0"

table exceptionscity = "/opt/Omnibus/probes/hpux10/Tables/exceptionscity.lookup"

default="Unknown"

table exceptionsdevfun = "/opt/Omnibus/probes/hpux10/Tables/exceptionsdevfun.lookup"

default="Unknown"

##################################################################

# Other Generic Definitions

$DISPLAYON = 1

$DISPLAYOFF = 0

$DONOTFORWARDEVENT = 0

$FORWARDEVENT = 1

$ACKFORWARDEVENT = 2

$UNDEFINED_SERVICE = 999

$UNDEFINED_CLASS = 9999

$NULL = 0

$UNKNOWN = "Unknown"

$UNDEFINED = "Undefined"

$CUSTOMER = "xxx"

$STARTEVENT = 1

$ENDEVENT = 0

#

# Put ProbeWatch Specific messages here, ie to customise Agent names

# !! This is not part of management system event processing

#

if( match( @Manager, "ProbeWatch" ) )

{

switch(@Summary)

{

case "Running ...":

@AlertGroup = "probestat"

@Type = 2

@Rise = $STARTEVENT

case "Going Down ...":

@AlertGroup = "probestat"

@Type = 1

@Rise = $ENDEVENT

default:

}

@AlertKey = @Agent

@Summary = @Agent + " probe on " + @Node + ": " + @Summary

} else

{

switch($MessageType)

{

case "Connection Accepted":

@Identifier = $MessageType + $ServerID

@Summary = "Connection accepted from " + $ServerID

@Severity = 0

case "Connection Rejected":

@Identifier = $MessageType + $ServerID

@Summary = "Connection rejected from " + $ServerID

@Severity = 3

case "Exit Notification":

@Identifier = $MessageType + $ServerID

@Summary = "Exit notification received from " + $ServerID

@Severity = 1

case "Inform Netcool":

@Agent = "NerveCenter-site"

@Node = $NodeName

@NodeAlias = $IPAddr

@Summary = "??: " + $MesgID

@Manager = "manager1"

@Severity = 1

@Type = 1

#######################################################################

#

# The Informs start here for main rules section (non ProbeWatch alerts).

# !! This IS where management system event processing starts

#

# Default User specific fields

@RemedyFlag = $DONOTFORWARDEVENT

@ProcessedFlag= $NULL

@LoggedFlag = $NULL

@DatabaseFlag = $DONOTFORWARDEVENT

@AlertClass = $NULL

@DevFuncCode = $UNKNOWN

@CustomerCode = $UNKNOWN

@CityCode = $UNKNOWN

@Location = $UNKNOWN

@Class = $UNDEFINED_CLASS

@DisplayFlag = $DISPLAYOFF

@Interface = $UNDEFINED

@Rise = $STARTEVENT

#

# SupportClass is a reference indicating the Support for a particular event

#

$UNDEFINED_SUPPORT = "0"

$INTERNAL = "1"

$REMOTE = "2"

$BUSINESS = "3"

$OPERATIONS = "4"

@SupportClass = $UNDEFINED_SUPPORT

#

# VendorClass is defined by the division of the Class by the value of 100

# VendorClass table will look like:

#

# 10 Cisco

# 11 Bay

# 99 Other

#

$CISCO = "10"

$BAY = "11"

$OTHER = "99"

@VendorClass = $OTHER

#

# AlertClass Definitions

$LINKFAILURE = "LinkFailure"

$ROUTINGFAILURE = "RoutingFailure"

$COMPONENTFAILURE = "CompentFailure"

$ENVFAILURE = "EnvironmentalFailure"

$NODEFAILURE = "NodeFailure"

$PERFORMANCE = "Performance"

$OTHERCLASS = "Other"

# EventType Definitions

$TRAFFICDROP = "TrafficDrop"

$TRAFFICLOAD = "TrafficLoad"

$PACKETLOSS = "PacketLoss"

$BGPFAILURE = "BGPFailure"

$SERVICEFAILURE = "ServiceFailure"

$MEMORYFAILURE = "MemoryFailure"

$LINKDOWN = "LinkDown"

$NODEDOWN = "NodeDown"

$SECURITY = "Security"

$CPUFAILURE = "CPUFailure"

$LINKERROR = "LinkError"

$SNMPFAILURE = "SnmpFailure"

# If the Node Name is NOT an IP address - parse out info from the name

#

if (regmatch(@Node, "^[a-zA-Z][a-zA-Z][a-zA-Z][0-9][0-9][a-zA-Z][a-zA-Z][a-zA-Z]")) {

@DevFuncCode = extract(@Node, "([a-zA-Z][a-zA-Z][a-zA-Z]+)")

$junction = lookup(@Node,junction)

if (match($junction,"NoMatch")) {

@SupportClass = lookup (@DevFuncCode, supportdefinitions)

} else {

@SupportClass = lookup ($junction, supportdefinitions)

}

@Class = lookup (@DevFuncCode, abbreviations)

@CustomerCode = "abc"

@CityCode = extract(@Node, ".*([a-zA-Z][a-zA-Z][a-zA-Z])")

@VendorClass = int(@Class)/100

@Location = $RWCom

@DisplayFlag = $DISPLAYON

} else

#

if (regmatch(@Node, "^[a-zA-Z][a-zA-Z][0-9][0-9][a-zA-Z][a-zA-Z][a-zA-Z]")) {

@DevFuncCode = extract(@Node, "([a-zA-Z][a-zA-Z]+)")

@CustomerCode = "abc"

@CityCode = extract(@Node, ".*([a-zA-Z][a-zA-Z][a-zA-Z])")

@Class = lookup (@DevFuncCode, abbreviations)

@VendorClass = int(@Class)/100

@SupportClass = lookup (@DevFuncCode, supportdefinitions)

@Location = $RWCom

@DisplayFlag = $DISPLAYON

} else

#

if (regmatch(@Node, "^[a-zA-Z][a-zA-Z][a-zA-Z][0-9][a-zA-Z][a-zA-Z][a-zA-Z][a-zA-Z]")) {

@DevFuncCode = extract(@Node, "([a-zA-Z][a-zA-Z][a-zA-Z]+)")

@CustomerCode = "abc"

@CityCode = extract(@Node, ".*([a-zA-Z][a-zA-Z][a-zA-Z])")

@Class = lookup (@DevFuncCode, abbreviations)

@VendorClass = int(@Class)/100

@SupportClass = lookup (@DevFuncCode, supportdefinitions)

@Location = $RWCom

@DisplayFlag = $DISPLAYON

} else

#

if (regmatch(@Node, "^yes[0-9][0-9][0-9]i[0-9][0-9][a-zA-Z][a-zA-Z][a-zA-Z]")) {

@DevFuncCode = extract(@Node, "([a-zA-Z][a-zA-Z][a-zA-Z]+)")

@CustomerCode = "abc"

@CityCode = extract(@Node, ".*([a-zA-Z][a-zA-Z][a-zA-Z])")

@Class = lookup (@DevFuncCode, abbreviations)

@VendorClass = int(@Class)/100

@SupportClass = lookup (@DevFuncCode, supportdefinitions)

@Location = $RWCom

@DisplayFlag = $DISPLAYON

} else

{

#

# Pick up the odd nodes

@DevFuncCode = lookup(@Node, exceptionsdevfun)

$junction = lookup(@Node,junction)

if (match($junction,"NoMatch")) {

@SupportClass = lookup (@DevFuncCode, supportdefinitions)

} else {

@SupportClass = lookup ($junction, supportdefinitions)

}

@CustomerCode = "abc"

@CityCode = lookup(@Node, exceptionscity)

@Class = lookup (@DevFuncCode, abbreviations)

@VendorClass = int(@Class)/100

@Location = $RWCom

@DisplayFlag = $DISPLAYON

}

#

# Check to see if @Class was not set (Normally because not found in any lookup

if (int(@Class) == 0) {

@Class = $UNDEFINED_CLASS

@VendorClass = $OTHER

}

# Next Enterprise: NetLabs_NerveCenter .1.3.6.1.4.1.78

switch($MesgID)

{

case "3004":

# NC_alarm1

@AlertKey = $AlrmDN + $NodeName

@AlertGroup = $AlrmDN + "FreeBusy"

@Summary = "NC: " + $AlrmDN + ": NODE: " + $NodeName + " CPU Utilization back to normal"

@Severity = "2"

@AlertClass = $COMPONENTFAILURE

@EventType = $CPUFAILURE

@Rise = $ENDEVENT

case "3007":

# NC_alarm2

details($VarBind1)

@AlertKey = $AlrmDN + $NodeName

@AlertGroup = $AlrmDN + "FreeBusy"

@Summary = "NC: " + $AlrmDN + ": NODE: " + $NodeName + " CPU Utilization
>= 75% <= 90%"

@Severity = "3"

@AlertClass = $COMPONENTFAILURE

@EventType = $CPUFAILURE

@Rise = $STARTEVENT

case "100000":

# NC_alarm3

@AlertKey = $AlrmDN + $NodeName

@AlertGroup = $AlrmDN + "UpDown"

@Summary = "NC: " + $AlrmDN + ": NODE: " + $NodeName + " unreachable."

@Severity = 4

@AlertClass = $NODEFAILURE

@EventType = $NODEDOWN

@Rise = $STARTEVENT

case "100001":

# NC_alarm4

@AlertKey = $AlrmDN + $NodeName

@AlertGroup = $AlrmDN + "UpDown"

@Summary = "NC: " + $AlrmDN + ": NODE: " + $NodeName + " unreachable.
Problem with network path to node."

@Severity = 4

@AlertClass = $NODEFAILURE

@EventType = $NODEDOWN

@Rise = $STARTEVENT

case "100003":

# NC_alarm5

@AlertKey = $AlrmDN + $NodeName

@AlertGroup = $AlrmDN + "UpDown"

@Summary = "NC: " + $AlrmDN + ": NODE: " + $NodeName + " Down."

@Severity = 5

@AlertClass = $NODEFAILURE

@EventType = $NODEDOWN

@Rise = $STARTEVENT

case "100004":

# NC_alarm6

@AlertKey = $AlrmDN + $NodeName + $INTERFACE

@AlertGroup = $AlrmDN

@Summary = "NC: " + $AlrmDN + ": High Error Rate (>5%) on NODE: " +
$NodeName + " interface " + $INTERFACE + "."

@Severity = 4

@AlertClass = $PERFORMANCE

@EventType = $LINKERROR

@Rise = $STARTEVENT

case "100008":

# NC_alarm7

details($VarBind1)

@AlertKey = $AlrmDN + $NodeName + $INTERFACE

@AlertGroup = $AlrmDN + "UpDown"

$LookupKey = $NodeName + $INTERFACE

$SpecialInfo = lookup ($LookupKey, interfaces)

if(match($SpecialInfo,"NoMatch")) {

$Exclamation = ""

$SpecialInfo = ""

@Severity = 4

} else {

$Exclamation = "Hot!! "

@Severity = 5

}

@Summary = $Exclamation + "NC: " + $AlrmDN + ": Node " + $NodeName +
" Interface: " + $INTERFACE + " is Down " + $SpecialInfo

@Interface = $INTERFACE

@AlertClass = $LINKFAILURE

@EventType = $LINKDOWN

@Rise = $STARTEVENT

case "100011":

# NC_alarm8

details($VarBind1)

@AlertKey = $AlrmDN + $NodeName + $INTERFACE

@AlertGroup = $AlrmDN + "UpDown"

$LookupKey = $NodeName + $INTERFACE

$SpecialInfo = lookup ($LookupKey, interfaces)

if(match($SpecialInfo,"NoMatch")) {

$Exclamation = ""

$SpecialInfo = ""

@Severity = 4

} else {

$Exclamation = "Hot!! "

@Severity = 5

}

@Summary = $Exclamation + "NC: " + $AlrmDN + ": Node " + $NodeName +
"Interface: " + $INTERFACE + " is Flapping " + $SpecialInfo

@Interface = $INTERFACE

@AlertClass = $LINKFAILURE

@EventType = $LINKDOWN

@Rise = $STARTEVENT

case "100016":

# NC_alarm9

@AlertKey = $AlrmDN + $NodeName + $INTERFACE

@AlertGroup = $AlrmDN + "UpDown"

@Summary = "NC: " + $AlrmDN + ": Node: " + $NodeName + " Session: " +
$INTERFACE + " is Up."

@Severity = 2

@AlertClass = $ROUTINGFAILURE

@EventType = $BGPFAILURE

@Rise = $ENDEVENT

case "100017":

# NC_alarm10

@AlertKey = $AlrmDN + $NodeName

@AlertGroup = $AlrmDN + "Reboot"

@Summary = "NC: " + $AlrmDN + ": NODE: " + $NodeName + " has rebooted."

@Severity = 3

@AlertClass = $NODEFAILURE

@EventType = $NODEDOWN

@Rise = $STARTEVENT

case "100063":

# NC_alarm11

details($*)

@AlertKey = $AlrmDN + $NodeName

@AlertGroup = $AlrmDN + "LowOK"

@Summary = "NC: " + $AlrmDN + ": NODE: " + $NodeName +
"Low Memory! Current " + $VarBind1

@Severity = 4

@AlertClass = $PERFORMANCE

@EventType = $MEMORYFAILURE

@Rise = $STARTEVENT

case "100064":

# NC_alarm12

details($*)

@AlertKey = $AlrmDN + $NodeName

@AlertGroup = $AlrmDN + "LowOK"

@Summary = "NC: " + $AlrmDN + ": NODE: " + $NodeName +
"Returned to normal memory utilization. Current memory = " + $VarBind1

@Severity = 2

@AlertClass = $PERFORMANCE

@EventType = $MEMORYFAILURE

@Rise = $ENDEVENT

default:

@Summary = "Unknown specific trap number (" + $MesgID + ") received for
enterprise " + $enterprise-name

@Severity = 1

# details ($TrapEID, $MesgID, $ServerID, $NodeName, $INTERFACE, $NPG,
$AlrmDN, $AlrmProp)

}

#######################################################################

#

# This is the end of the main rules section

#

#######################################################################

#

# The identifier is built here to take into account the AlertKey

#

@Identifier = $ServerID+":"+$NodeName+":"+$MesgID+":"+@AlertKey+":"+@Rise

@Initial_Severity = @Severity

default:

}

# details($*)

}

Sample Rules File NerveCenterTM 3.8: Node Classification
29 July 2003