To display a list of OpC masks and then display a particular mask's definition:
Designing and Managing Behavior Models
-
Using Other Data Sources - HP OpenView IT/Operations - Listing OpC Masks -
This section explains how to display a list of the OpC masks currently defined in the NerveCenter database. The section also explains how to view the definition of a particular OpCmask.
For information on creating a new OpC mask, see Defining an OpC Mask.
To display a list of OpC masks and then display a particular mask's definition:
Admin menu, choose OpC Mask List.The OpC Mask List window is displayed.
This window lists all OpC masks and provides a brief definition of each. For each OpC mask, the window specifies a name and the following information:
Open buttonNerveCenter displays the OpC Mask Definition window.
The mask defined in this figure is named SuFailure. It is looking for a message from IT/Operations concerning a "Bad su" condition. Note that the Object field is empty since the message's object is variable: the object is the user who unsuccessfully attempts to switch users.
This section outlines the procedure for creating an OpC mask.
Admin menu, choose OpC Mask List.NerveCenter displays the OpC Mask List window.
New button.The OpC Mask Definition window appears.
All of the window's input areas are enabled.
Application text field, enter the application that the message relates to, or leave this field blank.For example, if a message concerns an unsuccessful attempt to switch users, the associated application is su.
If you're not sure what to enter in the Application field, send the message you're interested in to IT/Operations, and look at it in the Message Details window. The value you use in your mask should correspond to the contents of the Application field in this window. (You can use the same technique to obtain the values for the Group, Type, Object, and Severity fields.)
Group text field, enter the message group to which a message belongs, or leave this field blank. Message groups are a mechanism used to classify messages. For example, the default message group Backup can be used to identify messages generated by applications that are used for backing up data or by devices that are part of a backup system. Operators are assigned groups of messages to deal with.
The default message groups are Backup, Database, ITO, OS, Output, Performance, Security, Job, Network, SNMP, and Misc.
Type text field, enter the message's message type, or leave this field blank.Message types, like message groups, are used to classify messages. However, whereas message groups are used to group messages that a single operator should work with, message types are used to label messages so that they can be easily identified by an event-correlation engine.
Object text field, enter the object that caused, detected, or was affected by the condition that the message describes, or leave this field blank.For example, an object can be an operator, an application, or a node.
Severity text field, enter the severity of the condition described in the IT/Operations message, or leave this field blank.The possible severities are Unknown, Normal, Warning, Minor, Major, and Critical.
OpC Simple Trigger -- your OpC mask can determine what trigger it wants to fire solely by reading a message's application, message-group, message-type, object, and severity fields. When the OpC mask sees a message that meets its requirements, it will fire a trigger with the name specified in the Simple Trigger field.
OpC Trigger Function -- your OpC mask must test the contents of one or more fields before determining which trigger to fire.
If you select the OpC Simple Trigger radio button, the Simple Trigger list box is enabled.
OpC Simple Trigger -- enter in the Simple Trigger text field the name of the trigger you want the OpC mask to fire if it finds a message that matches its requirements. You can either type in the name of a new trigger or choose a trigger from the list of existing triggers.
OpC Trigger Function -- select the OpC Trigger Function tab, and enter a trigger function on the OpC Trigger Function page.
This trigger function is a Perl subroutine that you can use to check the information in the message and to fire appropriate triggers. For complete information on writing trigger functions, see the section Writing an OpC Trigger Function.
Save button at the bottom of the OpC Mask Definition window to save your mask.If an OpC mask cannot completely describe the type of message it is looking for by specifying the contents of the message's Application, Group, Type, Object, and Severity fields, it must contain a trigger function. This function, which you write using Perl 5, can include additional conditions that the message must meet, and it can fire different triggers as appropriate.
Most OpC trigger functions are very similar in structure. They follow this pattern:
if (condition1) {
FireTrigger(arguments);
}
elsif (condition2) {
FireTrigger(arguments);
}
else {
FireTrigger(arguments);
}
The conditions can test the value of any the following message attributes:
For example, suppose that you want to create an OpC mask that detects IT/O messages concerning unsuccessful attempts to switch users to root. This mask would require a trigger function that checked a message's message text for the string "Bad switch user to root." (For details on how to implement this trigger function, see the section Examples of OpC Trigger Functions.)
To assist you in writing OpC trigger functions, NerveCenter provides:
For further information about these predefined functions and variables and the pop-up help menu, see the following sections:
NerveCenter provides a number of functions (actually Perl subroutines) that facilitate the writing of OpC trigger functions. The list below indicates what types of functions are available and where you can find detailed information about each function:
For reference information about these functions, see the section String-Matching Functions on page 159.
For reference information about this function, see the section FireTrigger() Function on page 156.
NerveCenter defines several variables for use in OpC trigger functions. These variables contain the values of fields in the IT/O message that NerveCenter is examining.
The complete list of variables that you can use in an OpC trigger function is shown in Variables Used in OpC Trigger Functions:
Variables Used in OpC Trigger Functions
| Variable | Description |
|---|---|
Contains the value of the message's node field. The node referred to in this field is the one on which the condition being reported occurred. | |
To see how these variables might be used in context, see the section Examples of OpC Trigger Functions.
This section presents a couple of example OpC trigger functions and explains what the functions do.
Here's a simple example. Suppose that you're monitoring Sun workstations for disk usage and that you want to fire one trigger if a file server's disk usage crosses a certain threshold and another trigger if the disk usage at a user's workstation crosses that threshold. The first trigger will cause an alarm to transition to a state of Major severity, and the second will cause a transition to a state of minor severity.
The trigger function might look like this.
if ($OpCNodeName eq "FileServer1" or
$OpCNodeName eq "FileServer2" ...) {
FireTrigger("lowDiskServer", $DefaultSubobject);
}
else {
FireTrigger("lowDiskNonserver", $DefaultSubobject);
}
Note the second argument to FireTrigger(), the subobject argument. In the context of an IT/O message, a subobject of the form baseObject.instance makes no sense, so by default NerveCenter uses a subobject of the form $OpCGroup.$OpCObject. This definition of a subobject enables you to create subobject-scope alarms that are driven by triggers fired from OpC masks.
The following trigger function looks for unsuccessful attempts to su (switch users) to root by users who don't have permission to become root:
if ((ContainsWord($OpCMessage, "Bad switch user to root")) and
($OpCObject ne "authorizedUser1") and
($OpCObject ne "authorizedUser2") ...) {
FireTrigger("badSuToRoot");
}
The call to ContainsWord() determines whether the message's message text contains the string "Bad switch user to root," and the expressions containing the variable $OpCOjbect determine whether the user who attempted the su is authorized to become root. (In this type of message, the object field contains the name of the user who issued the su command.)
This section explains how to add documentation (notes) to an OpC mask and what should be covered in that documentation.
You can add notes to an OpC mask by following the procedure outlined in this subsection.
Admin menu, choose OpC Mask List.The OpC Mask List window is displayed.
Open button.The OpC Mask Definition window appears.
Notes button.The OpC Mask Notes and Associations dialog is displayed.
OK button at the bottom of the OpC Mask Notes and Associations dialog.The OpC Mask Notes and Associations dialog is dismissed.
Save button in the OpC Mask Definition window.Your notes are saved to the NerveCenter database. They can now be read by anyone who opens the definition for your alarm and selects the Notes button.
We recommend that you include the following information in the notes for an OpC mask:
For an OpC mask to become functional, two conditions must be met:
This section explains how to enable an OpC mask.
Admin menu, choose OpC Mask List.The OpC Mask List window is displayed.
The Open button becomes enabled.
Open button.The OpC Mask Definition window is displayed and shows the definition of the OpC mask you selected.
On radio button.
Save button.On from the popup menu.| HP OpenView IT/Operations | Using Alarms |
| 29 July 2003 |