Terminate alarms when using multiple events in one event processing rule

Started by Geert, September 04, 2007, 06:24:00 PM

Previous topic - Next topic

Geert

I'm trying to setup handling of SNMP traps that result from hardware failures on HP Proliant servers. I would like to group all critical traps (about 50) in one event processing rule because they all require the same action (sendig e-mail and SMS). This rule could for example contain following events:

  • SNMP HP Power supply failed
  • SNMP HP NIC connectivity lost
  • SNMP HP fan failed

Now I wan't to create a rule that automatically terminates these events. According to the example above this rule could contain these events:

  • SNMP HP Power supply OK
  • SNMP HP NIC connectivity restored
  • SNMP HP fan OK

Offcourse I wan't a termination event to terminate the corresponding alarm. The 'SNMP HP Power supply OK' should only terminate the alarm raised by the 'SNMP HP Power supply failed' event, and not clear other alarms that exist for this node.

How can I accomplish this? I don't see how to define an suitable 'Alarm key'. (The failure and termination traps have different SNMP OIDs).

If this is not possible now it would be nice if one could define a custom parameter on a SNMP trap configuration. For example set a parameter with the value 'PowerFailed' on the traps 'SNMP HP Power supply failed' and 'SNMP HP Power supply OK'. This way you could use it to build an 'Alarm key' that links both events.

Regards,

Geert

Victor Kirhenshtein

Hello!

Looks like you have very different traps, so it's not possible to define such alarm key. However, I think that this requirement is quite common, so I will add additional field to events called "user tag" which will be possible to set in trap configuration to any user-defined value and access it in event processing policy via additional macro. Wait for 0.2.19 release!

Best regards,
Victor

Geert

Thanks for yor reply Victor. I'll check out the new release.

Regards,

Geert

Geert

Hello Victor,

I found the new 'Tag'-field in the SNMP trap configuration, thanks for that. Which macro should I use in the Alarm key to access this Tag-field? I tried %t but this stands for a time stamp.

Regards,

Geert

Victor Kirhenshtein

Hello!

You should use %u macro - sorry, forgot to update documentation.

Best regards,
Victor

Geert

Thanks, it's working fine an it proves to be very usefull. Defening event processing rules has become much easier now.

Geert