DX NetOps

  • Private Community
 View Only

  • 1.  Raise alarm for specific IP address

    Posted Jul 15, 2018 09:10 AM

    Hi,

    I’m trying to modify an event that is in severity “NONE” by default to generate an alert only for a specific IP’s.

    I tried duplicating the event and change to “CRITICAL” and in the original event I tried to create “event condition” that raise the new event if the IP address is what I need. But no success.

    Anyone know how can I do the “event condition” the right way? Or maybe anyone have a new idea how to do that?

     

    Thank you



  • 2.  Re: Raise alarm for specific IP address

    Posted Jul 16, 2018 03:32 AM

    hey,

    what was the condition you used for your testing?



  • 3.  Re: Raise alarm for specific IP address

    Posted Jul 16, 2018 09:08 AM

    Hi Avi,

     

    In order for this to work we would need a varbind to work with to make it easier.

    You could create an advanced event procedure but CA Support could not write these for you.

     

    https://docops.ca.com/ca-spectrum/10-2-3/en/managing-network/event-configuration/how-to-use-procedures-in-event-processing

     

    If this particular alarm/event is generated by a trap that would be the easier way as you can then parse on that particular varbind.

    If you need more specific help, I suggest contacting CA Support directly via ticket.

     

    Thanks!
    Matt



  • 4.  Re: Raise alarm for specific IP address

    Posted Jul 16, 2018 10:48 AM

    Could you copy and paste the entry for that event from the $SPECROOT/custom/Events/EventDisp file?

     

    Joe



  • 5.  Re: Raise alarm for specific IP address
    Best Answer

    Posted Jul 16, 2018 04:05 PM

    I ran a test in my lab. I created one event that only generates an event. I created another event that generates an alarm. I added an Event Condition rule to the first event to check the value of the Network_Address attribute id 0x12d7f and if equal to a specfic value, generate the 2nd event that asserts an alarm. Here are my EventDisp configurations for the events:

     

    0xfff00133 E 0 R CA.EventCondition, "({a 0x12d7f} == {A 10.241.249.74})" , "0xfff00134 -:-"
    0xfff00134 E 0 A 3,0xfff00134

     

    Worked like a charm.

     

    Joe