DX NetOps

I am using Spectrum OneClick and would like to have the ability to lessen the severity of alerts based on model name.

For example if I get a "Cold Start Trap has been recieved" alert, I would like that to be Critical for certain servers, but only minor or major for other servers. Is this possible?

There are a couple of ways you can approach this.  From within Spectrum, you can do it with custom Event Configuration settings and chained Events.  Basically, you'd take the original Event you want to deal with, and set it to not generate an alarm.  Then, you'd add Event Rules to the event, and use the Event Rules to generate new Events that could potentially be alarms, depending on the name of the device.

Basically:

• "thing" happens (trap, poll, device unreachable, etc.)
  • "thing" is mapped to Event 001
  • Event 001 has Event Rules defined for it
    • Event Condition 1: If name matches "foo"
      • Generate Event 002
        • Event 002 is set as a Minor Alarm
    • Event Condition 2: if name matches "bar"
      • Generate Event 003
        • Event 003 is set as a Critical Alarm

We use this for a number of cases.  However, in some cases the Events become awkward, or we need to do things that can't be done with EVents.  And, sometimes we still want the alarms handled the same in Spectrum, we just don't want people paged the same, or tickets created the same.  To get around that, we replace the stock SetScript, UpdateScript, and ClearScript with a custom Perl script that does a bunch of normalization and filtering on the Spectrum alarms.  The script then passes the "important" alarms on to our ticketing system.  This gives us more flexibility to filter out the "noise", while still being able to view it as informational in Spectrum.

Thank you, that’s what I’m looking for. I’m working on setting up the conditions, but the issue I’m running into, is I’m not sure what the attributes are called. For example, I want to create a condition if name matches part of the server name, for example “brn0” so all servers that begin with that name will be covered, and servers that begin with “gen0” will fall under another condition.

I’ve tried using the event variable type of Attribute ID, and the value of Name, and sysName, and do a string compare with the value of “brn0” but this doesn’t seem to be correct as it generates nothing when I test.

How can I find out the syntax, or what variable type to use?

Regards,

Paul Arbogast

You can use attribute model_name (ID: 0x1006e). You have to use the attribute ID in the event rules. I used this attribute ID for something similar and it worked!

~Ankur

Are these attribute ID’s documented somewhere?

Currently what I have

Is  Attribute ID  Value “0x1006e”

Operator “String Compare”

Event Variable Type “String” value “brn0”

Now I’m testing against part of the server name, for example I’m looking for everything that begins with brn0

I’m still not getting the new event to generate though.

Regards,

Paul Arbogast

Paul,

For Operator, use "Regular Expression" instead of "String Compare." Let me know if it works.

~Ankur

I tried regexp, but to no avail

What it looks like is

If event 0x10306 occurs,

If (regexp({v m}{s brn0})) evaluates to TRUE, then generate 0x103060

Now brn0 is just part of the model name, I want to use this to include all servers that start with brn0, however I did try using the complete name, but host name and FQDN, nether generated the new alert.

Regards,

Paul Arbogast

See the attached screenshot. Here, the device name has "CIW" in the beginning and when it is true, another custom event (0x6590351) is generated.

Hope this helps.

~Ankur

That worked perfectly, I was trying all sorts of combos, thank you for your help.

Regards,

Paul Arbogast

Another question though, where can I find a list of the Attribute ID’s and what they equal to?

Regards,

Paul Arbogast

Paul,

I am glad that I was able to help.

For your other question, click on any device model -> go to "component details" pane -> click "attributes" tab. You would see all the attributes and their IDs supported by a specific model type. You can search for attributes in the search box and then double-click on them to see their values on the right side. Keep in mind not all attributes are supported by all model types. Some of them do like model_name, network_address, etc. while others are specific to a particular model type.

~Ankur

Perfect, thank you again.

Regards,

Paul Arbogast

Basically it is the Event condition rule which you need to play with.

Yes, of course it is possible editing the eventdip with differents event conditions rules, using similar to if of case sentence.