Hi Mark,
I use inline actions and actions quite a bit to do things like this.
All the variables you mention, except for severity, are available in the
environment set up in an action or inline-action.
Severity is available if you grep it out of trapd.conf. Here is a
little shell routine to do that:
LINE=$(grep -w "{${NVE%.*}} $NVG $NVS" /usr/OV/conf/C/trapd.conf)
if [[ -n "$LINE" ]]
then
set $LINE
SEVERITY=$6
else
SEVERITY=1 # Unknown
fi
James Shanks posted a nice piece about rulesets and such, and it has a
lot of extremely useful information about performance for rulesets.
Mark van Kerkwyk wrote:
>
> I am wondering how many of you use the RuleSet editor much or whether you
> just create an inline action which calls a perl/shell/C script to handle
> the incoming events.
> I am finding it hard to get what I need done, just simple things like ( if
> Enterprise OID =Lotus or Cisco or Netfinity and Severity is > 2 then page
> this group of people, if Enterprise OID = ArcServe then page this person)
> become quite cumbersome and the rule set edit fills up very quickly with
> the very large icons, they are also not labelled with anything too
> meaningful and my customer doesn't like it too much.
> I can't seem to page a group of people anyway and the nvsec_admin on
> Solaris can't be used to administrer user/group names much.
>
> Any comments ?
>
> Mark
--
Ray Schafer | schafer@tkg.com
The Kernel Group | Network Computing Consulting
|