Event Processing Rules

This portlet manages Open Manage Network Manager’s response to events. By default it appears with seeded rules, but you can create your own (New), copy or modify (Copy or Open) or delete (Delete) existing rules by right-clicking in the portlet. You can also Import and Export rules to files.

The Rule Type column indicates whether rules are Pre-Processing (Correlation) or Post-Processing (Automation).

In this version, you can make a pre-processing Event Processing Rule that sets an event as service-affecting. These rules override the default service affecting field, which would otherwise be entirely determined by the notification type.

Icons in the Enabled and System columns indicate whether the rule is enabled--green is enabled, red is not--and whether it is a System rule, or a non-system (user-created) rule.

Modifying or creating rules opens Rule Editor. See How to: Create Event Processing Rules for steps to create these rules.

When you Copy an event processing rule, Open Manage Network Manager generates a new name, but you must change that name before you save the event processing rule.

Expanded Event Processing Rules Portlet

The expanded portlet displays additional columns. Details about selected rules appear in the snap-in panels at the bottom of this screen.

The Reference Tree panel displays the selected rule’s connection to events. The Rule Actions list any configured actions associated with the rule. The Event Filter Summary summarizes any configured filter(s) for the selected rule.

Create Event Processing Rules

To create a rule in this portlet, follow these steps:

1. Right-click and select New, then select a rule type. These can be Pre-Processing (correlation) or Post-Processing (automation) rules.

If Pre-Processing is your selection, Device Access, Frequency Throttle, Reject Event, Set Severity, Set Service Affecting (overrides event’s settings), State Flutter, Suppress Alarm, and Syslog are the types available. See Filtering / Settings, Syslog Escalation Criteria, and Actions for more about the differences available between rule types.

2. For this example, we select Pre-Processing > Device Access. The Rule Editor screen appears. Enter a Name to identify the rule, an optional Description, and check Enabled if you want this rule to begin working immediately.

3. Click Next to open the Filtering / Settings tab.

Specify Event Filtering

In this panel select the Event Definition. Click pick list to find available events. Typing a letter goes to that letter in the list. You can then click to select from the pick list.

Click Add Filter to further filter the selected events. See Filter Expanded Portlet Displays for more about this feature.

Specify Settings for: [Selected Rule Type]

This panel’s appearance depends on the type of rule you selected when you clicked New. When you are editing an existing rule, it defaults to that rule’s screen. For more about the available alternatives, see Filtering / Settings.

4. The Device Access example creates a specific device access event for user login, logout, login failure or configuration change. Select the Access Type (Config Change, Login Failure, User Login, User Logout) from the pick list for that field.

5. Enter the User Name Variable and/or User Name RegEx match string in those fields. This confines rule response to the selected users.

6. Check Suppress Correlated events if you do not want to see events correlated with this one.

7. Click Save to preserve the event processing rule.