FIDO: generic alarm matching criteria and examples

FIDO: generic alarm matching criteria and examples

FIDO has several attributes, including 'impact' and 'help files', 'time of day', 'holddown' and 'group_correlation' that use the same alarm matching criteria.

Alarms are processed in the following order:

<items> {exact matches}
<pre_attributes> {override for CIDR based matching}
<ip> {CIDR based matching}
<attributes>


Exact matches

<items>
      <"device=r-m10i-lab.wiscnet.net_object=Routing-Engine-0_jnxOperatingCPU.rrd-juniper_cpu">
          value = $value
    </"device=r-m10i-lab.wiscnet.net_object=Routing-Engine-0_jnxOperatingCPU.rrd-juniper_cpu">
</items>

IP based matching, IPv4 and IPv6

<ip>
   <206.223.119.0/24>
        value = 3
        reason = Minor BGP peer
   </206.223.119.0/24>
</ip>

Alarm attribute based matching

Rules are processed in numerical order.  Each rule can have submatches (<matches> tag).  The <matches> rules form a logical AND. 

Under each <matches> rule, there can be either a 'defined' tag, 'equal' tag -OR- one or more 'match' values.  'match' values are perl regular expressions.  There can also be one more more FIDO alarm 'key_match' values.  These rules form a mesh logical OR.  So, for example, in the below rule 10 match 10, only device, descr or info needs to match s-vahosp-101-1-access to be accepted by the rule.


<attributes>
   <10>
     <matches>
        <10>
           match = s-vahosp-101-1-access
           <key_match>
                device =
                descr =
                info =
           </key_match>
        </10>
     </matches>
     value = BanVAHospital
   </10>

   <20>
     <matches>
        <10>
           match = s-565sd-132-1-access
           <key_match>
                device =
                descr =
                info =
           </key_match>
        </10>
     </matches>
     value = iriSaDevice
   </20>

   <30>
     <matches>
        <10>
           match = -0-\w{2,}
           <key_match>
                device =
                descr =
                info =
           </key_match>
        </10>
     </matches>
     value = Temporary Gear
   </30>

   <40>
     <matches>
        <10>
           match = ^fa-.*-ban
           <key_match>
                device =
                descr =
                info =
           </key_match>
        </10>
     </matches>
     value = BAN Support Process
   </40>

   <50>
     <matches>
        <10>
           match = mufn.org
           <key_match>
                device =
                descr =
                info =
           </key_match>
        </10>
     </matches>
     value = MUFN
   </50>
</attributes>


See Also:




Keywords:FIDO: generic alarm matching criteria and examples   Doc ID:37246
Owner:Michael H.Group:Network Services
Created:2014-02-03 11:48 CDTUpdated:2014-07-08 15:10 CDT
Sites:Network Services, Systems & Network Control Center, University of Wisconsin System Network, WiscNet
Feedback:  0   0