FIDO: generic alarm matching criteria and examples

FIDO has several attributes, including 'impact' and 'help files', 'time of day', 'holddown' and 'group_correlation' that use the same alarm matching criteria.

Alarms are processed in the following order:

items {exact matches}
pre_attributes: {override for CIDR based matching}
ip: {CIDR based matching}
attributes: {generic criteria}

Exact matches

items:

device=r-m10i-lab.wiscnet.net_object=Routing-Engine-0_jnxOperatingCPU.rrd-juniper_cpu:

value: $value

IP based matching, IPv4 and IPv6

ip:

144.92.233.224/27:

fido_help_files:

value: MadIX

fido_impact:

reason: madIX peering

value: '4'

Alarm attribute based matching

Rules are processed in numerical order. Each rule can have submatches (<matches> tag). The <matches> rules form a logical AND.

Under each 'matches:' rule, there can be either a 'defined', 'equal', -OR- one or more 'match' values. 'match' values are perl regular expressions that are quoted [($possible_match =~ m/\Q$_\E/i);] If you set the 'match_re = true' keyword [see BAN example below] special characters will be preserved for the regexp match [($possible_match =~ m/$_/i);]

There can also be one more more FIDO alarm 'key_match' values. These rules form a mesh logical OR. So, for example, in the below rule 10 match 10, only device, descr or info needs to match s-vahosp-101-1-access to be accepted by the rule.

---

attributes:

#time: 2pm-4pm,6pm-8pm

#valid:

# start: 2018/12/10 3pm

# end: 2018/12/12 3pm

'1000':

fido_help_files:

value: BanVAHospital

matches:

'10':

key_match:

___infohash___Descr: ''

descr: ''

device: ''

match: s-vahosp-101-1-access

'1040':

fido_help_files:

value: BAN Support Process

matches:

'10':

key_match:

___infohash___Descr: ''

descr: ''

device: ''

match: ^fa-.*-ban

match_re: 'true'

See Also: