FIDO: Impact, Time of Day, Hold Down attributes

Alarms will be present in the FIDO database, but may be presented to the user in a different manner. Optionally, alarms can be auto commented and correlated based on normal FIDO operation [such as topology or comment correlation].

Alarms are matched in many ways, either by the fully qualified alarm name, IP subnet, or alarm attribute. valid operators are 'defined', 'equal' or 'match' [perl regexp].

You can determine the fully qualified alarm name this for an active alarm by examining the FIDO database, accessible via the web or CLI, or for an old alarm by examining the CLI fido_events log. Here is an example of how you find the fully qualified alarm name from the fido_events.log file. The key/value pair of importance is the 'UnmodifiedItem' key/value.

Jan 14 10:35:03 nibbler fido.pl[15107]: {"_log_line":{"parent":"20140114.409","length":19,"unmodified_item":"s-ex4200-lab-24f.wiscnet.net jnxOperatingState Fan 1-jnxOperatingState","item":"s-ex4200-lab-24f.wiscnet.net jnxOperatingState Fan 1","action":"Add","_alarm_data":{"info":null,"failures":1,"test":"jnxOperatingState","event_id":"20140114.410","time":1389717284,"status":"OK","file":"snmp","device":"s-ex4200-lab-24f.wiscnet.net","state":"runningAtFullSpeed","iso":4,"snmp_instance":"4.1.1.1","updated":1,"needed_failures":"1","start":1389717284,"start_text":"2014/01/14 10:34:44"},"event":"20140114.410"}}

A <valid> tag can be used to describe when the exception should be considered invalid. As of 2014/01/17, only 'start' and 'end' are valid tags and are in reference to time.
<match> and <key_match> can have multiple values. An n^2 like search is used to find a match and the evaluation is treated as an OR
All subrules under <matches> must match [treated as an AND]

Here is an example stanza for time of day ignoring

[m7h@nibbler config]$ cat fido_time_of_day.config
<items>
     <"device=r-m10i-lab.wiscnet.net_object=Routing-Engine-0_jnxOperatingCPU.rrd-juniper_cpu">
        time = 12am-1:15am
        reason = netflow route table infrac-691880
        comment = $reason
     </"device=r-m10i-lab.wiscnet.net_object=Routing-Engine-0_jnxOperatingCPU.rrd-juniper_cpu">
</items>

<attributes>

   #<90>
   # <matches>
   #     <10>
   #        match = r-asr901-lab
   #        key_match = info
   #     </10>
   # </matches>
   # time = 2pm-11:15pm
   # reason = m7h test
   # comment = infrac-12345
   #</90>

   <100>
     <matches>
        <10>
           match = "r-m10i-lab.wiscnet.net jnxOperatingState Fan Tray 1"
           key_match = item
        </10>
     </matches>
     time = 12am-1:15am
     reason = netflow route table infrac-691880
     comment = $reason
   </100>
</attributes>

<ip>
   #<205.213.109.0/25>
   #         time = 01:00-22:59
   #         reason = test ip ignore lab alerts
   #</205.213.109.0/25>
</ip>

For time of day ignoring, you can list multiple time ranges, comma separated. The 'ParseDate' module is used.

Here is an example stanza for holddown. Holddown time is in minutes or absolute time. Absolute time takes priority over a minute based holddown.

[m7h@nibbler config]$ cat fido_holddown.config

<items>
   # <"device=r-m10i-lab.wiscnet.net_object=Routing-Engine-0_jnxOperatingCPU.rrd-juniper_cpu">
   #     time = 0000-2359
   #     reason = netflow route table infrac-691880
   # </"device=r-m10i-lab.wiscnet.net_object=Routing-Engine-0_jnxOperatingCPU.rrd-juniper_cpu">
</items>

<attributes>
   <100>
     <matches>
        <10>
        equal = jnxOperatingState
        key_match = test
        </10>
     </matches>
     time = 15
     reason = Juniper fan
     comment = $reason
   </100>
</attributes>

<ip>
   #<205.213.109.0/25>
   #         time = 15
   #         reason = test ip ignore lab alerts
   #</205.213.109.0/25>
</ip>

Here is an example stanza for impact. Impact values are:

1 = high priority
2 = normal priority
3 = low priority
4 = informational

The following config is unique. If a match has a valid '$1' value, that value would be used instead of the value in the 'value' key.

   <100>
     <matches>
        <10>
           match = "Descr:.+:(\d):"
           key_match = info
        </10>
     </matches>
     value = 1
     reason = impact port tag
   </100>

===/===

<ip>
   <140.189.1.0/24>
        value = 1
        reason = core loopback
   </140.189.1.0/24>

   # backbone point to points
   <140.189.8.0/21>
        value = 1
        reason = core point to point
   </140.189.8.0/21>

   <140.189.20.0/24>
        value = 1
        reason = core point to point
   </140.189.20.0/24>

   <2001:4e0::/52>
        value = 1
        reason = backbone management
   </2001:4e0::/52>
</ip>

<attributes>
   <80>
     <matches>
        <10>
           equal = 140.189.75.243
           key_match = device
        </10>
     </matches>
     value = 4
     reason = test impact4 alarms
     comment = $reason
   </80>

   <90>
     <matches>
        <10>
           match = pdu-uwstevenspoint-hub
           key_match = descr
        </10>
     </matches>
     value = 3
     reason = test impact3 alarms
   </90>

   <100>
     <matches>
        <10>
           match = "Descr:.+:(\d):"
           key_match = info
        </10>
     </matches>
     value = 1
     reason = impact port tag
   </100>

   <1000>
     <matches>
        <10>
           <match>
                .+-hub.wiscnet.net-snmp_node = 1
                .+-isp.wiscnet.net-snmp_node = 1
           </match>
           key_match = item
        </10>
     </matches>
     value = 1
     reason = hub node
   </1000>
</attributes>

Keywords:	FIDO: Impact, Time of Day, Hold Down attributes Suggest keywords	Doc ID:	38253
Owner:	Michael H.	Group:	Network Services
Created:	2014-03-08 16:16 CDT	Updated:	2016-03-14 08:48 CDT
Sites:	Network Services, Systems & Network Control Center, University of Wisconsin System Network
Feedback:	0 0 Comment Suggest a new document