Hello Everyone,
Nothing relevant has turned up in a search of the archives, so I was hoping
I could tap the collective knowledge. My dilemma is that I'd like to be
able to email out a friendly name for a port if one should exist.
Rather than writing a x number of rules for x number of ports with a
friendly name, (Port 1 belongs to EXCHANGE, port 2 belongs to
DOMAINCONTROLLER, port 3 belongs to DNSSERVER, etc), I was wondering if
there is a way to reference a map (by an external file or written within the
rule itself).
My admins don't know what Ethernet4/38 maps to, and they shouldn't be
expected to memorize it. So currently I have to write the following rule:
# IMPORTANT SERVER 1
type=Single
ptype=RegExp
pattern=\w+\s+\d+\s\d+:\d+:\d+\s(switch).*LINK-3-UPDOWN.*Interface
(GigabitEthernet4\/38), changed state to down
desc=(MAJOR) $1 interface $2 DOWN!
action=pipe '%s' /bin/mail -s '[ERROR] IMPORTANT SERVER 1 LINK_DOWN!'
n...@domain.net; \
shellcmd /usr/bin/php /home/scripts/announce.php "IMPORTANT SERVER
1 Link DOWN" "%s" 9
type=PairWithWindow
ptype=RegExp
pattern=\w+\s+\d+\s\d+:\d+:\d+\s(switch).*LINK-3-UPDOWN.*Interface
(GigabitEthernet4\/38), changed state to down
desc=(MAJOR) $1 interface $2 DOWN and not up for 30 seconds!
action=pipe '%s' /bin/mail -s '[ERROR] IMPORTANT SERVER 1 LINK_DOWN for 30
seconds!' n...@domain.net; \
shellcmd /usr/bin/php /home/scripts/announce.php "IMPORTANT SERVER
1 Link DOWN after 30 seconds" "%s" 9
ptype2=RegExp
pattern2=\w+\s+\d+\s\d+:\d+:\d+\s($1).*LINK-3-UPDOWN.*Interface ($2),
changed state to up
desc2=(MINOR) %1 interface %2 BOUNCE within 30 seconds.
action2=pipe '%s' /bin/mail -s '[WARNING] IMPORTANT SERVER 1 Link Bounce'
n...@domain.net; \
shellcmd /usr/bin/php /home/scripts/announce.php "IMPORTANT SERVER
1 Link Bounce" "%s" 9
window=30
Multiply that over each port needed, and I am swamped in rules. Is it
possible to utilize a mapping function so I have to write that rule once,
but I can map interfaces with friendly names?
GigabitEthernet4/38, IMPORTANT SERVER 1
GigabitEthernet4/39, IMPORTANT SERVER 2
GigabitEthernet4/40, IMPORTANT SERVER 3
Thank you kindly,
--
Justin J. Novack
Official Disturber of the Peace
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
