ALCON,
I have been trying to meet some criteria for about a week now and I
cannot seem to nail it. I am trying to meet the following requirements for
matching a Juniper Netscreen trap for cpu utilization. However, I cannot
get it just right. Any help would be greatly appreciated.
Problem:
trap from Juniper comes in every minute when over cpu threshold
Solution I am trying to accomplish:
1) push event to the event browser after 3 traps in 5 minutes
2) re-alarm after 30 minutes
3) clear alarm after 10 minutes with no traps
What I have works unless the CPU% changes and I cannot figure out how to
get around matching that part of the trap.
Example traps:
1364222455 3 Mon Mar 25 14:40:55 2013 outervp01 ? [2]
private.enterprises.3224.2.3.0 (OctetString): 2013-03-25 14:41:41
[Root]system-critical-00030: SYSTEM CPU utilization is high (78 > alarm
threshold:65) 1 times in 1 minute
1364222455 3 Mon Mar 25 14:40:55 2013 outervp01 ? [2]
private.enterprises.3224.2.3.0 (OctetString): 2013-03-25 14:41:41
[Root]system-critical-00030: SYSTEM CPU utilization is high (76 > alarm
threshold:65) 1 times in 1 minute
Ruleset:
# match only when you receive 15 traps from the source VPN
type=SingleWithThreshold ptype=RegExp continue=TakeNext
pattern=(\w{8}vp\w+)\s+.*3224.2.3.0.*system-critical-00030.+CPU utilization
is high desc= $5 high CPU alarm action=shellcmd /usr/OV/bin/event -e
NDWN_EV -h $5 -d "TEST EVENT: 2 $5 system-critical-00030: SYSTEM CPU
utilization is high."
window=930
thresh=15
type=SingleWith2Thresholds
ptype=RegExp
pattern=(\w{8}vp\w+)\s+.*3224.2.3.0.*system-critical-00030.+CPU utilization
is high desc=$0 action=shellcmd /usr/OV/bin/event -e NDWN_EV -h $5 -d "TEST
EVENT: 2 $5 system-critical-00030: SYSTEM CPU utilization is high."
window=330
thresh=3
desc2=$0
action2=shellcmd /usr/OV/bin/event -e NUP_EV -h $5 -d "TEST EVENT: 2 $5
has sent 0 SYSTEM CPU utilization traps in the last 10 minutes. Validate
the CPU is below the threshold."
window2=600
thresh2=10
------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
