Users Guide

ManualsBrandsDell ManualsComputer equipmentOpenManage Network Manager

301

302

303

304

305

306

307

308

309

310

Automation and Event Processing Rules | Alarms, Events, and Automation

OMNM 6.5.3 User Guide 307

severity of Critical then the resulting event will also be Critical. But if you select a specific

severity from this drop down, such as Minor, then this the events will be assigned this severity

regardless of what severity is found within the original message.

Message Pattern

—- An optional regular expression for the text to retrieve and transmit in the

created event's variable bindings (varbinds). Syslog escalation uses the retrieved value(s)

entered in the template fields to populate the associated varbinds.

Category

Template

—A directive for how to populate the syslog category varbind value. This is a

template field, which means that you can either enter static text (like

Category1

) or a

template containing variables (like

Category%1

). This populates the

syslogCategory

varbind with the appropriate text, for example:

Category-LOGIN

. See

Template Fields

below for more about this type of field.

NOTE:

When you dynamically populate the syslog category, you can more easily base extended event

definitions (EEDs) on the

syslogNotification

definition. For example you could change the base

event definition to allow EEDs on the syslog category varbind. See Using Extended Event Definitions on

page 341 for more about EEDs.

Message Template

— A directive for how to populate the syslog text varbind value. This is a

template field, which means that you can either enter static text (like

syslog message

received

) or a template containing variables (like

%1 occurred on %3 for %2

). See

the next topic for more information about

Template Fields

Suppress Alarm

— Indicates whether or not to suppress the alarm for the resulting event. If you

only want events to be created in the Event History but you do not want alarms to also be

created, then check this box.

Template Fields

Template fields are associated with specific varbinds. When a syslog message matches an escalation

filter, OpenManage Network Manager creates an event and populates its varbinds using the

respective templates and the

Message Pattern

Templates have numbered variables—

, and so on. OpenManage Network Manager resolves

such variables with substrings extracted from the original message text. This means it inserts the

first pattern retrieved in place of

, inserts the second pattern retrieved for

, and so on. For

example: the

Message Template

field contains

%1 occurred on %3 due to %2

, the

Message

Pattern

contains the regular expression

(.*): (.*). IP: (.*)

and a syslog message arrives

that matches the

Syslog Match Text

with the contents:

Error: out of memory. IP:

192.168.0.1

then the message text varbind on the resulting event resolves to

Error

occurred on 192.168.0.1 due to out of memory

. This works on other template fields

too, like Category.

OpenManage Network Manager's syslogNotification event also includes a varbind containing the

original syslog message. This can be useful if you want the syslogText varbind to be the product of

processing but you also want to see the original message.