Common-exclusion-conditions extended definition file
- Organization of this page
Format
DESC_VERSION=file-version # comment-line def conditions-group-name [cmt comment] id conditions-group-ID [valid {true | false}] [ex-target Exclusion target] [date start-date-end-date] [rtime start-time-end-time] [week day-of-week] cnd event-condition end-cnd end-def def conditions-group-name-2 ... end-def :
File
Use any file.
Storage directory
- In Windows
-
Any folder
- In UNIX
-
Any directory
Description
This file defines the event conditions or the applicable period of the extended-mode common exclusion-conditions.
Use the language encoding that is used by JP1/IM - Manager to specify this file.
In the following cases, the backup file for the common-exclusion-conditions extended definition file is output as common_exclude_filter_backup.conf.
-
An error is still found in a regular expression after the operation mode of common exclusion-conditions is switched from the basic mode to the extended mode by the jcochcefmode command.
-
When the operation mode is changed from the extended mode to the basic mode.
For details about the jcochcefmode command and the backup file for the common-exclusion-conditions extended definition file, see jcochcefmode in Chapter 1. Commands.
Note that if the event acquisition filter (for compatibility) is used, common exclusion-conditions cannot be used. If the event acquisition filter (for compatibility) is used, use the jcochafmode command to switch to event acquisition filters. For details about the jcochafmode command, see jcochafmode (UNIX only) in Chapter 1. Commands.
The maximum size of the common-exclusion-conditions extended definition file is 15 megabytes in Shift JIS code.
Note that the maximum size is the total of the common-exclusion-conditions extended definition file and the additional common exclusion conditions. Therefore, if you write definitions so that the common-exclusion-conditions extended definition file is 15 megabytes in JIS code, you cannot add the additional common exclusion definition conditions.
When the definitions are applied
The definitions take effect when the -ef option of the jcochfilter command is specified. For details about the jcochfilter command, see jcochfilter in Chapter 1. Commands.
Information that is specified
- DESC_VERSION=file-version
-
Indicates the version of the extended definition file for the common exclusion-conditions. 1 or 2 can be specified. If this parameter is omitted, 1 is assumed.
- # comment-line
-
A line beginning with a hash mark (#) is treated as a comment.
- def to end-def (definition block)
-
These are the start and end parameters of the definition for the extended-mode common exclusion-conditions. The block from def to end-def can be omitted. After def, specify the name of the extended-mode common exclusion-conditions group. If you specify "defΔconditions-group-name-1Δconditions-group-name-2Δ", "Δconditions-group-name-1Δconditions-group-name-2Δ" will be the definition name (Δ indicates a space).
Specify conditions-group-name so that it is unique within the common-exclusion-conditions extended definition file. You can specify a character string of 1 to 50 bytes in Shift JIS. The characters you can specify are characters other than control characters (0x00 to 0x1F, 0x7F to 0x9F).
A maximum of 2,500 definition blocks can be written.
Note that the maximum number is the total of the number of definition blocks written in the common-exclusion-conditions extended definition file and the number of additional common exclusion condition groups. Therefore, if you write 2,500 definition blocks in the common-exclusion-conditions extended definition file, you cannot create an additional common exclusion condition group.
- cmt comment
-
Provides an explanation of the extended-mode common exclusion-conditions. This parameter can be omitted. Specify a character string of 1 to 1,024 bytes in Shift JIS code for the comment. Specifiable characters are other than control characters (0x00 to 0x1F, 0x7F to 0x9F).
- id conditions-group-ID
-
Specifies the conditions group ID of the extended-mode common exclusion-conditions. You can specify a value from 0 to the maximum number of definitions minus 1. This parameter cannot be omitted.
The IDs you can specify for the id parameter is from 0 to 2,499.
- valid {true | false}
-
Specifies whether to enable the extended-mode common exclusion-conditions.
This parameter is not case sensitive. If this parameter is omitted, true is assumed.
- ex-target Exclusion target
-
Specifies the target of the exclusion. Specify the character string action in the exclusion-target to exclude JP1 events that satisfy a common exclusion-condition from automated-action execution. The character string is not case sensitive. If this parameter is omitted, JP1 events that satisfy a common exclusion-condition are excluded from the target to be collected. Only one occurrence of this parameter is allowed for each definition block. Note that this parameter is available only when the version of the common exclusion-conditions extended definition file is 2.
- date start-date-end-date
-
Specifies the period during which the extended-mode common exclusion-conditions apply. This parameter can be omitted. Specify this parameter in the following format:
dateΔYYYYMMDD-YYYYMMDD
Legend: Δ: A space
The specifiable period is from 1970/01/01 to 2038/01/19.
If this parameter is omitted, the extended-mode common exclusion-conditions always apply.
If the start date is omitted, the extended-mode common exclusion-conditions apply from the time they are defined until the end date. To omit the start date, specify only the end date in the following format:
dateΔ-YYYYMMDD
Legend: Δ: A space
If the end date is omitted, the conditions apply continuously from the start date. To omit the end date, specify only the start date using one of the following formats:
dateΔYYYYMMDD
dateΔYYYYMMDD-
Legend: Δ: A space
For details about the applicable period, see 3.2.7 Common exclusion-conditions in the JP1/Integrated Management - Manager Overview and System Design Guide.
- rtime start-time-end-time
-
Specifies the time during which the extended-mode common exclusion-conditions apply. This parameter can be omitted. Specify this parameter in the following format:
rtimeΔHHMM-HHMM
Legend: Δ: A space
If this parameter is omitted, 9:00 is assumed as the start time, and the end time will be 24 hours after that time. The start time cannot be omitted. If the end time is omitted, the conditions apply for 24 hours from the start time.
To omit the end time, specify only the start time using one of the following formats:
rtimeΔHHMM
rtimeΔHHMM-
Legend: Δ: A space
The time you can specify for the start time and the end time is from 00:00 to 23:59.
If you specify an end time earlier than the start time, the end time is treated as the time of the following day. Alternatively, if the same time is specified for the start time and the end time, the end time is treated as the time of the following day.
The following table lists the omission patterns of the parameter end time.
Table 2‒29: Omission patterns of the end time for the rtime parameter No.
Omission pattern
Description
1
rtimeΔstart-time
Applied within 24 hours from the start time
2
rtimeΔstart-time-
3
rtimeΔstart-time-end-time
Applied from the start date to the end date.
Specify the start time and the end time in the HHMM format. Specify the hour for HH, and the minute for MM.
The application period includes the start time but not the end time. For example, if you specify Monday, and set the start time to 21:00 and the end time to 03:00, the application period is from 21:00:00 on Monday through 02:59:59 on Tuesday (the following day).
For details about the applicable period, see 3.2.7 Common exclusion-conditions in the JP1/Integrated Management - Manager Overview and System Design Guide.
- week day-of-week
-
Specifies a day of the week on which the extended-mode common exclusion-conditions apply. This parameter can be omitted. To specify two or more days of the week, separate the days by a comma (,). Use the following format:
weekΔ0,1,2,3,4,5,6
Legend: Δ: A space
Days of the week correspond to the following numeric values:
-
Sunday: 0
-
Monday: 1
-
Tuesday: 2
-
Wednesday: 3
-
Thursday: 4
-
Friday: 5
-
Saturday: 6
If the day of the week is omitted, all days of the week are assumed.
For details about the applicable period, see 3.2.7 Common exclusion-conditions in the JP1/Integrated Management - Manager Overview and System Design Guide.
-
- cnd to end-cnd (event condition block)
-
These parameters mark the start and end of the block that specifies the event conditions of the extended-mode common exclusion-conditions. An event condition block must be specified in a definition block. It cannot be omitted. A tab or a space before or after the cnd and end-cnd parameters is ignored.
You cannot specify multiple event condition blocks for one definition block.
- event-condition
-
Specifies the conditions for excluding JP1 events by means of the extended-mode common exclusion-conditions. You can specify from 0 to 256 event conditions for the event condition block. The event conditions are connected with the AND condition. The following shows how JP1 event conditions are specified:
attribute-nameΔcomparison-keywordΔoperand
Legend: Δ: A space
Note that a line that contains only spaces and tabs is ignored, and processing continues.
- attribute-name
-
Specifies the name of the attribute you want to compare. To specify a basic attribute, prefix the name with B.. To specify an extended attribute (common information) or an extended attribute (program-specific information), prefix the name with E.. The attribute name is case sensitive.
The following table lists and describes the combinations of attribute names and comparison keywords and the operands that can be specified.
Table 2‒30: Combinations of attribute names and comparison keywords and the operands that can be specified No.
Item
Attribute name
Comparison keyword
Operand
1
Event ID
B.ID
-
Match
-
Do not match
Specifies the event ID of a JP1 event.
-
A maximum of 100 event IDs can be specified.
-
Specify the event IDs in hexadecimal notation.
-
Event IDs are not case sensitive.
-
The permitted range is from 0 to 7FFFFFFF.
2
Reason for registration
B.REASON
-
Match
-
Do not match
Specifies the reason for registration of a JP1 event.
-
A maximum of 100 reasons can be specified.
-
The permitted range is from -2,147,483,648 to 2,147,483,647.
3
Source process ID
B.PROCESSID
-
Match
-
Do not match
Specifies the source process ID of the JP1 event source application.
-
A maximum of 100 source process IDs can be specified.
-
The permitted range is from -2,147,483,648 to 2,147,483,647.
4
Registered time
B.TIME
-
Time range
Specifies the time that a JP1 event was registered in the event database on the source host.
-
Specify the time of an environment in which JP1/IM - Manager is running.
-
Specify the start date and time and the end date and time of the range or the period.
-
Comparison is possible when start-date-and-time-of-the range≤time≤end-date-and-time-of-the range is true.
5
Arrived time
B.ARRIVEDTIME
-
Time range
Specifies the time that the JP1 event was registered in the event database on the manager host.
-
Specify the time of an environment in which JP1/IM - Manager is running.
-
Specify the start date and time and the end date and time of the range or the period.
6
Source user ID
B.USERID
-
Match
-
Do not match
Specifies the user ID of the JP1 event source process.
-
A maximum of 100 source user IDs can be specified.
-
The permitted range is from -2,147,483,648 to 2,147,483,647.
7
Source group ID
B.GROUPID
-
Match
-
Do not match
Specifies the group ID of the JP1 event source process.
-
A maximum of 100 source group IDs can be specified.
-
The permitted range is from -2,147,483,648 to 2,147,483,647.
8
Source user name
B.USERNAME
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the user name of the JP1 event source process.
-
A maximum of 100 source user names can be specified. However, if a regular expression is specified, only one source user name is allowed.
-
The source user name is case sensitive
9
Source group name
B.GROUPNAME
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the group name of the JP1 event source process.
-
A maximum of 100 source group names can be specified. However, if a regular expression is specified, only one source group name is allowed.
-
The source group name is case sensitive.
10
Source IP address
B.SOURCEIPADDR
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the IP address of the event-issuing server for a JP1 event.
-
A maximum of 100 source IP addresses can be specified. However, if a regular expression is specified, only one source IP address is allowed.
-
Specify four-digit values in hexadecimal for an IPv6 address as shown below by using 0 to 9 and a to f. a to f must be lowercase.
Example: 0011:2233:4455:6677:8899:aabb:ccdd:eeff
Uppercase letters, an IPv4-mapped address, an IPv4 compatible address, and an abbreviated IPv6 address cannot be specified.
11
Event-issuing server name (source host)#
B.SOURCESERVER
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the source host (event server name) of a JP1 event.
-
A maximum of 100 event-issuing server names can be specified. However, if a regular expression is specified, only one event-issuing server name is allowed.
-
The event-issuing server name is case sensitive.
12
Message
B.MESSAGE
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Sets the message of a JP1 event.
-
A maximum of 100 messages can be specified. However, if a regular expression is specified, only one message can be specified.
-
The message is case sensitive.
13
Event level
(if the severity changing function is enabled, specifies the event level before the change)
E.SEVERITY
-
defined
-
notdefined
-
Match
Specifies whether an event level exists and the JP1 event type.
-
When the comparison keyword is Match, two or more of the following event levels can be specified: Emergency, Alert, Critical, Error", Warning, Notice, Information, and Debug.
14
User name
E.USER_NAME
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the name of the user who issued a JP1 event.
-
A maximum of 100 user names can be specified. However, if a regular expression is used, only one user name is allowed.
-
The user name is case sensitive.
15
Product name
E.PRODUCT_NAME
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the name of the program that issued a JP1 event.
-
A maximum of 100 product names can be specified. However, if a regular expression is used, only one product name is allowed.
-
The produce name is case sensitive.
16
Object type
E.OBJECT_TYPE
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the type of a JP1 event object.
-
A maximum of 100 object types can be specified. However, if a regular expression is used, only one object type is allowed.
-
The object type is case sensitive.
17
Object name
E.OBJECT_NAME
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the name of a JP1 event object.
-
A maximum of 100 object names can be specified. However, if a regular expression is used, only one object name is allowed.
-
The object name is case sensitive.
18
Root object type
E.ROOT_OBJECT_TYPE
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the root object type of a JP1 event.
-
A maximum of 100 root object types can be specified. However, if a regular expression is used, only one root object type is allowed.
-
The root object type is case sensitive.
19
Root object name
E.ROOT_OBJECT_NAME
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the root object name of a JP1 event.
-
A maximum of 100 root object names can be specified. However, if a regular expression is used, only one root object name is allowed.
-
The root object name is case sensitive.
20
Object ID
E.OBJECT_ID
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the object type of a JP1 event.
-
A maximum of 100 object IDs can be specified. However, if a regular expression is used, only one object ID is allowed.
-
The object ID is case sensitive.
21
Occurrence
E.OCCURRENCE
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the occurrence of a JP1 event.
-
A maximum of 100 occurrences can be specified. However, if a regular expression is used, only one occurrence is allowed.
-
The occurrence is case sensitive.
22
Start time
E.START_TIME
-
Time range
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the time to start or restart execution of a JP1 event.
-
When the comparison keyword is Time range:
- Specify the start date and time and the end date and time of the range or the period.
- Comparison is possible when start-date-and-time-of-the range≤time≤end-date-and-time-of-the range is true.
- When the attribute to be compared is a decimal value, the attribute is compared as the total number of seconds.
-
When the comparison keyword is not Time range:
- A maximum of 100 start times can be specified. However, if a regular expression is specified, only one start time name is allowed.
- Compare using a comparison keyword for which an operand is specified as a character string.
23
End time
E.END_TIME
-
Time range
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the time for ending execution of a JP1 event.
-
When the comparison keyword is Time range:
- Specify the start date and time and the end date and time of the range or the period.
- Comparison is possible when start-date-and-time-of-the range≤time≤end-date-and-time-of-the range is true.
- When the attribute to be compared is a decimal value, the attribute is compared as the total number of seconds.
-
When the comparison keyword is not Time range:
- A maximum of 100 end times can be specified. However, if a regular expression is specified, only one end time is allowed.
- Compare using a comparison keyword for which an operand is specified as a character string.
24
Return code
E.RESULT_CODE
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the return code of a JP1 event.
-
A maximum of 100 return codes can be specified. However, if a regular expression is used, only one return code is allowed.
-
The return code is case sensitive.
25
Event source host name#
E.JP1_SOURCEHOST
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the host name of the event source host for a JP1 event.
-
A maximum of 100 event source host names can be specified. However, if a regular expression is specified, only one event source host name is allowed.
-
The event source host name is case sensitive.
26
Extended attribute
E.xxxxxxx
-
First characters
-
Match
-
Do not match
-
Is contained
-
Is not contained
-
Regular expression
Specifies the attribute name of the extended attribute for a JP1 event.
-
For the attribute name, you can specify a name with a maximum length of 32 bytes that begins with an uppercase letter and consists of uppercase letters, numeric characters, and the underscore (_).
-
A maximum of 100 extended attributes can be specified. However, if a regular expression is specified, only one extended attribute is allowed.
-
The extended attribute is case sensitive.
-
- comparison-keyword
-
Specifies BEGIN (begins with), IN (matches), NOTIN (does not match), SUBSTR (includes), NOTSUBSTR (does not include), or REGEX (regular expression), TRANGE (time range), DEFINED (defined), or NOTDEFINED (not defined) as the comparison keyword. The comparison keyword is case sensitive.
To use the TRANGE (time range) comparison keyword, specify it as shown in the following table.
Table 2‒31: Format for specifying TRANGE Comparison method
Format
Specifiable range
Specifying date and time
start-date-and-timeΔend-date-and-time
start-date-and-time≤ attribute-value≤end-date-and-time
Specifying a period
xx minutes ago
base-timeΔ - period (minutes) MIN
base-time - period (minutes)≤attribute-value≤base-time
xx minutes later
base-timeΔ + period (minutes) MIN
base-time≤attribute-value≤base-time + period (minutes)
xx hours ago
base-timeΔ - period (hours) HOUR
base-time - period (hours)≤attribute-value≤base-time
xx hours later
base-timeΔ + period (hours) HOUR
base-time≤attribute-value≤base-time + period (hours)
xx days ago
base-timeΔ - period (days) DAY
base-time - period (days)≤attribute-value≤base-time
xx days later
base-timeΔ + period (days) DAY
base-time≤attribute-value≤base-time + period (days)
Specify the start date and time and the end date and time in YYYYMMDDhhmmss format. The period (minutes, hours, and days) must be specified as a numeric value. MIN, HOUR, and DAY are case sensitive.
- Operand
-
Specifies a character string as the value to be compared with the attribute value specified by the comparison keyword. The operand is case sensitive.
If you specify two or more operands, separate them by one or more consecutive spaces or tabs. The OR condition is applied to the specified operands. Note that if a regular expression is specified, only one operand is allowed.
If you want to specify a space, a tab, an end-of-line code (CR or LF), or % as part of an operand, use the format shown in the table below. Note also that during maximum value checking for the definition format, each of these values is treated as a single character.
There is no limit on the maximum length of the operand. However, for Shift-JIS, the maximum number of event conditions (attribute name, comparison keyword, and operand) in cnd to end-cnd (event condition block) is 65,536 bytes.
No.
Value to be specified
How to specify
1
Tab (0x09)
%09
2
Space (0x20)
%20
3
% (0x25)
%25
4
Linefeed LF (0x0a)
%0a
5
Linefeed CR (0x0d)
%0d
Note:
-
Relationship between the values of date, rtime, and week
When date, rtime, and week are set, the common exclusion-condition is enabled on every week day of week during a period of days specified in date from the start time to the end time specified in rtime.
When the end time of rtime indicates a time on the next day, the common exclusion-condition remains enabled until the end time on the next day.
For details about the applicable period, see 3.2.7(4) Applicable period of a common exclusion-condition in the JP1/Integrated Management - Manager Overview and System Design Guide.
Example definition
When the following conditions exist, the example definition excludes events during the period from 2010/10/01 to 2010/10/31 on Mondays through Saturdays from 10:00 to 12:00:
-
The event ID matches 1.
-
The event level is Emergency or Alert.
-
The registered host is specified with a regular expression as follows:
-
host[0-9][0-9]
-
DESC_VERSION=1 # comment def common-exclusion-conditions-group-1 cmt expiration: 2010/10/31 id 1 valid true date 20101001-20101031 week 1,2,3,4,5,6 rtime 1000-1200 cnd B.ID IN 00000001 E.SEVERITY IN Emergency Alert B.SOURCESERVER REGEX host[0-9][0-9] end-cnd end-def
The definition example below excludes events from automated-action execution from 23:00 to next day 02:00 on every Monday through Saturday during the period between April 1, 2017 and May 1, 2017 when the following conditions are true:
-
The event ID is 2.
-
The severity is Emergency or Alert.
-
The source host matches the following regular expression:
-
host[0-9][0-9]
-
DESC_VERSION=2 # comment def common-exclusion-conditions-group-1 cmt expiration: 2017/05/01 id 1 valid true ex-target action date 20170401-20170501 week 1,2,3,4,5,6 rtime 2300-0200 cnd B.ID IN 00000002 E.SEVERITY IN Emergency Alert B.SOURCESERVER REGEX host[0-9][0-9] end-cnd end-def