Hitachi

JP1 Version 12 JP1/Integrated Management 2 - Manager Command and Definition File Reference


Filter file

Organization of this page

Format

event-condition
    :
OR
event-condition
    :
EXCLUDE
event-condition
    :

File

Use any file.

Storage directory

In Windows

Any folder

In UNIX

Any directory

Description

This file defines filter conditions to be applied during output of event reports. To load the file, execute the jcoevtreport command with the -f option specified.

The maximum size of this file is 256 kilobytes (262,144 bytes).

When the definitions are applied

When the jcoevtreport command with the -f option specified is executed, the specified item file is loaded and the JP1 events that satisfy the specified condition are acquired from the integrated monitoring database and then output to an event report.

Contents of the file

pass-conditions group, exclusion-conditions group

The jcoevtreport command outputs the JP1 events that do not satisfy any of the exclusion-conditions groups and that satisfy one of the pass-conditions groups. For the filter conditions, you can specify from 0 to 5 pass-conditions groups and from 0 to 5 exclusion-conditions groups.

In a pass-conditions group or exclusion-conditions group, you can specify from 0 to 50 event conditions. In the case of an extended attribute (user-specific information), you can specify a maximum of 5 event conditions per pass-conditions group or exclusion-conditions group.

OR

If you specify multiple condition groups, specify OR between the condition groups.

EXCLUDE

Specify EXCLUDE between a pass-conditions group and an exclusion-conditions group. Any event condition that follows EXCLUDE is treated as an exclusion-conditions group. If no event condition follows EXCLUDE, only the pass-conditions groups take effect.

event-condition

Specify the event conditions in the following format (Δ indicates a single-byte space):

attribute-nameΔcomparison-keywordΔ operand[Δoperand]...

Note that a line consisting of only spaces or tabs is ignored during processing.

attribute-name

Specifies the name of the attribute that you want to compare. To specify a basic attribute, place B. immediately before the name; to specify an extended attribute (common information or user-specific information), place E. immediately before the name. Attribute names are case sensitive.

comparison-keyword

Specifies one of BEGIN (begins with), IN (matches), NOTIN (does not match), SUBSTR (includes), NOTSUBSTR (does not include), or REGEX (regular expression) as the comparison keyword. The comparison keyword is case sensitive.

operand

Specifies a character string as the value that is to be compared with the attribute value by the specified comparison keyword. Operands are case sensitive.

Specify multiple operands by separating them with one or more consecutive spaces or a tab. The OR condition is applied to the specified operands. Note that if a regular expression is specified for the comparison keyword, only one operand can be specified.

To specify a space, a tab, end-of-line code (CR or LF), or % as a part of an operand, specify as follows:

No.

Value to be specified

How to specify

1

Tab (0x09)

%09

2

Space (0x20)

%20

3

% (0x25)

%25

4

Linefeed code LF (0x0a)

%0a

5

Carriage return code CR (0x0d)

%0d

During maximum value checking for the definition format, %20 and %25 are each treated as a single character. The character code specified after the % is not case sensitive. The following shows an example of defining ID matches 100 and 200, which selects multiple operands:

B.IDΔINΔ100Δ200

Legend:

Δ: Space (0x20)

You can specify a maximum of 4,096 bytes of operands per event condition and per event condition block (total length of operands in bytes that are specified in the event condition block). The following table shows the attribute names, comparison keywords, and operands that can be specified for event conditions.

No.

Item

Attribute name

Comparison keyword

Operand

1

Event ID

B.ID

  • Match

  • Does not match

  • A maximum of 100 event IDs can be specified.

  • Event IDs are not case sensitive.

  • The permitted range is from 0 to 7FFFFFFF.

2

Reason for registration

B.REASON

  • Match

  • Does not match

  • A maximum of 100 items can be specified.

  • The permitted range is from -2,147,483,648 to 2,147,483,647.

3

Source process ID

B.PROCESSID

4

Source user ID

B.USERID

5

Source group ID

B.GROUPID

  • First characters

  • Match

  • Does not match

  • Is contained

  • Is not contained

  • Regular expression

  • A maximum of 100 items can be specified. However, if a regular expression is specified, only one item is allowed.

6

Source user name

B.USERNAME

7

Source group name

B.GROUPNAME

8

Event-issuing server name#1

B.SOURCESERVER

9

Target event server name#1

B.DESTSERVER

10

Message

B.MESSAGE

11

Event level

E.SEVERITY

Match

  • Specifiable values are Emergency, Alert, Critical, Error, Warning, Notice, Information, and Debug.

  • Multiple event levels can be specified. However, the same event level cannot be specified twice.

12

Extended attribute#2

E.xxxxxxx

  • First characters

  • Match

  • Does not match

  • Is contained

  • Is not contained

  • Regular expression

  • For the extended attribute name, you can specify a character string with a maximum of 32 bytes that begins with an uppercase letter and consists of uppercase letters, numeric characters, and the underscore (_).

  • A maximum of 100 extended attributes can be specified. However, if a regular expression is specified, only one extended attribute is allowed.

13

Action type

E.@JP1IM_ACTTYPE

  • Match

  • Does not match

  • The following numeric values can be specified:

    0: Not subject to an action

    1: Command

    2: Rule

    3: Command and rule

  • Multiple action types can be specified.

14

Action suppression

E.@JP1IM_ACTCONTROL

  • The following numeric values can be specified:

    0: Not subject to an action

    1: Execution

    2: Suppression

    3: Partial suppression

  • Multiple action suppressions can be specified.

15

Severe event

E.@JP1IM_SEVERE

  • The following numeric values can be specified:

    0: Not a severe event

    1: Severe event

  • Multiple severe events can be specified.

16

Correlation event

E.@JP1IM_CORRELATE

  • The following numeric values can be specified:

    0: Not a correlation event

    1: Correlation approval event

    2: Correlation failure event

  • Multiple correlation events can be specified.

17

Response waiting event

E.@JP1IM_RESPONSE

  • The following numeric values can be specified:

    0: Not a response waiting event

    1: Response waiting event

  • Multiple response waiting events can be specified.

18

Original severity level

E.@JP1IM_ORIGINAL_SEVERITY

  • First characters

  • Match

  • Does not match

  • Is contained

  • Is not contained

  • Regular expression

  • Multiple original severity levels can be specified. A maximum of 100 original severity levels can be specified. However, if a regular expression is specified, only one level is allowed.

19

New severity level

E.@JP1IM_CHANGE_SEVERITY

  • Match

  • Does not match

  • The following numeric values can be specified:

    0: No new severity level exists

    1: New severity level exists

  • Multiple new severity levels can be specified.

20

Event status

E.@JP1IM_DEALT

  • The following numeric values can be specified:

    0: Not processed

    1: Already processed

    2: Being processed

    3: On hold

  • Multiple event statuses can be specified.

21

Severe event released

E.@JP1IM_RELEASE

  • The following numeric values can be specified:

    0: No severe events are released

    1: Severe events are released

  • This item can be specified multiple times.

22

Severe event deleted

E.@JP1IM_DISMISSED

  • The following numeric values can be specified:

    0: No severe events are deleted

    1: Severe events are deleted

  • This item can be specified multiple times.

23

Memo

E.@JP1IM_MEMO

  • First characters

  • Match

  • Does not match

  • Is contained

  • Is not contained

  • Regular expression

  • A maximum of 100 memos can be specified. However, if a regular expression is specified, only one memo is allowed.

24

Changed display message#3

E.@JP1IM_DISPLAY_MESSAGE

  • First characters

  • Match

  • Does not match

  • Is contained

  • Is not contained

  • Regular expression

  • A maximum of 100 of these items can be specified. However, if a regular expression is specified, only one item is allowed.

25

New display message#3

E.@JP1IM_CHANGE_MESSAGE

  • Match

  • Does not match

  • The permitted range is from -2,147,483,648 to 2,147,483,647.

26

Display message change definition#3

E.@JP1IM_CHANGE_MESSAGE_NAME

  • First characters

  • Match

  • Does not match

  • Is contained

  • Is not contained

  • Regular expression

  • A maximum of 100 of these items can be specified. However, if a regular expression is specified, only one item is allowed.

27

Event source host name#2

E.JP1_SOURCEHOST

  • First characters

  • Match

  • Does not match

  • Is contained

  • Is not contained

  • Regular expression

  • A maximum of 100 of these items can be specified. However, if a regular expression is specified, only one item is allowed.

#1

If the integrated monitoring database and the IM Configuration Management database are enabled, and the comparison keyword is Match or Do not match, you can specify the business group name in a path format.

If the integrated monitoring database and the IM Configuration Management database are disabled, and a comparison keyword other than Match and Do not match is selected, a business group name specified in a path format is treated as a host name.

If the -ignorecasehost option of the jcoimdef command is set to ON, and a comparison keyword other than Regular expression is selected, the character string is no longer case sensitive.

#2

E.START_TIME (start time), and E.END_TIME (end time) cannot be specified.

#3

If you have upgraded from version 10-50 or earlier of JP1/IM - Manager, this item is not output unless the integrated monitoring database has been updated using the jimdbupdate command.

Example definition

B.ID IN 1
B.MESSAGE SUBSTR Warning
E.SOURCESERVER IN host1 host2 host3 host4
OR
B.ID IN 1
B.MESSAGE SUBSTR Error
E.SOURCESERVER IN host1 host2 host3 host4
EXCLUDE
E.SOURCESERVER IN host3