Child pages
  • Classification Rules
Skip to end of metadata
Go to start of metadata
Sample rule for process "Link Down" and "Link Up" events for DLink.DxS profile
{
    "name": "DLink | DxS | Network | Link | Link Down (SYSLOG)",
    "uuid": "6f6ac845-90dd-4863-9aed-9e30e1f2acd3",
    "description": "INFO: Port 17 link down",
    "event_class__name": "Network | Link | Link Down",
    "preference": 1000,
    "patterns": [
        {
            "key_re": "^source$",
            "value_re": "^syslog$"
        },
        {
            "key_re": "^profile$",
            "value_re": "^DLink\\.DxS$"
        },
        {
            "key_re": "^message$",
            "value_re": "(?:INFO:|INFO\\(6\\)) Port (?P<interface>.+) link down$"
        }
    ]
}

{
    "name": "DLink | DxS | Network | Link | Link Up (SYSLOG)",
    "uuid": "ea3b96c5-cf6b-4dd4-88f8-4b16ed8dfab6",
    "description": "INFO: Port 17 link up, 100Mbps  FULL duplex",
    "event_class__name": "Network | Link | Link Up",
    "preference": 1000,
    "patterns": [
        {
            "key_re": "^source$",
            "value_re": "^syslog$"
        },
        {
            "key_re": "^profile$",
            "value_re": "^DLink\\.DxS$"
        },
        {
            "key_re": "^message$",
            "value_re": "(?:INFO:|INFO\\(6\\)) Port (?P<interface>.+) link up, (?P<speed>\\S+)\\s+(?P<duplex>.+duplex)"
        }
    ]
}

When:

KeyDescriptionComment
nameName of rule"(SYSLOG)" and "(SNMP)" are required building symbols
uuidUnique ID of ruleGenerated automatically or by `/opt/noc$ ./noc get-uuid` command
descriptionDescription of rule 
event_class__name
Name of event classSee Event Classes for detail
preferenceOrder to parse rules 
patternsPattern to match rules"source", "syslog", "SNMP Trap", "profile", "message" are building symbols

 

  1. All rules are written in JSON format.
  2. Both key_re and value_re fields support Python Regular Expression.
  3. All symbols are case sensitive.

Note: Don't forget to escape backslash and brackets

List of embedded functions:

NameExampleResult
fixup_int_to_ip() aaa.bbb.ccc.ddd
fixup_bin_to_ip() aaa.bbb.ccc.ddd
fixup_bin_to_mac() aa:bb:cc:dd:ee:ff
fixup_oid_to_str()  
fixup_enum()