Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Code Block
titleSample rule for process "Link Down" and "Link Up" events for DLink.DxS profile
collapsetrue
{
    "name": "DLink | DxS | Network | Link | Link Down (SYSLOG)",
    "uuid": "6f6ac845-90dd-4863-9aed-9e30e1f2acd3",
    "description": "INFO: Port 17 link down",
    "event_class__name": "Network | Link | Link Down",
    "preference": 1000,
    "patterns": [
        {
            "key_re": "^source$",
            "value_re": "^syslog$"
        },
        {
            "key_re": "^profile$",
            "value_re": "^DLink\\.DxS$"
        },
        {
            "key_re": "^message$",
            "value_re": "(?:INFO:|INFO\\(6\\)) Port (?P<interface>.+) link down$"
        }
    ]
},

{
    "name": "DLink | DxS | Network | Link | Link Up (SYSLOG)",
    "uuid": "ea3b96c5-cf6b-4dd4-88f8-4b16ed8dfab6",
    "description": "INFO: Port 17 link up, 100Mbps  FULL duplex",
    "event_class__name": "Network | Link | Link Up",
    "preference": 1000,
    "patterns": [
        {
            "key_re": "^source$",
            "value_re": "^syslog$"
        },
        {
            "key_re": "^profile$",
            "value_re": "^DLink\\.DxS$"
        },
        {
            "key_re": "^message$",
            "value_re": "(?:INFO:|INFO\\(6\\)) Port (?P<interface>.+) link up, (?P<speed>\\S+)\\s+(?P<duplex>.+duplex)"
        }
    ]
}

When:

KeyDescriptionComment
nameName of rule"(SYSLOG)" and "(SNMP)" are required building symbols
uuidUnique ID of ruleGenerated automatically or by `$ ./noc get-uuid` command
descriptionDescription of rule 
event_class__name
Name of event classSee Event Classes for detail
preferenceOrder to parse rules 
patternsPattern to match rules"source", "syslog", "SNMP Trap", "profile", "message" are building symbols

...