Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

    Creating an Event Subscription

    To create a new event subscription, right click in the top left panel and select Create, or select an existing event subscription and click the Create icon at the top of the window.

    Figure 205: Create an Event Subscription

    Create an Event Subscription
    1. Select the newly created subscription from the upper left pane to modify its properties in the right pane, Property Editor.
    2. Enter a Subscription Name.
    3. Next, select the Event Type. This is the type of event that will be subscribed to. Click in field to bring up a dropdown menu of available event types. Options range from specific trap events such as mplsLspUp and linkUp to generalized events like TunnelEvent and NetworkEvent, that are families of events. To see which events are included in a family of events such as TunnelEvent, view the file /u/wandl/db/config/eventtypes.store and search for events with the superType=”TunnelEvent”. Besides network events, events can also be generated for IP/MPLSView application-related events (ApplicationEvent) or threshold-related events defined in the Threshold Editor (ThresholdEvent).

      For example, to subscribe only to threshold crossing alerts, select event type ThresholdEvent.

    4. Following that, you can configure the subscription to filter the events further to match a particular rule using the Subscription Rule property. When editing an event subscription rule, right click in the Subscription Rule text box to bring up the Subscription Rule Builder.

      In the Subscription Rule Builder, the top panel lists the available keys and the bottom panel displays the resulting rule. In the top panel, use the checkbox to select the desired key(s). In the bottom panel, click the underlined values to edit the logical operators and properties. Press OK to build the rule syntax.

      Figure 206: Subscription Rule Builder

      Subscription Rule Builder

      Alternatively, the Subscription rule syntax can be typed into the field instead of using the Subscription Rule Builder. Note that all conditions and rules are case sensitive, and spaces should be used as delimiters between keywords, values, and logical operators. Additionally, quotes (““) should be placed around string values, for example, IPAddress == “1.2.3.4”.

      For reference, the following are the supported logical operators:

      • == (Equals)
      • != (Does not equal)
      • ~= (Equals using regular expression)
      • && (And)
      • || (Or)
      • < (Less than), and
      • > (Greater than).

      For reference, the following are the supported properties:

      • type: The event type. For example, this can be an SNMP trap type such as linkUp and linkDown or ThresholdEvent. You could enter “type ~= link” to filter on both linkUp and linkDown events, or “type ~= mpls” to filter on trap types such as mplsLspUp and mplsLspDownReason.
      • elementType: The element type (Node, Interface, Tunnel). For example, you can enter “elementType == Interface” to filter only for interface-related events. Note in the particular case of Cisco that tunnels are associated with the Interface element type rather than the Tunnel element type.
      • deviceID: The hostname of the node associated with the event. For example, you can enter “deviceID == NWK && elementType == Node” to filter only for node events related to router NWK.
      • name: The name of the particular element associated with the event. Depending upon the element type, this can be an interface name, device’s hostname, or tunnel name. For example, you can enter “name ~= fe && elementType == Interface” to filter only for events related to fastethernet interfaces.
      • timestamp: The timestamp in terms of number of milliseconds since January 1,1970
      • severity: Severities are represented as integers, in increasing order from least serious to most serious, where INFO=1000, NORMAL=2000, UP=2001, WARNING=3000, MINOR=4000, MAJOR=5000, CRITICAL=6000, and DOWN=6001. For example, you can set “severity > 4000” to get only errors of severity MAJOR or higher.
      • description: This includes details of the event. For example, for an SNMP trap, this includes the object name and value pairs. For a threshold event, this includes the description configured in the threshold event definition.
      • sourceIP: The IP address of the SNMP agent that sent the trap (SNMPv1) or packet (SNMPv2)
      • sourceID: Indicates the process that posted the event, for example, “SNMPEventPublisher” for traps.
      • comment: The Event Comment entered in Event Browser when acknowledging an event.
    5. The “Durable” option specifies if the event subscription is persistent. By default all subscriptions are set to Durable. If a subscription is not set to Durable, then it will be lost the next time the event server is restarted.

      Figure 207: Example Subscription to Threshold Events of High Severity

      Example Subscription to Threshold Events of High Severity

      The following are some example subscription configurations:

      Event Type

      Subscription Rule

      Description

      NetworkEvent

      deviceID == SFO

      Sends all network-related events occurring at router SFO

      TunnelEvent

      name == Tunnel5

      Sends all tunnel-related events occuring at tunnel Tunnel5

      NetworkEvent

      type == linkDown && name == fe-0/1/2

      Sends a report if link fe-0/1/2 goes down.

      ThresholdEvent

      severity > 4000

      Sends all threshold events of severity MAJOR or higher. Requires first configuring threshold crossing alerts as described in Chapter 14, Fault Management:Threshold Crossing Alerts

      NetworkEvent

      severity > 4000

      Sends all network events (including traps and threshold events) of severity MAJOR or higher. Edit Threshold event severities from the Threshold editor as described in Chapter 14, Fault Management:Threshold Crossing Alerts. Edit the severities of other events from the web interface as described in Edit Event Type Severities.

      CollectionEvent

       

      Sends events related to the traffic data collector, such as the collection start, stop, and update

    Modified: 2015-12-29