Configure a Custom Rule in Paragon Automation GUI
Create a New Rule Using the Paragon Automation GUI
To create a new rule using the Paragon Automation GUI, you’ll first fill general descriptive information about the rule and then navigate through several rule definition blocks in the Rules page to provide the specific configuration for the Paragon Automation rule.
To start creating a new Paragon Automation rule:
Rule Filtering
You can filter the Topics and Rules displayed on the left side of the Rules page. This allows you to quickly find rules that you are looking for. The search function works for topics, rules, sensor-types and other categories; working not only on titles, but also on the defined contents of rules.
The following procedure explains this filtering feature.
Sensors
Start configuring the new rule using the Sensor block. Figure 2 shows the sensor definition for the OpenConfig
sensor pppoe-error-statistics
.
Fields
A sensor will generally carry information such as all information about interfaces on the device, chassis related information, system process and memory related information, and so on. After you configure sensors, you must mention Fields that process sensor information for a particular need. For example, you can define fields to capture administrative or operational status of an interface or set traffic count threshold.
To add a field:
You can add fields and keys to rules based on whether the incoming data meets user-defined conditions defined in tagging profiles. Tagging profiles are defined in Paragon Automation under Administration > Ingest Settings on the left navigation bar. SeeParagon Insights Tagging for details.
Vectors
(Optional) Now that you have a sensor and fields defined for your rule, you can define vectors.
A vector is used when a single field has multiple values or when you receive a value from another field.
The syntax of a vector is:
vector <vector-name>{ path [$field-1 $field-2 .. $field-n]; filter <list of specific element(s) to filter out from vector>; append <list of specific element(s) to be added to vector>; }
Variables
(Optional) The Variables block is where you define the parts of the sensor that you are interested in. For example, a rule that monitors interface throughput needs to have a way to identify specific interfaces from the list of available interfaces on a device. The field details are discussed below.
Functions
(Optional) Define any needed functions.
The Functions block allows users to create functions in a python file and reference the methods that are available in that file. The python file must be created outside of Paragon Automation. You must know about the method names and any arguments because you will need those when defining the functions.
In Paragon Automation, you can use a Python user-defined function to return multiple values. The values are stored in multiple fields in the database.
For example, consider that you have a function example_function.py that has three return values. When you call the example_function.py in a rule, the first return value in the user-defined functions (UDF) is stored in the rule field that calls the function. You only need to configure return fields, such as r2 and r3, for the remaining two return values. You can configure these fields for return values in the Return List of the Functions tab.
In the time-series database, the name of Return List fields are prefixed with the name of the rule field that uses the UDF. For example, rule_field_name-r2.
Figure 4 shows an example configuration in the Functions block.
To configure a function:
Triggers
A required element of rule definition that you’ll need to set is the trigger element.
Figure 5 shows the Triggers
block for the system.memory/check-system-memory
rule. The field details
are discussed below.
Setting up triggers involves creating terms that are used to set policy. If the terms within a trigger are matched, then some action is taken. Terms can evaluate the fields, functions, variables, etc that are defined within the rule against each other or in search of specific values. Terms are evaluated in order from the top of the term list to the bottom. If no match is found, then the next term (if any) is evaluated until a match is found or until the bottom of the term stack is reached.
Rule Properties
(Optional) Specify metadata for your Paragon Automation rule in the Rule Properties block. Available options include:
Attributes |
Description |
---|---|
Version |
Enter the version of the Paragon Automation rule. |
Contributor |
Choose an option from the drop-down list. |
Author |
Specify a valid e-mail address. |
Date |
Choose a date from the pop-up calendar. |
Supported Paragon Automation Version |
Specify the earliest Paragon Automation release for which the rule is valid. |
Supported Device > Juniper Devices |
Choose either Junos or Junos Evolved. Device metadata includes Product Name, Release Name, Release Support (drop-down list), and platform. You can add metadata for multiple devices, multiple products per device, and multiple releases per product. You can select default sensors that you want to apply to all supported devices. You also have the option to select default sensors that you want to apply to Juniper devices, and to Juniper devices that run a specific OS. |
Supported Device > Other Vendor Devices |
You can add vendor identifier, vendor name, product, platform, release, and operating system-related information for non-Juniper vendors. You can select default sensors that you want to apply to all non-Juniper devices. |
Helper Files |
Specify files that are required by the Paragon Automation rule. |