Massage alarm data

Tobin Isenberg

By: Tobin Isenberg

September 16, 2010 4:30 pm

Reads: 223

Comments:2

Rating:0

I was working with an engineer today, he was setting up Novell Operations Center (BSM) in an environment that had several data feeds. One of the challenges he had was one of the feeds had the short name of the server, another feed had a mixture of TCP/IP address, short host name and fully qualified host name. When setting up the views we do have ways to automatically correlate different data points using different rules but… we do also have ways to clean up the data.

In order to clean up the alarms coming in on the Netcool adapter so the hosts that were created are consistent even though they are not consistent inside of netcool, I put a “test” tag in place inside of the hierarchyfile. Netcool does not have a topology or map, we use the hierarchyfile (XML) to describe a layout. The idea is, you can take any alarm column and have it create objects on the fly. It then relates similiar objects and correlates the alarms together. Customers have interesting fields in their alarms, computer name is general one (Node, host, hostname, computer, etc), sometimes you have process names, application names, owners, etc. The hierarchyfile can describe how you want items organized under the adapter.

Anyways, back to the test tag. Within the hierarchyfile you can do other things besides setting up the grouping, you can filter as well as run java scripts. In this case I put a script at the top of the hierarchyfile to clean up the computer names.

<hierarchy>
<test type=”script” expr=”var x=0;
try{

var host = alarm.Node.toLowerCase();
var vals = formula.util.breakOnTokens( host, ‘.’ );
try{
var x = java.lang.Integer.parseInt( vals[0] );
}catch(numException){
alarm.Node = vals[0];
}

}catch( Exception ){
formula.log.error( ‘NodeException: ‘ + Exception )
}
true;”/>

… (hiearchyfile continues)

The first few lines sets up runng a script inline to the hierarchyfile. There is a try/catch block to handle extra bad data.

I then pull from the alarm the Node column which holds the computer name and flip it to all lower case (var host = alarm.Node.toLowerCase()

The next thing I do is use the breakOnTokens method (similiar to the string tokenizer) to build an array of values based on parsing the Node name on a period delimiter. This easily drops novell.com from server1.novell.com…. but… it messes up cases where the node is an actual IP address.

The next thing I do is, take the first array item and try and convert it to a number, if I can, then it must be an IP address, I don’t want to process those. If I can’t convert it to a number, it must be the short name of the server such as “server1″ in the server1.novell.com example.

The script changes the alarm.Node field and ends.

The results were, if the Node field had an IP address, it was left alone. For cases where the Node name was the short computer name, not change other than making it lowercase, for fully qualified domain names, it chopped off the extra details and save the lowercase short name.

What did we do. The customer had inconsistent data. In order to fix it they need to update their monitoring agents… to painful, costly and lengthy of an excercise. This small script does the work for them in minutes.

Test tags can do lots of things, I’ve taken one value and looked up additional details from databases to expand the alarm details, cleaned up data differently than show here, chopped up very long string fields to more meaningful details, etc.

Hierarchyfiles are only available on adapters that are event based such as TEC, Netcool and Event Manager (Event Integrator). There are a few other adapters that support this feature. The DTD file has several other features… enjoy!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Operations Center, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

2 Comments

  1. By:kjhurni

    Sorry, but I couldn’t resist (trust me, I’ve typo’d my share of boo-boo’s).

    Although just the headline is rather funny and made me laugh so my day went much better.

    :)

  2. By:tisenberg

    Nope, that is how I meant it. :) and yes… it does sound funny

    From: http://dictionary.reference.com/browse/massage (kind of 5.a and 5.b)
    –> to manipulate, organize, or rearrange (data, figures, or the like) to produce a specific result, esp. a favorable one: The auditors discovered that the company had massaged the books.

    The core idea is, an alarm with minimal data can only go so far, if you just have a hostname, you could look up the host name in some database, get the platform info and add other details to the alarm such as IP address, OS type, escalation owner, etc. From there you can have smart right-clicks that either ssh, telnet or rdp.

Comment