Analyst Rule Configuration and Global Variables

The CONFIG section sets global Analyst processing options, for example how many days to keep problem data after closing, as well as being used to declare global variables for this Analyst.

Global variables are variables whose scope encompasses all sections of a rule file and so are available for use by any PRIMARY or SECONDARY rule in this rules file. The Analyst Variables section has more information on using variables.

The CONFIG section also contains options that allow you to specify the amount of data to be kept in the log file or a maximum duration to keep records. After the specified time or size, the data will be purged.

SECTION CONFIG
	[MAX_DAYS <n>]
	[MAX_SIZE <n>[MB]]
	[DEFAULT_VERSION {v1 | v2c | v3}]
	[DEFAULT_HOST <host>]
	[DEFAULT_PORT <port>]
	[DEFAULT_COMMUNITY <string>]
	[DEFAULT_AUTHPROTOCOL {MD5 | SHA}]
	[DEFAULT_ENCRYPTION {DES | AES128 | AES192 | AES256 | 3DES}]
	[STRING <identifier> | <identifier>[n][:= <initial-value>]]
	[NUMERIC <identifier> | <identifier>[n][:= <initial-value>]]
	[CONVERT_TO_UPPER {ON | OFF}]
END_SECTION

The [n] parameters in the diagram above contain literal brackets, i.e. the brackets [ ] must be included in the configuration text. In all other cases, the brackets indicate optional parameters as normal.

Syntax

MAX_DAYS
Specifies the number of days of data to keep. Because the file wraps based on size, this might not correspond to the number of days actually kept. Enter the number as a decimal value. The minimum acceptable value is .01 (approximately 15 minutes).

In no MAX_DAYS value is added, the default will be 0 (which causes it to save the records until the file is full, then wrap around, overwriting the oldest records), unless an alternative value has been added to the  'MaxDays' statement in the 'irautoan' ini file. However, any MAX_DAYS value added will overwrite the 'MaxDays' statement in the 'irautoan' ini file for this specific Analyst (see Analyst Overview).

MAX_SIZE
Specifies, in megabytes, the maximum amount of data from the PrognosisAutomationProblem (PROBLEM) record that is to be kept for this Analyst. When the Analyst Problem Output file is filled to the set size, the file will wrap and new data will start to overwrite older problem data. Enter the number as a decimal value (e.g. 0.01 for 10KB).

If no MAX_SIZE value is added, the default setting will be 1.0MB, unless an alternative value has been added to the 'ProblemFileMaxSize' statement in the 'irautoan' ini file. However, any MAX_SIZE value added will overwrite the 'ProblemFileMaxSize' statement in the 'irautoan' ini file for this specific Analyst (see Analyst Overview).

DEFAULT_VERSION
The version of SNMP to send. Valid values are v1, v2c or v3. The SNMPTRAP statement in the Rule Definition Action Clause will override this default value.

DEFAULT_HOST
The node name where the SNMP traps will be delivered. The SNMPTRAP statement in the Rule Definition Action Clause will override this default value.

DEFAULT_PORT
The port where the SNMP traps will be delivered. The SNMPTRAP statement in the Rule Definition Action Clause will override this default value.

DEFAULT_COMMUNITY
(Applicable for SNMP v1 and v2c only) The community string value used by SNMP traps out, default is 'public'. The SNMPTRAP statement in the Rule Definition Action Clause will override this default value.

DEFAULT_AUTHPROTOCOL
(Applicable for SNMP v3 only) The SNMP authentication protocol to use. Valid values are MD5 or SHA. Note that using MD5 is not FIPS compliant. The SNMPTRAP statement in the Rule Definition Action Clause will override this default value.

DEFAULT_ENCRYPTION
(Applicable for SNMP v3 only) The encryption method to use. Valid values are DES, AES, AES128, AES192, AES256 or 3DES. The SNMPTRAP statement in the Rule Definition Action Clause will override this default value.

Notes for SNMP Usage:

1)    Prior to version 11.1, Analysts could only send SNMP v1 Traps. Effective with version 11.1, Analysts can send v1, v2c or v3 Traps. However, if no SNMP options are entered, the default configuration remains as v1 sending to 127.0.0.1 (localhost) on port 162.

2)    If FORCE-FIPS-ENCRYPTION is enabled in the NETWORK Configuration, then the following SNMP restrictions will apply:

  • Only SNMP v3 can be used.

  • Authentication must use a FIPS compliant algorithm, at present only SHA is available.

  • Encryption must use a FIPS compliant algorithm, AES128, AES192, AES 256 or 3DES can be used.

3)    SNMP v3 requires the applicable username and password to be added to the PASSWORDS Configuration on the server that the Analyst runs. To do this the following entries are used:

autoan:authentication:<ip-address>:<port>
autoan:encryption:<ip-address>:<port>

Where <ip-address> is the server running SNMP v3 and <port> is the port used for SNMP access.
In the authentication entry, the username and password are the same as configured in the SNMP v3 server for authentication.
In the encryption entry the username is ignored, only enter the password as configured on the SNMP v3 server for encryption.

Where applicable, separate PASSWORD Configuration entries are required for each SNMP v3 server. That is, a hierarchy of password entries is not supported.

STRING
Defines a global variable for holding string or alphanumeric information.

<identifier> is the symbolic name assigned to this variable. The first 8 characters of this identifier must be unique and cannot contain any special characters, other than an underscore.
For example: STRING My_Strng is valid while STRING My^Strng is NOT valid.

[n] can be used to specify the number of characters in this variable. It must be a positive even integer. The default length is 240.

<initial-value> specifies that the variable is initialized to the given value. The <initial-value> string should be surrounded by quotes. By default, the string variable will be filled with spaces.

NUMERIC
Defines a global variable for holding number values.

<identifier> is the symbolic name assigned to this variable and follows the same rules as for the string type above.

[n] in the case of NUMERIC variables identifies the number of decimal places this number will use and must be in the range 0 through 4.  The default is 0.

<initial-value> specifies that the variable will be initialized to the given value. By default, the numeric variables will be set to 0.

CONVERT_TO_UPPER
Use this toggle to force strings to be upshifted when they are assigned to variables or substituted into commands. Normally this should be set to OFF, but for compatibility with prior versions the default is ON.

This does not affect the processing of Where Clauses, which are always case insensitive.

Provide feedback on this article