Indicates a set of actions to be taken when the rule triggers. There can be multiple Action blocks within a rule, and each Action block can contain a number of actions. The Action blocks are executed in the order that they appear in the rule. If you have three Action blocks (each with its own Where Clause) the first one will process, then the second, then the third.
If the second one contains a NEXT_RULE_STATE CLOSED, and if that second action takes effect, the third action will not execute. Execution of all clauses in the Action block is dependent upon its Where Clause. Only if the Where Clause is satisfied, will the actions be executed.
An <action-where-clause> further narrows down the number of records that the contained actions will be performed on. For further details see the Where Clauses section.
Conventional field names are NOT allowed in an <action-where-clause>. Instead, only global variables, local variables, system variables, field variables and literals are accessible.
The field variables can include values inherited from higher level rules. For example, if the record associated with the current rule is JOBS and the record associated with the higher level rule is CPU, then the field variables in this Where Clause can come from both the CPU and JOBS fields.
The ability to extract values from a string field using 'matches regex' and regular expressions is permitted in the <action-where-clause>. Up to 30 values can be extracted which are placed into system variables named ^var01 through to ^var30. For example;
In this example two regular expressions are used; ([^,]*) which means 'match anything except a comma (,)' and (.*) which means match anything. See the Using Regular Expressions in a Where Clause section for further details.
When comparing timestamps in <where-clause> or <action-where-clause>, there are some special considerations. Especially when one of the timestamps has been stored in a global or local variable. For more information, see Use of Timestamps in Analyst Where Clauses.
Use this keyword to cause a message to be logged to one of a number of destinations.
On HPE NonStop, an event will be logged to EMS with a subsystem owner=PRGNOSIS, subsystem name=PRGNOSIS (127) and subsystem-version=<prognosis-ver>.
On Windows, an event will be logged to the Application event log with a source of 'Prognosis'.
This logs to the Availability Collector, which is used to show the UP/DOWN state of monitored entities. Refer to Availability Monitoring. Using complex Analyst rules, entities can be monitored and the state can be shown in the Availability Monitoring feature of Prognosis.
<msg-number> - The number entered here corresponds to the number assigned to the text in the Analyst Rules Output. This message number must be less than 32000.
ENTITY_NAME <entity-name> - The entity name is any unqiue name up to 60 characters long
ENTITY_TYPE <entity-type> - The AvMon entity target type, this can be a threshold or AvMon type (for available entities refer to Monitoring Existing AVMON Entities)
SUBID1 and SUBID2 - The SUBID's of the entity. See Availability - Message Destinations Primary and Secondary SubID
PRIORITY <n> - The Priority is an integer value specifying the process priority to trigger the up/down event. If two opposing events are trying to trigger an entity up/down the Priority decides which one will be applied.
TIMEOUT <seconds> - The timeout integer followed by units (defaults to seconds). Unit Types DAYS, HRS, HOURS, MINS, MINUTES, SECS, SECONDS. See Setting a Threshold Initialization State and Timeout.
EVENT_TYPE - This specifies the new state of the entity, can be either UP_EVENT or DOWN_EVENT, defaults to DOWN_EVENT.
REVERSE_COND_TYPE - If set to 'Pair' then when this condition is stopped the pair will also stop (This is usually used if your pair is sending the down event to your up event). If 'OFF_EVENT_NUM' then when the specified event stops, a down event is sent.
CONDITION_PAIR <pair-name> - Sets which condition to use, <pair-name> can be anything as long as it is the same on the entity you wish to pair to. Only relevant if REVERSE_COND-TYPE is set to PAIR.
DESTINATION <node> - Specifies which node the entity will be triggered on.
VERSION - Version of SNMP to send. Valid values are v1, v2c or v3.
HOST - A host name is required which is the node name where the Traps will be delivered to and this can be entered as either a valid DNS name or IP address.
PORT - Optional port number which is used to deliver the SNMP Trap, if not included the default is 162.
COMMUNITY - (Applicable for SNMP v1 and v2c only) Optional community string, if not included the default is 'public'.
AUTHPROTOCOL - (Applicable for SNMP v3 only) SNMP authentication protocol to use. Valid values are MD5 or SHA. Note that using MD5 is not FIPS compliant.
ENCRYPTION - (Applicable for SNMP v3 only) Encryption method to use. Valid values are DES, AES, AES128, AES192, AES256 or 3DES.
These SNMPTRAP settings can be included with the SNMPTRAP statement or they can be added as Global parameters in the Analyst Rule Configuration and Global Variables. However, if they are included in the SNMPTRAP statement any Global parameters will be overwritten.
The SUBJECT statement can be used with the SNMPTRAP statement to add Variable Bindings which will allow logging to select a set of fields to be recorded when the SNMP Trap is sent out. The TRAP severity can be set by using the PRIORITY statement.
Notes for SNMP Usage:
1) Prior to version 11.1, Analysts could only send SNMP v1 Traps. Effective with version 11.1, Analysts can send v1, v2c or v3 Traps. However, if no SNMP options are entered, the default configuration remains as v1 sending to 127.0.0.1 (localhost) on port 162.
2) If FORCE-FIPS-ENCRYPTION is enabled in the NETWORK Configuration, then the following SNMP restrictions will apply:
3) SNMP v3 requires the applicable username and password to be added to the PASSWORDS Configuration on the server that the Analyst runs. To do this the following entries are used:
Where <ip-address> is the server running SNMP v3 and <port> is the port used for SNMP access.
Where applicable, separate PASSWORD Configuration entries are required for each SNMP v3 server. That is, a hierarchy of password entries is not supported.
The SUBJECT statement can also be used with the EMS log type on HPE NonStop. Specifies a list of subjects to be included in the logged message. <subject> is specified in the form [<record-name>.]<field-name> (with no leading @). For example, SUBJECT (cpu.cpuno,cpu.busy)
These subjects will be logged as separate tokens in the resultant EMS event. <subject> must refer to a field in the record requested by the local rule. Only key fields are permitted in WHEN_CLOSED messages. No subjects are permitted in NOTEXIST rules.
Use this keyword to send a command to a Prognosis command server.
The command text is referenced by the < n > parameter that identifies the command text's ID in the MSG_TEXT section.
Pre-packaging documents offer the following operator options for OPER_ACK:
Calls the next level of problem solving. Specify the name of a Secondary rule that is to be invoked at this stage.
You can use the same WAIT and WAIT AT options when starting Secondary rules as you can for the EXEC keyword.
Use this keyword to set the value of a local or global variable.
For NUMERIC variables, these contain an arithmetic expression consisting of numeric literals and/or local, global, field or system variables.
There are 2 functions that can be used within the <expression>;
Indicates whether the current rule will be considered open or closed after this action is performed. When set to CLOSED, processing will drop out of this rule without executing any more statements. The default is OPEN, which has no effect.
|IF||This is an alternative syntax for specifying an ACTION block. As the <action-where-clause> statement must be specified with the IF keyword, the WHERE option is not supported inside the IF/END_IF block. All other ACTION options (e.g. LOG, EXEC, START RULE, SET and NEXT_RULE_STATE) are valid and operate exactly the same way as when specified in an ACTION/END_ACTION block. Also note that the <action-where-clause> is not optional when the IF keyword is used.|
Use the MSG to concatenate a string longer than 240 characters
Numeric cast example using RegEx