10 Replies Latest reply on Mar 12, 2020 2:05 PM by Brendan Murray

    Patrol event handle in BPPM 9.6

    Steve Robinson
      Share This:

      Greetings, 

           Need to know where to find help and/or documentation on how to handle patrol events, mostly when there is a state change.

           When a patrol warning threshold is passed an event is created and sent to BPPM.  (This is occurring)

           Assume next that the alarm threshold is also passed a little later and an even it being sent to BPPM. (This is occurring)

           At this point both events are showing on the BPPM operator console, so I assume I need a correlation policy or rule here?   

           Then the issue changes from alarm back to warning and another even is generated.

           Then the warning no longer exists and an OK is sent.

           At the end of this I have all of these events showing on console.

          

       

           This is not a Truesight environment.

       

           Any assistance would be appreciated!

       

           Steve

        • 1. Re: Patrol event handle in BPPM 9.6
          Seth Paskin

          Steve Robinson

          Here is the BPPM 9.6 documentation: Home - BMC ProactiveNet 9.6 - BMC Documentation

          Here's a bunch of youtube videos on configuring and using the PATROL agent: patrol agent bmc - YouTube

          1 of 1 people found this helpful
          • 2. Re: Patrol event handle in BPPM 9.6
            Steve Robinson

            Seth, Thank you for the response but this is not a patrol agent issue.  The documentation does not try to deal with this issue.

            • 3. Re: Patrol event handle in BPPM 9.6
              Philippe Plomteux

              Steve,

              By default there should be a ruleset in the cell KB to do that. Check whether the  bii4p.mrl (or mcxp.mrl if you are using MCXP) is loaded by the cell.

              Unless the KB includes other rules that mess up with the PATROL_EV slot values, this ruleset should work pretty well

              HTH

              Philippe

              • 4. Re: Patrol event handle in BPPM 9.6
                Steve Robinson

                Thank you for the reply we are using mcxp.mrl  but no reference to this issue in that code that I can see.

                The .load file does NOT contain bii4p, but does contain mcxp. 

                • 5. Re: Patrol event handle in BPPM 9.6
                  Bertrand Imbert

                  Hello

                   

                  You can use also the closure policies from the Admin client.

                  • 6. Re: Patrol event handle in BPPM 9.6
                    Steve Robinson

                    Well we are using closure policy's, but I need an event to change its alert status when you go from warning to alarm etc.

                    • 7. Re: Patrol event handle in BPPM 9.6
                      Arif Alibay

                      It's there in the bii4p.mrl, and you have 2 ways to do it.

                       

                      The one which is used by default : close the previous  event with old severity  and let the new one

                       

                      new adapt_param_status :

                          PATROL_EV($NEW)

                              where [ $NEW.status != CLOSED AND $NEW.status != BLACKOUT AND

                                      $NEW.p_class_group == "param_group" AND

                                      $NEW.p_catalog == "STD" ]

                          using ALL

                          {

                              PATROL_IDX ($IDX)

                                  where [ $IDX.p_origin == $NEW.p_origin AND

                                          $IDX.p_agent_port == $NEW.p_agent_port AND

                                          $IDX.mc_host_address ==$NEW.mc_host_address ]

                              PATROL_EV ($OLD)

                                  where [ $OLD.status != CLOSED AND $OLD.status != BLACKOUT AND

                                          $OLD.mc_ueid == $IDX.patrol_ueid AND

                                          $OLD.p_class within [9,10, 11,12,16,39,UpdParState] AND

                                          $OLD.p_catalog == "STD" ]

                          }

                      triggers

                          {

                              $OLD.status    = CLOSED ;

                          }

                      END

                       

                       

                      and the second way which is commented ,  update the old event with the new severity and drop the new one.

                       

                       

                      ## mcxp adapt_param_status

                      ######################

                      ### new adapt_param_status : PATROL_EV($NEW) where [

                      ###        p_catalog:    within [0,STD,STANDARD],

                      ###        p_class:     within [9,11,16,39,UpdParState]

                      ###    ]

                      ###    updates ALL PATROL_EV($OLD) where [

                      ###        p_origin:        equals $NEW.p_origin,

                      ###        p_class:        within [9,11,16,39,UpdParState],

                      ###        mc_host_address:    equals $NEW.mc_host_address,

                      ###        status:            not_equals CLOSED,

                      ###        p_catalog:        within [0,STD,STANDARD]

                      ###        #severity:        greater_than $NEW.severity

                      ###    ]

                      ###    {

                      ###        $OLD.status    = CLOSED ;

                      ###        #drop_new ;

                      ###    }

                      ###END

                      • 8. Re: Patrol event handle in BPPM 9.6
                        Arif Alibay

                        you have the same rule in mcxp

                         

                        ##############################

                        ## Original adapt_param_status

                        ##############################

                         

                        #new adapt_param_status : PATROL_EV($NEW) where [

                        #        p_catalog:    within [0,STD,STANDARD],

                        #        p_class:     within [9,11,16,39,UpdParState]

                        #    ]

                        #    updates ALL PATROL_EV($OLD) where [

                        #        p_origin:        equals $NEW.p_origin,

                        #        p_class:        within [9,11,16,39,UpdParState],

                        #        mc_host_address:    equals $NEW.mc_host_address,

                        #        status:            not_equals CLOSED,

                        #        p_catalog:        within [0,STD,STANDARD]

                        #        #severity:        greater_than $NEW.severity

                        #    ]

                        #    {

                        #        $OLD.status    = CLOSED ;

                        #        #drop_new ;

                        #    }

                        #END

                         

                        #############################

                        ## Indexed adapt_param_status

                        #############################

                         

                        new adapt_param_status :

                            PATROL_EV($NEW)

                                where

                                [

                                #p_catalog:    within [0,STD,STANDARD],

                                p_class:    within [9,11,16,39,UpdParState]

                                ]

                            using ALL

                            {

                                PATROL_IDX ($IDX)

                                    where

                                    [

                                        $IDX.p_origin == $NEW.p_origin AND

                                        $IDX.p_agent_port == $NEW.p_agent_port AND

                                        $IDX.mc_host_address == $NEW.mc_host_address

                                    ]

                                PATROL_EV ($OLD)

                                    where

                                    [

                                        $OLD.status !=    CLOSED AND

                                        $OLD.mc_ueid == $IDX.patrol_ueid AND

                                        $OLD.p_class within [9,11,16,39,UpdParState]

                                        #AND $OLD.p_catalog within [0,STD,STANDARD]

                                    ]

                            }

                            triggers

                            {

                                $OLD.status = CLOSED ;

                            }

                        END

                        • 9. Re: Patrol event handle in BPPM 9.6
                          Steve Robinson

                          Well we do have this code.

                          • 10. Re: Patrol event handle in BPPM 9.6
                            Brendan Murray

                            Hi Steve,

                             

                            I recommend you open a case with BMC Customer Support. They should be able to help you resolve this issue. You should not be getting a new PATROL event for every severity and status change.

                             

                            If you prefer to troubleshoot this yourself, I would suggest turning on rule tracing and sending in some test events with msend and observing how they are being processed by the rules. There may be other rules or policies that are interfering with the mcxp rules for handling PATROL event severity changes. If you have not used rule tracing before, you can find the documentation for it here. You should do this in a development or test environment if you have one.

                             

                            Regards,

                             

                            Brendan