2 Replies Latest reply on Dec 7, 2017 4:53 AM by Chris Prowse

    Can i obfuscate IP address from alerts and only use hostname?

    Chris Prowse

      All - apologies, I'm flying fairly blind on this, so this question may contain simple points that I should know - please bear with me.

       

      I've been speaking to someone recently using TrueSight Infrastructure Mgmt, and they said that the alerts coming out from the tool (or BMC Patrol) contain both hostname and IP address for the server in question. For (strange) security reasons, the alert needs to contain only hostname, and not the IP address. I assume that it's a simple bit of config to change that, but I'm being told it's not possible. Any thoughts on this appreciated.

       

      Again - sorry if I'm asking something obvious.

       

      Kind Regards,

      -Chris

        • 1. Re: Can i obfuscate IP address from alerts and only use hostname?
          Daniel Vallejo

          Hi Chris

           

          You can delete the value of mc_host_address slot with a simple mrl like this:

           

          refine delete_mc_host_address :
          EV($EV)
          where [ $EV.mc_host_address != '' ]
          {

          $EV.mc_host_address=''

          }
          END

           

          I have investigate a little and i'm able to see two bmc baroc files that used this slot to duplicate events. Before change the value of mc_host_address slot, you should open a case with BMC support to ask about the collateral effects that may have change this slot

           

          These are the BMC barocs files (baroc used for patrol events) that use the slot mc_host_address to duplicate events

           

          bii4p.baroc:            mc_host_address:        dup_detect=yes;
          bii4p.baroc:            mc_host_address: STRING,key = yes;
          mcxp.baroc:#            mc_host_address:        STRING;
          mcxp.baroc:             mc_host_address:        dup_detect=yes;
          mcxp.baroc:             mc_host_address:        STRING, key = yes;


          Also this change may have collateral effects if in your enviorment this slot is use in some selector, policy or mrl.

           

          I'll hope this information will be useful for you

           

          Regards

           

          Daniel Vallejo

          1 of 1 people found this helpful
          • 2. Re: Can i obfuscate IP address from alerts and only use hostname?
            Chris Prowse

            Thanks, appreciate the detail and help with this. Have a great day