Enabling Priority Scoring In Event Rules
This section shows you the steps necessary to enable Event Priority Score calculations in Event Applications rules by:
-
Modifying code in LoadRules to load the configured Priority value for devices into memory.
-
Modifying code in BaseRules to update the Score value for the event.
Dependencies
-
Priorities should be assigned to individual devices in the Device Catalog.
Best Practices
- The default deduplication settings for event applications will not update the Score field for an event if a duplicate is received. If utilizing the priority score functionality, you must create a custom InsertSQLFile and FieldSetFile so the application knows to update the Score field.
Modifying Code in LoadRules
-
In the LoadRules file, add or uncomment the following code:
#============================================== # Priority Example Rules #============================================== my $PrioritySQL = " SELECT D.DevicePriorityID, D.CustomName, INET_NTOA(D.IPAddress) AS IPv4, INET6_NTOA(D.IPv6Address) AS IPv6, D.DNSName AS DNS, DSI.SysName FROM Devices AS D LEFT JOIN DeviceSystemInfo AS DSI ON D.DeviceID = DSI.DeviceID WHERE D.DevicePriorityID > 0 "; $DBH = DBConnect($Config, 'Assure1', {AutoCommit => 1}); my $PriorityCount = 0; my $SelectStatement = $DBH->prepare($PrioritySQL); $SelectStatement->execute(); while (my $ref = $SelectStatement->fetchrow_hashref()) { $PriorityHash->{$ref->{CustomName}} = $ref->{DevicePriorityID}; $PriorityHash->{$ref->{IPv4}} = $ref->{DevicePriorityID}; $PriorityHash->{$ref->{IPv6}} = $ref->{DevicePriorityID}; $PriorityHash->{$ref->{DNS}} = $ref->{DevicePriorityID}; $PriorityHash->{$ref->{SysName}} = $ref->{DevicePriorityID}; $PriorityCount++; } $PriorityHash->{''} = 0; $SelectStatement->finish(); $DBH->disconnect; $Log->Message('INFO',"Priority Scoring - Found [$PriorityCount] Devices"); $Log->Message('DEBUG',"Priority Scoring - Device Dump\n-------------\n" . Dumper($PriorityHash) . "\n-------------"); #---------------------------------------------- -
Check the code syntax.
-
Save the file.
Modifying Code in BaseRules
-
In the BaseRules file, add the following near the bottom of the file so this is the last processing step that is done:
### ORIGINAL PROCESSING IS ABOVE... #======================== # Priority Scoring -- Used in Base or Include Rules #======================== my $Priority = int($PriorityHash->{$Event->{'Node'}} || $PriorityHash->{$Event->{'IPAddress'}}); $Event->{'Score'} = int($Priority) * int($Event->{'Severity'}); #------------------------ -
Edit the code if you wish to customize it further.
-
Check the code syntax.
-
Save the file.
-
Restart the service or use the Reload Config option, then verify via the logs that the priority values are loaded for devices. The Score value for an event should then be set properly when an event is received from a device. Below is an example log based on the above logic, but will only be logged if using an INFO or DEBUG logging level.
-
If a device has a duplicate value (for example, the same DNS Name and Sys Name), the hash will only have a single reference to that name.
[DATE TIME] [INFO] Priority Scoring - Found [2] Devices [DATE TIME] [DEBUG] Priority Scoring - Device Dump ------------- $VAR1 = { '' => 0, 'Device_1_DNS_Name' => (Priority Value), 'Device_1_Custom_Name' => (Priority Value), 'Device_1_Sys_Name' => (Priority Value), 'Device_1_IPv4_Address' => (Priority Value), 'Device_1_IPv6_Address' => (Priority Value), 'Device_2_DNS_Name' => (Priority Value), 'Device_2_Custom_Name' => (Priority Value), 'Device_2_Sys_Name' => (Priority Value), 'Device_2_IPv4_Address' => (Priority Value), 'Device_2_IPv6_Address' => (Priority Value), ... }; -------------