Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Syslog Message Configuration Form (ArcSight)
- Configure Basic Settings for a Syslog Message Incident (ArcSight)
- Configure interface settings for a Syslog message incident
- Configure node settings for a Syslog message incident
- Configure suppression settings for a Syslog message incident
- Configure enrichment settings for a Syslog message incident
- Configure dampening settings for a Syslog message incident
- Configure deduplication for a Syslog message incident
- Configure rate for a Syslog message incident
- Configure actions for a Syslog message incident
Configure node settings for a Syslog message incident
Node Settings override any other Suppression, Enrichment, Dampen, Action, or Diagnostics Selections configuration settings, except those configured on the Interface Settings tab.
NNMi enables you to apply an incident configuration to a Source Node based on the Source Node's participation in a Node Group. If the Source Node is not a member of the Node Group specified, the incident is neither displayed nor stored in the NNMi database.
To apply an incident configuration to a Source Node based on the Source Node's Node Group:
-
Navigate to the Syslog Message Configuration form:
- From the workspace navigation panel, select the Configuration workspace.
- Expand the Incidents folder.
- Select Syslog Message Configurations.
- Do one of the following:
- To create an incident configuration, click the New icon, and continue.
- To edit an incident configuration, select a row, click the Open icon, and continue.
- To delete an incident configuration, select a row, and click the Delete icon.
- Select the Node Settings tab.
-
Do one of the following:
- To create a new configuration, click the New icon.
- To edit an existing configuration, double-click the row representing the configuration you want to edit.
- Configure the desired Node Settings (see table).
- Click Save and Close to save your changes and return to the previous form.
Configure incident suppression settings for a node group
[This is the Context-Sensitive Help topic for the Incident Config: Suppress Tab for Node Settings Tab.]
Node Settings override any other Suppression settings for this incident, except those configured on the Interface Settings tab. NNMi enables you to suppress a specified incident configuration based on the Source Node's participation in a Node Group.
You can also suppress the incident configuration based on the Source Object's participation in an Interface Group.
To suppress an incident configuration based on a Node Group:
-
Navigate to the Syslog Message Configuration form:
- From the workspace navigation panel, select the Configuration workspace.
- Expand the Incidents folder.
-
Select Syslog Message Configurations.
- To create an incident configuration, click the New icon, and continue.
- To edit an incident configuration, select a row, click the Open icon, and continue.
- To delete an incident configuration, select a row, and click the Delete icon.
- Select the Node Settings tab.
- Make sure you configure the basic Node Setting behavior.
Select the Suppression tab, configure the desired Suppression behavior (see the table sbelow), and then click Save and Close to save your changes and return to the previous form.
Configure incident enrichment settings for a node group
[This is the Context-Sensitive Help topic for the Incident Config: Enrichment Tab and form for Interface Settings.]
Node Settings override any other Enrichment settings for this incident, except those configured on the Interface Settings tab.
NNMi enables you to enhanced a specified incident configuration based on the Source Node's participation in a Node Group. The types of items you can fine tune and enhance for a selected incident configuration, include:
- Category
- Family
- Severity
- Priority
- Correlation Nature
- Message
- Assigned To
You can also enhance the incident configuration based on the Source Object's participation in an Interface Group.
To configure Enrichment settings for a Node Group:
-
Navigate to the Syslog Message Configuration form:
- From the workspace navigation panel, select the Configuration workspace.
- Select the Incidents folder.
- Select Syslog Message Configurations.
-
Do one of the following:
- To create an incident configuration, click the New icon, and continue.
- To edit an incident configuration, select a row, click the Open icon, and continue.
- To delete an incident configuration, select a row, and click the Delete icon.
- Select the Node Settings tab.
- Do one of the following:
- To create a new configuration, click the New icon.
- To edit an existing configuration, select a row, click the Open icon, and continue.
- Make sure you configure the basic Node Setting behavior.
- Select the Enrichment tab.
-
Do one of the following:
- To create an Enrichment configuration, click the New icon and continue.
- To edit an Enrichment configuration, select a row, click the Open icon, and continue.
- To delete an Enrichment configuration, select a row and click the Delete icon.
- Configure the desired Enrichment behavior (see the "Enrich Configuration Attributes" table)
- Click Save and Close to save your changes and return to the previous form.
Configure custom incident attributes to enrich an incident configuration
The Custom Incident Attributes (CIAs) tab enables you to specify additional CIAs to be saved with an incoming incident. The persisted data might then be used as an argument to an action for the incident.
When creating a CIA for an incident configuration, you can specify any of the following values:
- Custom Attribute on the source node
- Custom Attribute on the interface (source object)
You also specify the Custom Incident Attribute name that will store this information.
To create a Custom Incident Attribute to enrich an incident configuration:
-
Navigate to the Syslog Message Configuration form:
- From the workspace navigation panel, select the Configuration workspace.
- Expand the Incidents folder.
- Select Syslog Message Configurations.
- Do one of the following:
- To create an incident configuration, click the New icon, and continue.
- To edit an incident configuration, select a row, click the Open icon, and continue.
- To delete an incident configuration, select a row, and click the Delete icon.
- Select the Node Settings tab.
-
Do one of the following:
- To create a new configuration, click the New icon.
- To edit an existing configuration, select a row, click the Open icon, and continue.
- Make sure you configure the basic Node Setting behavior.
- Select the Enrichment tab.
-
Do one of the following:
- To create an Enrichment configuration, click the New icon, and continue.
- To edit an Enrichment configuration, select a row, click the Open icon, and continue.
- To delete an Enrichment configuration, select a row and click the Delete icon.
- Make sure the Enrichment settings are configure.
- Navigate to the Custom Incident Attributes tab.
-
Do one of the following:
- To create a Custom Incident Attribute, click the New icon, and continue.
- To edit a Custom Incident Attribute, select a row, click the Open icon, and continue.
- To delete a Custom Incident Attribute, select a row and click the Delete icon.
- Configure the Custom Incident Attribute (see the "Custom Incident Attribute" table).
- Click Save and Close to save your changes and return to the previous form.
Configure a Payload filter to enrich an incident configuration
The Payload Filter Editor enables you to create expressions that further refine the filters used to select the incidents to be enriched. Make sure to design any complex Payload Filters offline as a Boolean expression first. This method can help to minimize errors when entering your expressions using the Payload Filter editor.
To create a Payload Filter expression:
-
Navigate to the Syslog Message Configuration form:
- From the workspace navigation panel, select the Configuration workspace.
- Expand the Incidents folder.
- Select Syslog Message Configurations.
-
Do one of the following:
- To create an incident configuration, click the New icon, and continue.
- To edit an incident configuration, select a row, click the Open icon, and continue.
- To delete an incident configuration, select a row, and click the Delete icon.
- Select the Node Settings tab.
-
Do one of the following:
- To create a new configuration, click the New icon.
- To edit an existing configuration, double-click the row representing the configuration you want to edit.
- Make sure you configure the basic Node Setting behavior.
- Select the Enrichment tab.
-
Do one of the following:
- To create an Enrichment configuration, click the New icon, and continue.
- To edit an Enrichment configuration, select a row, click the Open icon, and continue.
- To delete an Enrichment configuration, select a row and click the Delete icon.
- Make sure you configure the Enrichment settings.
- Select the Payload Filter tab.
-
Define your Payload Filter (see table).
- Plan out the logic needed for your Filter String.
-
Use the buttons on the bottom half of the Additional Filters Editor to establish the logic structure.
For example, to establish the following structure, click AND, then AND, and then OR:
(( ) AND ( ))
-
Now place your cursor in a location within the displayed Filter String, and use the top half of the filter editor to define the parameters of the highlighted filter requirement.
For example, select a set of parentheses and use the Insert button to specify the filter requirement within those parentheses:
- Click Save and Close.
- Click Save and Close to save your changes and return to the previous form.
Configure incident dampening settings for a node group
Node Settings override any other Dampening settings for this incident, except those configured on the Interface Settings tab.
NNMi enables you to delay the following for an incident configuration based on the Source Node's participation in a Node Group:
- Execution of Incident Actions
-
Execution of Diagnostics
Requires Network Node Manager iSPI Network Engineering Toolset Software (NNM iSPI NET) and requires installation of a Diagnostic Server. - Appearance within Incident views in the NNMi Console
You can configure the Dampening settings based on the Source Object's participation in an Interface Group.
When using the Dampening configuration, note the following:
- NNMi initially assigns incidents with Dampening settings configured a Lifecycle State of DAMPENED.
- After the dampen interval has passed, NNMi changes the Lifecycle State to REGISTERED.
To configure the Dampening settings based on a Node Group:
-
Navigate to the Syslog Message Configuration form:
- From the workspace navigation panel, select the Configuration workspace.
- Expand the Incidents folder.
- Select Syslog Message Configurations.
-
Do one of the following:
- To create an incident configuration, click the New icon, and continue.
- To edit an incident configuration, select a row, click the Open icon, and continue.
- To delete an incident configuration, select a row, and click the Delete icon.
- Select the Node Settings tab.
- Do one of the following:
- To create a new configuration, click the New icon.
- To edit an existing configuration, select a row, click the Open icon, and continue.
- Make sure you configure the basic Node Setting behavior.
- Select the Dampen tab.
- Configure the desired Dampen behavior (see the table below).
- Click Save and Close to save your changes and return to the previous form.
Configure incident actions for a node group
Node Settings override any other Actions settings for this incident, except those configured on the Interface Settings tab. NNMi enables you to configure incident actions based on a Source Node's participation in a Node Group.
You can configure actions to automatically run at any point in the incident lifecycle. For example, you might want to configure an action to occur when an incident of the type you are configuring is generated (Registered). When an incident is generated, you might want to automatically open a trouble ticket or send email or page your network operator. After the incident is Closed, you might want to automatically close the trouble ticket.
Note Your actions will not be executed until you enable the Actions configuration by either clicking Enable on the Actions tab or using the Actions → Enable Configuration option.
You can configure actions for incidents generated from SNMP traps, Syslog Messages (ArcSight only) and the NNMi Management Events. Any time an incident configuration changes, the action directory is rescanned and any Jython files are reloaded to the NNMi database.
Tip Copy any required Jython files to the NNMi actions directory before you configure an incident action. New or updated actions are loaded into NNMi only when an incident configuration is updated or created.
When the defined Incident Action runs, output is logged to the incidentActions.*.*.log
file.
To configure an automatic action for an incident:
-
Navigate to the Syslog Message Configuration tab.
- From the workspace navigation panel, select the Configuration workspace.
- Select the Incidents folder.
- Select Syslog Message Configurations.
-
Do one of the following:
- To create a new incident configuration, click the New icon.
- To edit an existing incident configuration, select a row, click the Open icon, and continue.
- Select the Node Settings tab.
-
Do one of the following:
- To create a new configuration, click the New icon.
- To edit an existing configuration, double-click the row representing the configuration you want to edit.
- Make sure you configure the basic Node Setting behavior.
- Select the Actions tab.
-
From the Lifecycle Actions table toolbar, do one of the following:
- To create an Action configuration, click the New icon, and continue.
- To edit an Action configuration, double-click the row representing the configuration you want to edit, and continue.
- To delete an Action configuration, select a row, and click the Delete icon.
- In the Lifecycle Transition Action Form (Management Events), provide the required information.
-
Click Save and Close to save your changes and return to the Syslog Message Configuration form.
The next time the lifecycle changes, NNMi launches the action associated with the lifecycle for the incident of that type.
Configure diagnostics selections for a node group
Requires Network Node Manager iSPI Network Engineering Toolset Software (NNM iSPI NET) and requires installation of a Diagnostic Server.Node Settings override any other Diagnostics Selections settings for this incident, except those configured on the Interface Settings tab.
The Diagnostic Selections form enables you to configure NNMi to automatically gather NNM iSPI NET diagnostic information for the Incident you are configuring. When using this form, you specify the diagnostics you want to run on each applicable node in the specified Node Group.
To configure Diagnostics to run on a Source Node for an incident:
Navigate to the Diagnostics Selection form.
- From the workspace navigation panel, select the Configuration workspace.
- Expand the Incidents folder.
- Select Syslog Message Configurations.
Do one of the following:
- To create an Incident configuration, click the New icon.
- To edit an Incident configuration, select a row, click the Open icon, and continue.
Navigate to Node Settings tab, and do one of the following:
- To create a Node Settings configuration, click the New icon.
- To edit a Node Settings configuration, select a row, click the Open icon, and continue.
- To delete a Node Settings configuration, select the Node setting, and click the Delete icon.
Navigate to the Diagnostic Selection tab, and do one of the following:
- To create a Diagnostic Selection setting, click the New icon, and continue.
- To edit a Diagnostic Selection setting, select a row, click the Open icon, and continue.
- To delete a Diagnostic Selection setting, select a row, and click the Delete icon.
- Provide the required information (see table).
- Click Save and Close to save your changes and return to the previous form.
After you configure the Diagnostic for the incident and Node Group, the Diagnostic must match the following criteria before the Diagnostic runs:
- The Source Node must be in the specified Node Group.
- The Diagnostic must be valid for the Source Node. (For example, only Nortel switch Diagnostics are run on Nortel switches.)
- The incident’s current lifecycle state must match a lifecycle state for which it was configured. (For example, if you configure the Incident to run a specified Diagnostic when the incident is Closed, then if the current Incident's Lifecycle State is Closed, NNMi runs that Diagnostic.)
If a Source Node is in more than one Node Group, the Diagnostic is only run on the node the first time NNMi finds a match for that Source Node based on the configuration Ordering field.
If these criteria are met, NNM iSPI NET runs the Diagnostics and generates Diagnostic reports to help you solve the problem on the Source Node.
After you configure Diagnostics for an incident, you can also run Diagnostics and access the Diagnostics reports on demand, using Actions > Run Diagnostics in the Incident form. The same criteria apply (see the criteria above).
You can also right-click any object in a table or map view to access the items available within the Actions menu.You can also run and access Diagnostics reports from a Node form.
Attribute | Description |
---|---|
Flow Definition | Select the Diagnostic (Flow Definition) you want to use for the specified Node Group. Click the Lookup icon and choose one of the following options:
NNMi provides diagnostics for the following types of devices:
|
Lifecycle State | Incident Lifecycle State of the target Incident. If the incident's Lifecycle State matches the value specified here, the Diagnostic runs. The Diagnostic automatically runs on each applicable Source Node in the specified Node Group if the incident has the Lifecycle State currently configured in this attribute of the Diagnostic (Flow Definition - set of automated commands). |
Enable | Use this attribute to temporarily disable an incident's Diagnostics settings: Disable = Temporarily disable the selected configuration. Enable = Enable the selected configuration. |
Related topics
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: