forked from simple-evcorr/rulesets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
hp-openview.sec
114 lines (104 loc) · 3.22 KB
/
hp-openview.sec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
################################################################
# Sample SEC ruleset for HP OpenView ITO
#
# Copyright (C) 2003-2010 Risto Vaarandi
# This is free software. You may redistribute copies of it under the terms of
# the GNU General Public License version 2.
# There is NO WARRANTY, to the extent permitted by law.
################################################################
# process Cisco linkDown/linkUp trap events received from
# HP OpenView ITO trap template through itostream plugin
type=PairWithWindow
ptype=RegExp
pattern=node=([\w.-]+) .*msg_text=cisco linkdown trap on interface ([\w-]+)\b
desc=CISCO $1 INTERFACE $2 DOWN
action=event %s;
continue2=TakeNext
ptype2=RegExp
pattern2=node=$1 .*msg_text=cisco linkup trap on interface $2\b
desc2=CISCO %1 INTERFACE %2 BOUNCE
action2=event %s;
window=20
type=SingleWithSuppress
continue=TakeNext
ptype=RegExp
pattern=CISCO ([\w.-]+) INTERFACE ([\w-]+) DOWN
desc=cisco $1 interface $2 down
action=reset +1 %s
window=60
type=Pair
ptype=RegExp
pattern=CISCO ([\w.-]+) INTERFACE ([\w-]+) DOWN
desc=cisco $1 interface $2 down
action=shellcmd /home/opc_op/cisco_msg.sh $1 $2 major down
ptype2=RegExp
pattern2=node=$1 .*msg_text=cisco linkup trap on interface $2\b
desc2=cisco %1 interface %2 up
action2=shellcmd /home/opc_op/cisco_msg.sh %1 %2 normal up
window=86400
type=SingleWith2Thresholds
ptype=RegExp
pattern=CISCO ([\w.-]+) INTERFACE ([\w-]+) BOUNCE
desc=cisco $1 interface $2 is unstable
action=shellcmd /home/opc_op/cisco_msg.sh $1 $2 major unstable
window=3600
thresh=10
desc2=cisco $1 interface $2 is stable again
action2=shellcmd /home/opc_op/cisco_msg.sh $1 $2 normal stable
window2=10800
thresh2=0
#
# the cisco_msg.sh script:
#
##!/bin/sh
#
#NODE=$1
#IF=$2
#SEV=$3
#TEXT=$4
#
## use snmpget utility from Net-SNMP package
#IFNAME=`/usr/bin/snmpget -c public -OQv $NODE .1.3.6.1.2.1.2.2.1.2.$IF`
#DESCR=`/usr/bin/snmpget -c public -OQv $NODE .1.3.6.1.4.1.9.2.2.1.1.28.$IF`
#
#MSG=`echo "Interface $IFNAME ($DESCR) $TEXT" | sed s/\"/\'/g`
#
#/opt/OV/bin/OpC/opcmsg node=$NODE app=cisco obj=if \
# sev=$SEV msg_grp=Network msg_text="$MSG"
#
# process APC ups "not online" trap events received from
# HP OpenView ITO trap template through itostream plugin
type=SingleWithScript
ptype=RegExp
pattern=node=([\w.-]+) .*msg_text=APC ups not online
script=/home/opc_op/check_apc.sh $1
desc=APC ups is not online!
action=shellcmd /opt/OV/bin/OpC/opcmsg node=$1 app=APC obj=state \
msg_grp=UPS sev=critical msg_text='%s'
#
# the check_apc.sh script
#
##!/bin/sh
#
## sleep for a few seconds and check if the UPS error is still present;
## if it is, exit with 0, otherwise exit with 1
#
#UPS=$1
#sleep 5
#
## use snmpget utility from Net-SNMP package
#STATUS=`/usr/bin/snmpget -c public -OQve $UPS .1.3.6.1.4.1.318.1.1.1.4.1.1.0`
#
## According to the APC Powernet MIB the variable .1.3.6.1.4.1.318.1.1.1.4.1.1
## takes the the following values: unknown(1), onLine(2), onBattery(3),
## onSmartBoost(4), timedSleeping(5), softwareBypass(6), off(7), rebooting(8),
## switchedBypass(9), hardwareFailureBypass(10), sleepingUntilPowerReturn(11),
## and onSmartTrim(12), where onLine(2) is the normal state for the UPS
#
#if [ $STATUS -eq 2 ]
#then
# exit 1
#else
# exit 0
#fi
#