application commands
event filter rule add
Suggest changes
PDFs
Add a rule for an event filter
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The event filter rule add command adds a new rule to an existing event filter. See event filter create for more information on event filters and how to create a new event filter.
Parameters
-filter-name <text>- Filter Name-
Use this mandatory parameter to specify the name of the event filter to add the rule. Rules cannot be added to system-defined event filters.
[-position <integer>]- Rule Position-
Use this optional parameter to specify the position of the rule in the event filter. It should be in the range (1..n-1), where 'n' is the position of the last rule, which is an implicit rule. Rules are checked in the order they are listed for a filter, until a match is found.
-type {include|exclude}- Rule Type-
Use this mandatory parameter to specify the type of the rule which determines whether to include or exclude the events that match this rule.
[-message-name <text>]- Message Name-
Use this parameter to specify the message name of the event to include or exclude from the filter.
[-severity <text>,…]- Severity-
Use this parameter to specify the list of severity values to match against the events. Enter multiple severities separated by a comma. To enter all severities, the wild card (*) can be used. The wild card cannot be specified with other severities. The default value is *.
[-snmp-trap-type <text>,…]- SNMP Trap Type-
Use this parameter to specify the list of the SNMP trap type values to match against the events. Enter multiple SNMP trap types seperated by comma. To enter all SNMP trap types, the wild card (*) can be used. The wild card cannot be specified with other SNMP trap types. The default value is *.
Examples
The following example adds a rule to an existing event filter "emer-and-wafl": All events with severity EMERGENCY and message name starting with "wafl." are included in the filter. Not specifiying the SNMP trap type implies a default value of "".
cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.* -severity EMERGENCY
cluster1::> event filter show
Filter Name Rule Rule Message Name SNMP Trap Type Severity
Position Type
----------- -------- --------- ---------------------- --------------- --------
default-trap-events
1 include * * EMERGENCY, ALERT
2 include * Standard, Built-in
*
3 exclude * * *
emer-and-wafl
1 include wafl.* * EMERGENCY
2 exclude * * *
important-events
1 include * * EMERGENCY, ALERT
2 include callhome.* * ERROR
3 exclude * * *
no-info-debug-events
1 include * * EMERGENCY, ALERT, ERROR, NOTICE
2 exclude * * *
10 entries were displayed.
The following example adds a rule to the event filter "emer-and-wafl" at position 1: All events with severity ALERT and message name starting with "wafl.scan.*" are included in the filter.
cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.scan.* -position 1 -severity ALERT
cluster1::> event filter show
Filter Name Rule Rule Message Name SNMP Trap Type Severity
Position Type
----------- -------- --------- ---------------------- --------------- --------
default-trap-events
1 include * * EMERGENCY, ALERT
2 include * Standard, Built-in
*
3 exclude * * *
emer-and-wafl
1 include wafl.scan.* * ALERT
2 include wafl.* * EMERGENCY
3 exclude * * *
important-events
1 include * * EMERGENCY, ALERT
2 include callhome.* * ERROR
3 exclude * * *
no-info-debug-events
1 include * * EMERGENCY, ALERT, ERROR, NOTICE
2 exclude * * *
11 entries were displayed.
The following example adds a rule to the event filter "emer-and-wafl" to include all "Standard" SNMP trap type events:
cluster1::> event filter rule add -filter-name emer-and-wafl -type include -snmp-trap-type Standard
cluster1::> event filter show
Filter Name Rule Rule Message Name SNMP Trap Type Severity
Position Type
----------- -------- --------- ---------------------- --------------- --------
default-trap-events
1 include * * EMERGENCY, ALERT
2 include * Standard, Built-in
*
3 exclude * * *
emer-and-wafl
1 include wafl.scan.* * ALERT
2 include wafl.* * EMERGENCY
3 include * Standard *
4 exclude * * *
important-events
1 include * * EMERGENCY, ALERT
2 include callhome.* * ERROR
3 exclude * * *
no-info-debug-events
1 include * * EMERGENCY, ALERT, ERROR, NOTICE
2 exclude * * *
12 entries were displayed.