Skip to main content
A newer release of this product is available.

event filter rule add

Contributors
Suggest changes

Add a rule for an event filter

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The event filter rule add command adds a new rule to an existing event filter. See event filter create for more information on event filters and how to create a new event filter.

Parameters

-filter-name <text> - Filter Name

Use this mandatory parameter to specify the name of the event filter to add the rule. Rules cannot be added to system-defined event filters.

[-position <integer>] - Rule Position

Use this optional parameter to specify the position of the rule in the event filter. It should be in the range (1..n-1), where 'n' is the position of the last rule, which is an implicit rule. Rules are checked in the order they are listed for a filter, until a match is found.

-type {include|exclude} - Rule Type

Use this mandatory parameter to specify the type of the rule which determines whether to include or exclude the events that match this rule.

[-message-name <text>] - Message Name

Use this parameter to specify the message name of the event to include or exclude from the filter.

[-severity <text>,…​] - Severity

Use this parameter to specify the list of severity values to match against the events. Enter multiple severities separated by a comma. To enter all severities, the wild card (*) can be used. The wild card cannot be specified with other severities. The default value is *.

[-snmp-trap-type <text>,…​] - SNMP Trap Type

Use this parameter to specify the list of the SNMP trap type values to match against the events. Enter multiple SNMP trap types seperated by comma. To enter all SNMP trap types, the wild card (*) can be used. The wild card cannot be specified with other SNMP trap types. The default value is *.

Examples

The following example adds a rule to an existing event filter "emer-and-wafl": All events with severity EMERGENCY and message name starting with "wafl." are included in the filter. Not specifiying the SNMP trap type implies a default value of "".

cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.*  -severity EMERGENCY
cluster1::> event filter show
Filter Name Rule     Rule      Message Name           SNMP Trap Type  Severity
      Position Type
----------- -------- --------- ---------------------- --------------- --------
default-trap-events
      1        include   *                      *               EMERGENCY, ALERT
      2        include   *                      Standard, Built-in
                                                                *
      3        exclude   *                      *               *
emer-and-wafl
      1        include   wafl.*                 *               EMERGENCY
      2        exclude   *                      *               *
important-events
      1        include   *                      *               EMERGENCY, ALERT
      2        include   callhome.*             *               ERROR
      3        exclude   *                      *               *
no-info-debug-events
      1        include   *                      *               EMERGENCY, ALERT, ERROR, NOTICE
      2        exclude   *                      *               *
10 entries were displayed.

The following example adds a rule to the event filter "emer-and-wafl" at position 1: All events with severity ALERT and message name starting with "wafl.scan.*" are included in the filter.

cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.scan.* -position 1 -severity ALERT

cluster1::> event filter show
Filter Name Rule     Rule      Message Name           SNMP Trap Type  Severity
      Position Type
----------- -------- --------- ---------------------- --------------- --------
default-trap-events
      1        include   *                      *               EMERGENCY, ALERT
      2        include   *                      Standard, Built-in
                                                                *
      3        exclude   *                      *               *
emer-and-wafl
      1        include   wafl.scan.*            *               ALERT
      2        include   wafl.*                 *               EMERGENCY
      3        exclude   *                      *               *
important-events
      1        include   *                      *               EMERGENCY, ALERT
      2        include   callhome.*             *               ERROR
      3        exclude   *                      *               *
no-info-debug-events
      1        include   *                      *               EMERGENCY, ALERT, ERROR, NOTICE
      2        exclude   *                      *               *
11 entries were displayed.

The following example adds a rule to the event filter "emer-and-wafl" to include all "Standard" SNMP trap type events:

cluster1::> event filter rule add -filter-name emer-and-wafl -type include -snmp-trap-type Standard

cluster1::> event filter show
Filter Name Rule     Rule      Message Name           SNMP Trap Type  Severity
      Position Type
----------- -------- --------- ---------------------- --------------- --------
default-trap-events
      1        include   *                      *               EMERGENCY, ALERT
      2        include   *                      Standard, Built-in
                                                                *
      3        exclude   *                      *               *
emer-and-wafl
      1        include   wafl.scan.*            *               ALERT
      2        include   wafl.*                 *               EMERGENCY
      3        include   *                      Standard        *
      4        exclude   *                      *               *
important-events
      1        include   *                      *               EMERGENCY, ALERT
      2        include   callhome.*             *               ERROR
      3        exclude   *                      *               *
no-info-debug-events
      1        include   *                      *               EMERGENCY, ALERT, ERROR, NOTICE
      2        exclude   *                      *               *
12 entries were displayed.