event filter rule add
Add a rule for an event filter
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The event filter rule add
command adds a new rule to an existing event filter. See event filter create for more information on event filters and how to create a new event filter.
Parameters
-filter-name <text>
- Filter Name-
Use this mandatory parameter to specify the name of the event filter to add the rule. Rules cannot be added to system-defined event filters.
[-position <integer>]
- Rule Position-
Use this optional parameter to specify the position of the rule in the event filter. It should be in the range (1..n-1), where 'n' is the position of the last rule, which is an implicit rule. Rules are checked in the order they are listed for a filter, until a match is found.
-type {include|exclude}
- Rule Type-
Use this mandatory parameter to specify the type of the rule which determines whether to include or exclude the events that match this rule.
[-message-name <text>]
- Message Name-
Use this parameter to specify the message name of the event to include or exclude from the filter.
[-severity <text>,…]
- Severity-
Use this parameter to specify the list of severity values to match against the events. Enter multiple severities separated by a comma. To enter all severities, the wild card (*) can be used. The wild card cannot be specified with other severities. The default value is *.
[-snmp-trap-type <text>,…]
- SNMP Trap Type-
Use this parameter to specify the list of the SNMP trap type values to match against the events. Enter multiple SNMP trap types seperated by comma. To enter all SNMP trap types, the wild card (*) can be used. The wild card cannot be specified with other SNMP trap types. The default value is *.
[-parameter-criteria [key>=<value],…]
- Parameter Criteria-
Use this parameter to match against event parameters. Each parameter consists of a name and a value. When multiple parameter criteria are provided in a rule, they all need to match for the rule to be considered matched. A pattern can include one or more wildcard '*' characters.
Examples
The following example adds a rule to an existing event filter "emer-and-wafl": All events with severity EMERGENCY and message name starting with "wafl." are included in the filter. Not specifiying the SNMP trap type implies a default value of "".
cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.* -severity EMERGENCY cluster1::> event filter show Filter Rule Rule SNMP Trap Name Posn Type Message Name Severity Type Parameters ----------- ---- -------- ---------------- ------------- --------- ----------- default-trap-events 1 include * EMERGENCY, ALERT * *=* 2 include * * Standard, Built-in *=* 3 exclude * * * *=* emer-and-wafl 1 include wafl.* EMERGENCY * *=* 2 exclude * * * *=* important-events 1 include * EMERGENCY, ALERT * *=* 2 include callhome.* ERROR * *=* 3 exclude * * * *=* no-info-debug-events 1 include * EMERGENCY, ALERT, ERROR, NOTICE * *=* 2 exclude * * * *=* 10 entries were displayed.
The following example adds a rule to the event filter "emer-and-wafl" at position 1: All events with severity ALERT and message name starting with "wafl.scan.*" are included in the filter.
cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.scan.* -position 1 -severity ALERT cluster1::> event filter show Filter Rule Rule SNMP Trap Name Posn Type Message Name Severity Type Parameters ----------- ---- -------- ---------------- ------------- --------- ----------- default-trap-events 1 include * EMERGENCY, ALERT * *=* 2 include * * Standard, Built-in *=* 3 exclude * * * *=* emer-and-wafl 1 include wafl.scan.* ALERT * *=* 2 include wafl.* EMERGENCY * *=* 3 exclude * * * *=* important-events 1 include * EMERGENCY, ALERT * *=* 2 include callhome.* ERROR * *=* 3 exclude * * * *=* no-info-debug-events 1 include * EMERGENCY, ALERT, ERROR, NOTICE * *=* 2 exclude * * * *=* 11 entries were displayed.
The following example adds a rule to the event filter "emer-and-wafl" to include all "Standard" SNMP trap type events:
cluster1::> event filter rule add -filter-name emer-and-wafl -type include -snmp-trap-type Standard cluster1::> event filter show Filter Rule Rule SNMP Trap Name Posn Type Message Name Severity Type Parameters ----------- ---- -------- ---------------- ------------- --------- ----------- default-trap-events 1 include * EMERGENCY, ALERT * *=* 2 include * * Standard, Built-in *=* 3 exclude * * * *=* emer-and-wafl 1 include wafl.scan.* ALERT * *=* 2 include wafl.* EMERGENCY * *=* 3 include * * Standard *=* 4 exclude * * * *=* important-events 1 include * EMERGENCY, ALERT * *=* 2 include callhome.* ERROR * *=* 3 exclude * * * *=* no-info-debug-events 1 include * EMERGENCY, ALERT, ERROR, NOTICE * *=* 2 exclude * * * *=* 12 entries were displayed.
The following example adds a rule to the event filter "emer-and-wafl" to include all "wafl" events whose parameters have a parameter named "type" and its value matches "volume":
cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.* -position 1 -parameter-criteria type=volume cluster1::> event filter show -filter-name emer-and-wafl Filter Rule Rule SNMP Trap Name Posn Type Message Name Severity Type Parameters ----------- ---- -------- ---------------- ------------- --------- ----------- emer-and-wafl 1 include wafl.* * * type=volume 2 include wafl.scan.* ALERT * *=* 3 include wafl.* EMERGENCY * *=* 4 include * * Standard *=* 5 exclude * * * *=* 5 entries were displayed.