You can select the events that you want to filter. When these events
occur, your event automation plan can
respond with one or more customized event actions. If you want to monitor specific events that are not included in
the common event filters, then you must select advanced event filters. Not
only can you specify additional events, but you also can create more sophisticated
event filters that are triggered when duplicates of an event are received,
when a specific number of instances of an event is received over a range of
time, or when a specific event is received but you want to exclude another
event. For information about event filter types, see "Event filters." For
information about quickly creating common event filters, see "Selecting
common categories of events for filtering."
Before you begin
Note: This task requires the IBM® Systems
Director Launched Tasks program.
This program is installed automatically the first time you use a task that
requires it. For information about the IBM Systems
Director Launched Tasks program,
see "Starting the IBM Systems
Director Launched Tasks program."
About this task
To select specific events for filtering in your event automation plan,
complete the following steps:
- On the Events page, select Advanced event filters from
the Events list.
- Click Create to create a new event filter.
Note: You can select an existing event filter from the table for your
event automation plan. If you want to
edit the filter, continue with the following step. If you want to use the
filter without editing it, go to step
18.
- In the Create Filter window,
select the filter type that you want to use and click OK. For information about the filter types, see "Event filters."
- In the Event Filter Builder window,
clear the Any check box on the Event Type page.
Note: By default, the Any check box is selected on all
pages in the Event Filter Builder window, indicating
that no filtering criteria apply.
- Expand the Event Type tree and select
one or more events for which you want to filter. You
can select more than one event by pressing the Ctrl or Shift key. The Event Type tree is created dynamically;
and entries are added by tasks and as new events are received. Entries in
the tree can be expanded to display suboption events. Most event filters
are created using only this page. It specifies the source or sources of the
events that are to be processed by this filter.
By
default, the Any check box is selected, meaning that none of the events
that are listed are filtered, except for Windows-specific and IBM i-specific
events.
Note: When you select a root option
in the Event Type tree, all suboption events are selected as well. For example,
when you select
Director in the Event Type
tree, all of the
collections of events under Director are
selected also.
If additional event types are published after you create
the event filter, the newly available event types are included in your event
filter only if the new event types are suboption events of an event type that
you selected. However, if you want to include a newly published event type
that is not a suboption event, you must update your event filter by selecting
the new event type.
- Optional: To filter events
by their event severity, click the Severity tab.
- Clear the Any check box to select one
or more event severities.
- Select one or more event severity. You
can select multiple levels of severity as filtering criteria. The logical
OR operator applies for multiple selections. For example, if you select Fatal and Critical,
the filtering criteria matches if the originator of the event classifies the
event as Fatal or as Critical.
When
selecting event severities, consider the following definitions:
- Fatal
- The source of the event has already caused the program to fail and should
be resolved before the program is restarted.
- Critical
- The source of the event might cause program failure and should be resolved
immediately.
- Minor
- The source of the event should not cause immediate program failure, but
should be resolved.
- Warning
- The source of the event is not necessarily problematic, but might warrant
investigation.
- Informational
- The event was generated for information only. Most events of this severity
do not indicate potential problems. However, offline events are categorized
as informational, and these events can indicate
potential problems.
- Unknown
- The application that generated the event did not assign a severity level.
- Optional: To filter events
by a specified time range, click the Day and Time tab. The time zone that applies to this filtering criteria
is the time zone in which the server running IBM Systems
Director Server is
located. If your browser system is not in the same time zone as the management
server, the difference in time zones is displayed above the selections pane.
For example, if the management server is located in New York and your browser
system is located in California, the time zone displayed and used is Eastern
Standard Time (EST). The following information is displayed above the selections
pane: Server Time - Local Time = 3 Hours
- Clear the Any check box to select one
or more specific days, start times, or end times.
- In the Day of the week list, select the
day of the week to which this filter is to apply. Weekday (Monday - Friday)
and weekend (Saturday & Sunday) selections are available.
- In the Starting time list, select the
starting time of an interval within which this filter is active.
- In the Ending time list, select the ending
time of an interval within which this filter is active.
- Click Add to add this time range to the
selections pane. You can add multiple day and time entries to the
list.
- Optional: If you do not want to filter events that
were queued for transmission to IBM Systems
Director Server,
select Block queued events.
Common Agent can queue events for
transmission to IBM Systems
Director Server if
the link between the system and the management server was unavailable. However,
you can prevent these queued events from being processed by the filter by
selecting Block queued events. This option can be useful if the timing
of the event is important, or if you want to avoid filtering on multiple queued
events that are sent all at once when IBM Systems
Director Server becomes
accessible.
- Optional: To filter events
by their resolution status, click the Category tab.
Note: Not all events have resolutions. To determine
if an event provides a resolution, see the documentation for the specific
event in
"Events."
- Clear the Any check box.
- Select an event category.
- Optional: To filter events
by the source that generated them, click the Sender Name tab.
Because
IBM Systems
Director Server keeps
track of all systems from which it has received an event, a list of known
sender names
(IP addresses or host names) is provided.
The list is dynamic. Initially, only the management server is displayed in
the list. At the time of installation, the management server is the only system
that has registered an event. As other systems generate events, this list
grows. You can enter other
IP addresses or host names as
needed. Specifying or selecting sender names can be useful for identifying
the following items:
- The source of SNMP traps
- Systems from which events originate using criteria specified in the genevent
utility
- Systems configured with hardware acquired from another
vendor that generate and forward events
- Clear the Any check box.
- Select a system from the list. If a system is not in the list,
type the IP address or host name of the system.
- Click Add to add the system to the selections
pane. You can add multiple systems.
- Optional: To filter events
by their attributes, click the Extended Attributes tab. Extended attributes can be particularly useful for narrowing
the filtering criteria to a lower level of detail, for example, to isolate
one or more values originating from a specific system.
You
cannot specify
keywords and values on the Extended Attributes page in the following situations:
- If you have selected multiple event types or if the Any check
box is selected on the Event Type page, the Extended Attributes page is disabled.
You must select only one event type to specify extended attributes.
- If the Extended Attributes page is enabled for a specific event type but
no keywords are listed, IBM Systems
Director Server is
not aware of any keywords that can be used for filtering.
When you specify extended attributes for filtering,
an event must meet the following filtering criteria:
- If you select multiple keywords, all values received must match all values
of all selected keywords (Boolean AND).
- If you specify multiple values for a single keyword, the values received
must match at least one of the values specified for the keyword (Boolean OR).
Because event types are hierarchical, an event has its extended attributes
as well as the extended attributes of its parent event types. For example,
the event type Director>Topology>Offline has extended attributes for Director>Topology>Offline
and Director>Topology.
Note: To determine what extended
attributes an event provides, see the documentation for that specific event
in
"Events."
- Clear the Any check box.
- Select an extended attribute from the Keywords list.
- Select an Boolean operator from the Operator list.
- Select a value from the Values list.
- Click Add to add the extended attribute
to the selections pane. You can select additional keyword-value
pairs. You also can specify additional values for a single keyword.
If
you want to enter multiple values for a single keyword, click Add each
time you want to add a value. The Boolean OR operator is used to determine
whether an event's extended attributes meet the filtering criteria for multiple
values of a single keyword. If you enter more than one keyword and value pair,
the Boolean AND operator is used to determine whether an event's extended
attributes meet the filtering criteria, that is, all keyword values must be
true.
- Optional: To filter events
by their event text, click the Event Text tab.
- Clear the Any check box to filter selected
events based on text in the event.
- Type the word or words for which you want to filter.
- Select how you want the word or words to be evaluated. You can select Any word, All words,
or Exact phrase.
- Optional: If you want the evaluation to be case
sensitive, select Case sensitive.
- If you have created an event filter using
the exclusion event filter type, click the Excluded Event Type tab
to specify the events to exclude.
- Clear the None check box.
- Select one or more event types from the tree that you want to
exclude from your filter.
- If you have created an event filter
using the threshold event filter type, click the Frequency tab.
For threshold event filters, the Interval field
must be used in conjunction with the Count field. Interval specifies
a window of time that begins when an event meets the filtering criteria. The
first occurrence of an event that meets the criteria does not trigger associated
actions, but starts a countdown of the units that define the interval. For
example, if you enter 10 and select minutes,
a 10-minute timer starts when an event meets the filtering criteria. The value
entered in Count specifies the number of times
an event must meet the criteria before associated actions are triggered. For example, if you set Count to 9, the
first 8 events matching the criteria that occur within the interval do not
cause associated actions to trigger. The ninth time an event meets the criteria
within the interval, associated actions are triggered, the count is reset,
and the interval is reset.
- In the Interval field, specify a window
of time that begins when an event first meets the filtering criteria.
- In the Count field, type the number of
times an event must meet the criteria before associated actions
are triggered.
- If you have created an event filter
using the duplication event filter type, click the Frequency tab.
For duplication event filters, the Interval field
can be used without using the Count field (Count =
0). The first occurrence of an event that meets the criteria triggers associated
actions and starts a countdown of the units that define the interval. For
example, if you enter 10 and select seconds,
a 10-second timer starts when an event meets the filtering criteria. If Count is
set to 0, all other instances of an event that meets the criteria do not trigger
associated actions during the interval.
If Interval is
set to a value greater than 0, and Count is set to
a value greater than 0, after the first occurrence of an event meets the filtering
criteria, the value entered in the Count specifies
the number of times an event must meet the criteria within the interval before
associated actions can be triggered again. For example, if you set Count to
9, an event meeting the criteria must occur nine times within the interval.
When an event meets the criteria for a tenth time within the interval, associated
actions are triggered, the count is reset, and the interval is reset.
- In the Interval field, specify a window
of time to count down when an event first meets the filtering criteria.
- Optional: In the Count field,
type the number of times an event must meet the criteria within the interval
before associated actions can be triggered again.
- Click .
- In the Save Event Filter window,
type a name for the filter. When you are naming an event filter, the name
should indicate the type of events for which the filter is targeted and any
special options that you have configured for the filter, including the time
the filter is active and event severity. For example, the name of an event
filter for critical storage events that occur on a weekend
to reflect that purpose.
- Click OK to save the filter. The new filter is displayed on the Advanced Event Filters page.
- When you are satisfied with the event filter, click Next.