How can Record Severity alarms be cleared periodically?
Users aren't clearing the Record Severity alarms so new alarms aren't raised when the same match string is found in the same host's log again.
server.RuleService.getAllRules().find{it.getName()=="Record Severity"}.getId()2. Copy the "Clear Old LogFilter Alarms" rule and give it an applicable name like "Clear Old Record Severity Alarms".
The "reporterRuleID" variable under the "Rule Variables" tab holds the ID of the rule that alarms need to be cleared for. Replace "542c111ff5feabe3803bccb722386cae" with the ID for the “Record Severity” rule found in step 1, click Add, and then Click Save.
4. Modify the value of the "daysToKeep" variable under the Rule Variables tab so that the appropriate number of days' worth of alarms is kept.By default the "Clear Old LogFilter Alarms" rule will only clear alarms older than the specified amount of days in the "daysToKeep" variable; to alter this behavior the following steps can be completed for the previously modified rule:
1. Go to the Condition & Actions tab in the rule editor.
2. Expand the 'Fire' section and select the Severity Level Variables tab.
3. Click the 'ClearAlarms' severity level variable to populate the Expression/Message box.
4. Replace the contents in the Expression/Message box with the following:
def alarmSvc = server.AlarmService; def alarms = alarmSvc.getCurrentAlarms(); for (alarm in alarms) { if (@reporterRuleID == alarm.getRuleID()) { alarmSvc.clearAlarm(alarm.getID()); } }5. Click the 'Add' button and then 'Save' changes.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center