• State Suggested Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 59 subscribers
  • Views 3336 views
  • Users 0 members are here
Options
Related

Understanding Foglight rule code

efrances
over 4 years ago

Hey all,

I wanted to understand better the code found in the rules.  For example, in the following code.  Where is object server defined?  How can I find all the properties and methods associated with the object?  This previous two questions would also apply to any object in the script below.  Also, the rule had a severity level rule defined by calling function retrieveLogRecordDetails('Fatal', #records#).  Where can I find information on this function?

I want to understand better how Foglight works.  Thanks in advance.

def records = #records#;

def alarms = server.AlarmService.getCurrentAlarms(scope.uniqueId)

def existingAlarm = alarms.find{it.ruleID == @foglight_rule_id && it.severity == 4};

if(existingAlarm){
return true;
}

return records.any{it.severity.name == "Fatal"};

Parents
  • 0 over 4 years ago

    Helle efrances,

    a good starting point is here:
    support.quest.com/.../20

    And here you will find a lot of training recordings for Foglight. Those are done by our technical consultant team and the first one is about rule management:
    www.quest.com/.../foglight-skills-101-webcast-series

    All rule details + workflow are explained include rule customization. I highly recommend these webcasts.

    Back to your questions above:
    When you ask for object, I assume you mean the rule scope, which identifies one or more topology objects that the rule evaluates. The rule scope can be found when clicking on the tab: "Rule Definition". Here you can also see if it is a multi-severity rule or a simple rule and if it is time, data, even or schedule driven. Most rules are data driven. Each time new data is coming in, Foglight evaluates the rule and triggers an alarm based on the condition code.

    The code you posted here is from the rule "Record Severity". So what is the code doing:
    First we take the records which have been collected. The object "LogMonitorFileGroup" on which the rule is scoping has an observation called "records". Then we check if there supposed to be an alarm based on the log filter configuration. If there is a log entry which has severity 4 (which is fatal) assigned, Foglight returns true and alarm is being triggered.

    The properties of an object can found via the Foglight Script Console which is available from the Administration dashboard. You can select the needed object (or type in the name of the object) from the drop down list on top of the page and then you can click on "List Instances". Then you will get all objects listed. Select one by ticking the radio button in the first column and in the bottom you will get a list of the properties. Make sure have the tab "Properties of..." is selected. Please be aware that not all properties have to be set.

    Regarding the functions:
    As far as I know, there is no API or similar where you can get details about the functions used by the agents. Those are compiled in the code. But maybe our PSO team knows a trick.

    If you need deeper knowledge about rule customization + coding in Foglight, I would recommend to involve our PSO as they can provide a custom training based on your needs. You can get in contact with the PSO team via your Quest account manager.

    And please look at the Foglight webcast (link above) as those are very good.

    I hope that helps.

    Kind Regards
    Nicola

  • 0 over 4 years ago in reply to Nicola.Flucke

    Nicola,

    Thank you very much for the explanation you provided and the links to the video. 

    Eddy

Reply Children
No Data