In our previous post "Event Integration From 3rd-party Monitoring Tools - Part 5: Msend API Mapping and Conversion", we discussed three steps needed to perform mapping and conversion. Now since we are using BMC out-of-box SNMP trap adapter, do we still need to follow the same three steps? Let's take a closer look at the same three steps and see how much those steps still apply to SNMP trap adapter.
First step: What BPPM cell classes to map to. Since SNMP trap adapter will automatically map your SNMP traps into event class names based on the MIB file you provided, you don't have to do anything here. The new event classes extracted out of MIB file are defined in these two baroc files generated in SNMP trap adapter configuration step.
Second step: What slots in BPPM cell to map to. The slot names of those event classes automatically created in step one are also automatically created based on the MIB file. They are different from the slot names you usually use to make decision on how to process events. For example, if you decide whether or not to create an incident ticket from an event based on the value of its severity slot, you will need to write a MRL rule or policy to set the value of severity slot based on the value of another slot. If you don't perform mapping in this step, your severity slot will just contain the default value for all your SNMP trap events - something you may not want to see.
Again, the commonly mapped slots include mc_host, mc_object_class, mc_object, mc_tool_class, mc_tool_key, mc_parameter, mc_parameter_value, severity, mc_priority, and msg. Here mc_tool_key refers to the unique event (alert) ID used in your 3rd-party monitoring software. It can be used in the de-dup rule mentioned in our last post "Event Integration From 3rd-party Monitoring Tools - Part 9: SNMP Trap Adapter Execution and High Availability"
Third step: How to map. Similar to the case with msend API, you may map directly by copying the value from one slot to another, or you may need to perform value conversion especially for enumerable types such as severity and priority. Again you can take advantage of dynamic tables to make value conversion easy to code and easy to maintain.
BPPM (BMC ProactiveNet Performance Management) or TrueSight Operations Management (the rebranded name) suite is the latest solution from BMC Software for enterprise system management. It combines the data analytic engine from ProactiveNet, the event processing engine from BMC Event Manager (BEM), and the server/application monitor from PATROL into one product. This blog is intended to share information and experience on TrueSight/BPPM implementation, customization, and integration.
No comments:
Post a Comment