ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • event filter rule add

    Add a rule for an event filter

    Availability: This command is available to cluster administrators at the admin privilege level.

    Description

    The event filter rule add command adds a new rule to an existing event filter. See event filter create for more information on event filters and how to create a new event filter.

    Parameters

    -filter-name <text> - Filter Name

    Use this mandatory parameter to specify the name of the event filter to add the rule. Rules cannot be added to system-defined event filters.

    [-position <integer>] - Rule Position

    Use this optional parameter to specify the position of the rule in the event filter. It should be in the range (1..n-1), where 'n' is the position of the last rule, which is an implicit rule. Rules are checked in the order they are listed for a filter, until a match is found.

    -type {include|exclude} - Rule Type

    Use this mandatory parameter to specify the type of the rule which determines whether to include or exclude the events that match this rule.

    [-message-name <text>] - Message Name

    Use this parameter to specify the message name of the event to include or exclude from the filter.

    [-severity <text>,…​] - Severity

    Use this parameter to specify the list of severity values to match against the events. Enter multiple severities separated by a comma. To enter all severities, the wild card (*) can be used. The wild card cannot be specified with other severities. The default value is *.

    [-snmp-trap-type <text>,…​] - SNMP Trap Type

    Use this parameter to specify the list of the SNMP trap type values to match against the events. Enter multiple SNMP trap types seperated by comma. To enter all SNMP trap types, the wild card (*) can be used. The wild card cannot be specified with other SNMP trap types. The default value is *.

    Examples

    The following example adds a rule to an existing event filter "emer-and-wafl": All events with severity EMERGENCY and message name starting with "wafl." are included in the filter. Not specifiying the SNMP trap type implies a default value of "".

    cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.*  -severity EMERGENCY
    cluster1::> event filter show
    Filter Name Rule     Rule      Message Name           SNMP Trap Type  Severity
          Position Type
    ----------- -------- --------- ---------------------- --------------- --------
    default-trap-events
          1        include   *                      *               EMERGENCY, ALERT
          2        include   *                      Standard, Built-in
                                                                    *
          3        exclude   *                      *               *
    emer-and-wafl
          1        include   wafl.*                 *               EMERGENCY
          2        exclude   *                      *               *
    important-events
          1        include   *                      *               EMERGENCY, ALERT
          2        include   callhome.*             *               ERROR
          3        exclude   *                      *               *
    no-info-debug-events
          1        include   *                      *               EMERGENCY, ALERT, ERROR, NOTICE
          2        exclude   *                      *               *
    10 entries were displayed.

    The following example adds a rule to the event filter "emer-and-wafl" at position 1: All events with severity ALERT and message name starting with "wafl.scan.*" are included in the filter.

    cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.scan.* -position 1 -severity ALERT
    
    cluster1::> event filter show
    Filter Name Rule     Rule      Message Name           SNMP Trap Type  Severity
          Position Type
    ----------- -------- --------- ---------------------- --------------- --------
    default-trap-events
          1        include   *                      *               EMERGENCY, ALERT
          2        include   *                      Standard, Built-in
                                                                    *
          3        exclude   *                      *               *
    emer-and-wafl
          1        include   wafl.scan.*            *               ALERT
          2        include   wafl.*                 *               EMERGENCY
          3        exclude   *                      *               *
    important-events
          1        include   *                      *               EMERGENCY, ALERT
          2        include   callhome.*             *               ERROR
          3        exclude   *                      *               *
    no-info-debug-events
          1        include   *                      *               EMERGENCY, ALERT, ERROR, NOTICE
          2        exclude   *                      *               *
    11 entries were displayed.

    The following example adds a rule to the event filter "emer-and-wafl" to include all "Standard" SNMP trap type events:

    cluster1::> event filter rule add -filter-name emer-and-wafl -type include -snmp-trap-type Standard
    
    cluster1::> event filter show
    Filter Name Rule     Rule      Message Name           SNMP Trap Type  Severity
          Position Type
    ----------- -------- --------- ---------------------- --------------- --------
    default-trap-events
          1        include   *                      *               EMERGENCY, ALERT
          2        include   *                      Standard, Built-in
                                                                    *
          3        exclude   *                      *               *
    emer-and-wafl
          1        include   wafl.scan.*            *               ALERT
          2        include   wafl.*                 *               EMERGENCY
          3        include   *                      Standard        *
          4        exclude   *                      *               *
    important-events
          1        include   *                      *               EMERGENCY, ALERT
          2        include   callhome.*             *               ERROR
          3        exclude   *                      *               *
    no-info-debug-events
          1        include   *                      *               EMERGENCY, ALERT, ERROR, NOTICE
          2        exclude   *                      *               *
    12 entries were displayed.
    Top of Page