ONTAP 9.13.1 commands

event filter rule add

Add a rule for an event filter

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The event filter rule add command adds a new rule to an existing event filter. See event filter create for more information on event filters and how to create a new event filter.

Parameters

-filter-name <text> - Filter Name

Use this mandatory parameter to specify the name of the event filter to add the rule. Rules cannot be added to system-defined event filters.

[-position <integer>] - Rule Position

Use this optional parameter to specify the position of the rule in the event filter. It should be in the range (1..n-1), where 'n' is the position of the last rule, which is an implicit rule. Rules are checked in the order they are listed for a filter, until a match is found.

-type {include|exclude} - Rule Type

Use this mandatory parameter to specify the type of the rule which determines whether to include or exclude the events that match this rule.

[-message-name <text>] - Message Name

Use this parameter to specify the message name of the event to include or exclude from the filter.

[-severity <text>,…​] - Severity

Use this parameter to specify the list of severity values to match against the events. Enter multiple severities separated by a comma. To enter all severities, the wild card (*) can be used. The wild card cannot be specified with other severities. The default value is *.

[-snmp-trap-type <text>,…​] - SNMP Trap Type

Use this parameter to specify the list of the SNMP trap type values to match against the events. Enter multiple SNMP trap types seperated by comma. To enter all SNMP trap types, the wild card (*) can be used. The wild card cannot be specified with other SNMP trap types. The default value is *.

[-parameter-criteria [key>=<value],…​] - Parameter Criteria

Use this parameter to match against event parameters. Each parameter consists of a name and a value. When multiple parameter criteria are provided in a rule, they all need to match for the rule to be considered matched. A pattern can include one or more wildcard '*' characters.

Examples

The following example adds a rule to an existing event filter "emer-and-wafl": All events with severity EMERGENCY and message name starting with "wafl." are included in the filter. Not specifiying the SNMP trap type implies a default value of "".

cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.*  -severity EMERGENCY
cluster1::> event filter show
Filter      Rule Rule                                    SNMP Trap
Name        Posn Type     Message Name     Severity      Type      Parameters
----------- ---- -------- ---------------- ------------- --------- -----------
default-trap-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  *                *             Standard, Built-in
                                                                   *=*
            3    exclude  *                *             *         *=*
emer-and-wafl
            1    include  wafl.*           EMERGENCY     *         *=*
            2    exclude  *                *             *         *=*
important-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  callhome.*       ERROR         *         *=*
            3    exclude  *                *             *         *=*
no-info-debug-events
            1    include  *                EMERGENCY, ALERT, ERROR, NOTICE
                                                         *         *=*
            2    exclude  *                *             *         *=*
10 entries were displayed.

The following example adds a rule to the event filter "emer-and-wafl" at position 1: All events with severity ALERT and message name starting with "wafl.scan.*" are included in the filter.

cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.scan.* -position 1 -severity ALERT

cluster1::> event filter show
Filter      Rule Rule                                    SNMP Trap
Name        Posn Type     Message Name     Severity      Type      Parameters
----------- ---- -------- ---------------- ------------- --------- -----------
default-trap-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  *                *             Standard, Built-in
                                                                   *=*
            3    exclude  *                *             *         *=*
emer-and-wafl
            1    include  wafl.scan.*      ALERT         *         *=*
            2    include  wafl.*           EMERGENCY     *         *=*
            3    exclude  *                *             *         *=*
important-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  callhome.*       ERROR         *         *=*
            3    exclude  *                *             *         *=*
no-info-debug-events
            1    include  *                EMERGENCY, ALERT, ERROR, NOTICE
                                                         *         *=*
            2    exclude  *                *             *         *=*
11 entries were displayed.

The following example adds a rule to the event filter "emer-and-wafl" to include all "Standard" SNMP trap type events:

cluster1::> event filter rule add -filter-name emer-and-wafl -type include -snmp-trap-type Standard

cluster1::> event filter show
Filter      Rule Rule                                    SNMP Trap
Name        Posn Type     Message Name     Severity      Type      Parameters
----------- ---- -------- ---------------- ------------- --------- -----------
default-trap-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  *                *             Standard, Built-in
                                                                   *=*
            3    exclude  *                *             *         *=*
emer-and-wafl
            1    include  wafl.scan.*      ALERT         *         *=*
            2    include  wafl.*           EMERGENCY     *         *=*
            3    include  *                *             Standard  *=*
            4    exclude  *                *             *         *=*
important-events
            1    include  *                EMERGENCY, ALERT
                                                         *         *=*
            2    include  callhome.*       ERROR         *         *=*
            3    exclude  *                *             *         *=*
no-info-debug-events
            1    include  *                EMERGENCY, ALERT, ERROR, NOTICE
                                                         *         *=*
            2    exclude  *                *             *         *=*
12 entries were displayed.

The following example adds a rule to the event filter "emer-and-wafl" to include all "wafl" events whose parameters have a parameter named "type" and its value matches "volume":

cluster1::> event filter rule add -filter-name emer-and-wafl -type include -message-name wafl.* -position 1 -parameter-criteria type=volume

cluster1::> event filter show -filter-name emer-and-wafl
Filter      Rule Rule                                    SNMP Trap
Name        Posn Type     Message Name     Severity      Type      Parameters
----------- ---- -------- ---------------- ------------- --------- -----------
emer-and-wafl
            1    include  wafl.*           *             *         type=volume
            2    include  wafl.scan.*      ALERT         *         *=*
            3    include  wafl.*           EMERGENCY     *         *=*
            4    include  *                *             Standard  *=*
            5    exclude  *                *             *         *=*
5 entries were displayed.
Top of Page