...
Policy evaluation starts at the outermost policy level, and proceeds in order of the numeric rule identifiers. All rules on the same nesting level are evaluated one after the other, unless a successful rule has its BREAK option set to true: in this case the rules after the successful one are skipped. No BREAK option present is interpreted as BREAK is false.
In the example above, rule 20 would be skipped if rule 10 succeeds, and policy evaluation would contine at rule 2. If rule 10's IF does not match, then its BREAK option has no effect. If the IF expression of rule 1 doesn't match, then the sub-policy 10/20 isn't considered at all.
...
| Action Name | Description |
|---|---|
| log.logtype() | Log the event to a file, as plain text or in JSON format |
| script.scriptname() | Execute a user-defined script, possibly capturing the output |
| escalate.policyname() | Mark this event for escalation using a particular escalation policy |
| email(contactname) | Email the event details to a particular contact |
| syslog.targetserver(prio) | Send the event as Syslog message to a Syslog server, optionally overriding the event priority |
| nmissyslog.targetserver(prio) | Send the event as Syslog message to an NMIS Syslog server, in the format expected by NMIS |
| priority(adjustment) | Change the priority of the event Adjustment can be a number between 0 and 10 for fixed assignment, or +number or -number for relative adjustment. |
| tag.tagname(value) | Set a custom event property's value for static enrichment. Tagname is the name of the property to modify and must be a single string without spaces. Values are not restricted. (In the database the custom tag will be stored as "tag_tagname", therefore hence you cannot overwrite opEvents-internal properties with this action. As a consequence, if your policy has IFs that need a tag's value, then these need to reference the tag with the 'long form' "tag_tagname".) In opEvents 2.0.2 and newer the tagname " kb_topic" is special and controls linking to external data sources. |
| watchdog.set(waittime) watchdog.disable() | Creates or updates a watchdog timer for the node associated with the current event. The timer is set to expire in waittime seconds from now. If the timer is not disabled or updated before the expiration time, then a synthetic event named "Watchdog Timer expired" is generated. Note that all four watchdog actions are disabled if the current event itself is a watchdog expiration event. |
| element_watchdog.set(waittime) element_watchdog.disable() | Similar to the previous, but for watchdog timers that are specific to both the node and the element (e.g. an interface) of the current event. Element watchdog timers are independent of node watchdogs and of each other: Updating or disabling an element watchdog for say, eth1 doesn't affect a timer for lo0 for the same node. |
...