|
When running a program as part of a response, the program can be passed
command line parameters which define values related to the incident. Each
parameter takes the format
/<parameter> <value>
For example, if a program was run as part of the response to an unfiltered
event being logged with a source of 'Example App' and an event ID of 12345,
and the parameters specified were /ID /SOURCE, the program would be run with the
command line /ID 12345 /SOURCE "Example App"
Different parameters are available depending on the incident for which
a response is being generated.
All Monitored Incidents
| |
NAME |
System name |
| |
DATE |
Date |
| |
TIME |
Time |
| |
TYPE |
Incident type (Key Indicator, Performance
Item, Event Log, Service, Network Device, SNMP Trap, Security Update,
Availability, File Server, Mail Server, Database Server, Web
Server, Mail Infrastructure) |
| |
SUBJECT |
Standard incident subject |
| |
SHORT_DETAILS |
Shorter incident narrative |
| |
FULL_DETAILS |
Standard incident narrative |
Event Log Monitoring
| |
SOURCE |
Source |
| |
CATEGORY |
Category |
| |
ID |
Event ID |
| |
USER |
User |
| |
TYPE |
Event type (information, warning, error, audit success
or audit failure) |
| |
LOG |
Log name |
| |
DETAILS |
Description |
Performance Item Monitoring
| |
ITEM |
Performance item name |
| |
LABEL |
Performance item label |
| |
LEVEL |
Threshold level (normal, warning, critical,
within, below, above) |
| |
VALUE |
Threshold value |
Service Monitoring
| |
ID |
Service identifier |
| |
NAME |
Service name |
Network Device Monitoring
| |
ADDRESS |
Device address |
| |
RESULT |
'Ping' result (respond or fail) |
SNMP Trap Monitoring
| |
OID |
Ihe OID of the enterprise that generated the trap |
| |
AGENT |
The IP address of the agent that generated the trap,
taken from the received SNMP PDU |
| |
SOURCE |
The IP address of the agent that generated the trap,
taken from the network transport |
| |
TYPE |
The generic trap type |
| |
ID |
The specific trap |
| |
COMMUNITY |
The community string |
| |
TIMESTAMP |
The timestamp (in timeticks) of the trap, relative
to an epoch on the generating system, rather than an absolute time |
Availability Monitoring
| |
RESULT |
The result of the availability test (Available or Unavailable) |
Database Server Monitoring
| |
RESULT |
The result of the snapshot comparison (Snapshot Match or Snapshot Not Match) |
Web Server Monitoring
| |
RESULT |
The result of the page comparison (Content Match, Content
Not Match, Fragment Present or Fragment Missing) |
| |
DIFFERENCE |
An analysis of the page content differences. |
Mail Infrastructure Monitoring
| |
RESULT |
The result of the message delivery attempt (Message
Delivered or Message Not Delivered) |
|
