Default event rules

Default event rules are available for various sources. You can customize these rules as necessary to manage events and alert generation.

The following video explains transform, compose, and binding.

To view the default rules, navigate to Event Management > Rules > Event Rules.

Default events are available from the following sources:
  • HPOMWIN
  • oraEM4Traps
  • Generic Trap
  • SNMPv2
  • SolarWinds
  • Trap From Enterprise 9
  • vmwVC

Oracle

For Oracle, the following event rules are active by default in the oraEM4Traps source category.

Table 1. Default Oracle event rules
Event rule name Description
OracleGrid Database Traps Manages Oracle grid database traps. The CI type is Oracle Instance [cmdb_ci_db_ora_instance].
OracleGrid Non-Database Traps Manages Oracle grid non-database traps. The CI type is Computer [cmdb_ci_computer].

SNMP V1 Generic Traps

For Simple Network Management Protocol (SNMP) Version 1, the following event rules are active by default in the SNMPv1 Generic Trap source category.

Table 2. Default SNMP V1 event rules
Event rule name Description
snmpV1.coldStart Manages SNMP v1 cold start messages with the generic_trap field value.
snmpV1.warmStart Manages SNMP v1 warm start messages with the generic_trap field value.
snmpV1.authentication Failure Manages SNMP v1 authentication start messages with the generic_trap field value.
snmpV1.linkDown Manages SNMP v1 link down messages with the generic_trap field value.
snmpV1.linkUp Manages SNMP v1 link up messages with the generic_trap field value.
snmpV1.egp NeighborLoss Manages SNMP v1 egp Neighbor Loss events with the generic_trap field value.

SNMP V2 Generic Trap

For Simple Network Management Protocol (SNMP) Version 2, the following event rules are active by default in the SNMPv2 Generic Trap source category.

Table 3. Default SNMP V2 Generic Trap event rules
Event rule name Description
snmpV2.coldStart Manages SNMPv2 cold start messages with the SnmpTrapOID field value.
snmpV2.warmStart Manages SNMv2 warm start messages with the SnmpTrapOID field value.
snmpV2.authentication Failure Manages SNMPv2 authentication messages with the SnmpTrapOID field value.
snmpV2.linkDown Manages SNMPv2 link down messages with the SnmpTrapOID field value.
snmpV2.linkUp Manages SNMP 2 link up messages with the SnmpTrapOID field value.
snmpV2.egp NeighborLoss Manages SNMPv2 cold start messages with the SnmpTrapOID field value.

SolarWinds

For SolarWinds, the following event rules are active by default in the SolarWinds source category.

Table 4. Default SolarWinds event rules
Event rule name Description
Component_Status Manages SolarWinds event messages with the ComponentStatus field value.
Node response time dropped Manages SolarWinds events where node response time had dropped below the Threshold field value.
Node response time above Manages SolarWinds events where node response time exceeds the Threshold field value.
Solarwinds Generic App events Manages SolarWinds app up-down events.
Host not responding Manages SolarWinds host stop responding events.
Interface Utilization Triggered Manages SolarWinds interface utilization events.
Interface status Manages SolarWinds interface names for node events.
Solarwinds Node Status Manages SolarWinds node status events.
Packet loss dropped Manages SolarWinds events for packets lost rate dropped.
Application Status Manages SolarWinds application status events.
Group status down Manages SolarWinds group on node status events.
Group Status Manages SolarWinds group status events.
Counter is up Manages SolarWinds counter for app on node events.
Interface High Transmit Manages SolarWinds high transmit utilization events.
Packet loss risen Manages SolarWinds events for lost packets that exceed the above rate.
Response_time Manages SolarWinds host responding again with response time events.
ComponentOnAppStatus Manages SolarWinds component status events.
Solarwinds Group events Manages SolarWinds group events.
Interface Utilization Reset Manages SolarWinds interface reset alert trigger events.
IOS change Manages SolarWinds events for Cisco Internetwork Operating System (IOS).
Counter status Manages SolarWinds counter-status events.
Solarwinds Cluster events Manages SolarWinds cluster events.
Solarwinds Node events Manages SolarWinds node events.
Node reboot Manages SolarWinds node reboot events.
Group status 1 Manages SolarWinds group on node status events.
Solarwinds Volume events Manages SolarWinds physical or logical volume events.
IOS Image family Manages SolarWinds IOS Image family changes for node.
Solarwinds Interface events Manages SolarWinds interface events.

Splunk

For Splunk, the following event rules are active by default in the Splunk source category.

Table 5. Default Splunk event rules
Event rule name Description
All Splunk Catches all Splunk events that do not match previous rules, and maps the Description field to the Unmapped field. The CI type is Computer [cmdb_ci_computer].

Enterprise 9

For Enterprise 9, the following event rules are active by default in the Trap From Enterprise 9 source category.

Table 6. Default Trap From Enterprise 9 event rules
Event rule name Description
cisco.reload Manages Cisco reload traps that indicate that the entity is reinitializing or that the implementation has changed.
ciscoV1.reload Manages Cisco version 1 reload traps that indicate that the entity is reinitializing or that the implementation has changed.
cisco.tcpConnectionClose Manages Cisco teletype (tty) traps for terminated TCP sessions.
cisco.ciscoFlashCopyCompletionTrap Manages Cisco teletype (tty) traps for the initiation of flash copy operations.
cisco.cmiMrStateChange Manages Cisco Mobile Router state change notifications. The cmiTrapControl object controls the generation of this notification.
ciscoV1.tcpConnectionClose Manages Cisco version teletype (tty) traps for terminated TCP sessions.

VMware

For VMware vCenter, the following event rules are active by default in the vmwVC source category.

Table 7. Default VMware event rules
Event rule name Description
esx_lost connectivity Manages VMware Network-Connectivity-Lost-Alarm events. The CI type is Computer [cmdb_ci_computer].
ESX host Manages all VMware events for an ESX hostname. The CI type is Computer [cmdb_ci_computer].
vmware vm Manages all VMware events for a VMname. The CI type is Computer [cmdb_ci_computer].