Chapter 6. Event management products and best practices 279
6.5.2 Escalating events with NetView
Best practices dictate that you should perform escalation using IBM Tivoli
Enterprise Console for worsening problems or using the trouble-ticketing system
for problems that have not been addressed within a predefined time period.
However, in environments where NetView is the only monitoring tool, it may be
desirable to have it perform trap escalation. The NetView rule set is used to
perform this function.
Override ruleset node
One of the nodes available to the NetView ruleset editor is Override. This
provides the capability to change the object status or severity assigned to a
specific event and update applications that are registered to receive the output of
the rule set. Typically, the Event Display application is registered to receive the
Figure 6-35 on page 283 contains the following relevant fields:
Status: Specifies the new object status to be associated with this event. You
can click No override if you do not want to change the status. The Event
Display application updates the object status to this value.
Severity: Specifies the new severity level to be used for this event. You can
click No override if you do not want to change the severity level. A trap that is
processed through this node is marked so that it is not handled by the default
processing action specified for this rule.
Business impact escalation rule
An example of business impact escalation is increasing the severity of traps
based on device type. A rule set may be coded in NetView that uses a Query
Database Field to determine the device type, and then uses an override,
depending on the type.
NetView issues Node Down traps when switches and servers fail. By default, the
traps are assigned a Minor severity. Assume that an organization decides to treat
switch failures as more critical than other node outages. The rule set shown in
Figure 6-31 accomplishes this.