cisco_ucm alerting on main UCM publisher and not specific device that generated the error
Article ID: 430334
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
Issue/Introduction
The Cisco_UCM probe alerts (RTMT for UCM, IMP, and others) are being generated for to the main UCM Publisher but this is inaccurate because you expect the alert to be coming from the specific Device that generated the errot.
When an alert is raised, the Node ID, profile, and other related fields reflect the Publisher’s details ( which is fine ) but need to capture the details of the actual device that generated the error. The error generated device information is present in the alert details, but it is not being used.
Environment
- DX UIM 23.4.*
- cisco_ucm 2.10.*
Cause
Probe Enhancement
Resolution
With the attached probe build, RTMT alerts are captured correctly from the specific device rather than main UCM Publisher.
The regex.txt is updated with the following Regex:
(?J)(?<time>\w{3} \d{2} \d{4} \d{2}:\d{2}:\d{2})\.\d{3}.*?-\d-(?<alertname>[^:]+):\s\%\[AppID=(?<appid>[^\]]+)]\[ClusterID=(?<clusterid>[^\]]*)]\[NodeID=(?<nodeid>[^\]]+)]:\s(?<alertdetail>.*)|(?<time>\w{3} \d{2} \d{4} \d{2}:\d{2}:\d{2}).*RTMT_ALERT:\s*%\[AlertName=(?<alertname>[^\]]+)]\[AlertDetail=(?<alertdetail>(?:.+on node (?<sourcenode>[^,]+))?.*?)(?=\]\[AppID=)]\[AppID=(?<appid>[^\]]+)]\[ClusterID=(?<clusterid>[^\]]*)]\[NodeID=(?<nodeid>[^\]]+)] Attachments
Feedback
Yes
No
Powered by
