Event Policy Not working when deployed to the Nimsoft connector.

Article Id: 8025
Status: Published
Updated On: 14-02-2018 08:18
Legacy Id: TEC1287729
Products:
CA Service Operations Insight (SOI)
Issue/Introduction:

An event policy(see below) configured to update the userattribute6 with an extract of
an alert message and localhost does not work when deployed to the Nimsoft connector.

The same policy works when deployed to the UC or MTC connector.

 

<Catalog version='1.0'>
<EventClass name='Alert'>
    <Classify>
        <Field input='Summary' output='eventtype' outval='SOX_UIM_User' pattern='^.*4625.*$' />
    </Classify>
</EventClass>
<EventClass name='SOX_UIM_User' extends='Alert'>
    <Parse>
        <Field output='temp_parse_userAttribute60' pattern='^[^*]+(.*0Account\sName:.*Account).*.*' input='Message' />
    </Parse>
    <Format>
        <Field conditional='temp_parse_userAttribute60' output='userAttribute6' format='{1}|{0}' input='{localhost},temp_parse_userAttribute60' />
        <Field  conditional='!MdrProduct' output='MdrProduct' format='{0}' input='AlertedMdrProduct' />
        <Field  conditional='!MdrProdInstance' output='MdrProdInstance' format='{0}' input='AlertedMdrProdInstance' />
        <Field  output='ClassName' format='Alert' input='' />
    </Format>
</EventClass>


</Catalog>

Cause:

UIM connector provides variables as "summary" and "message" and not Summary and Message

Environment:

SOI 3.3 + RO94182Nimsoft connector. Build: 3.7.0.5

Resolution:

1) Open the policy file in the ..\extensions folder on the UIM connector machine and change "Summary" to "summary" and "Message" to "message"
2) Stop Catalyst Container service
3) Start Catalyst Container service