Hi Mark,

I use inline actions and actions quite a bit to do things like this.

All the variables you mention, except for severity, are available in the
environment set up in an action or inline-action.

Severity is available if you grep it out of trapd.conf.  Here is a
little shell routine to do that:

LINE=$(grep -w "{${NVE%.*}} $NVG $NVS" /usr/OV/conf/C/trapd.conf)
if [[ -n "$LINE" ]]
then
    set $LINE
    SEVERITY=$6
else
    SEVERITY=1 # Unknown
fi


James Shanks posted a nice piece about rulesets and such, and it has a
lot of extremely useful information about performance for rulesets.

Mark van Kerkwyk wrote:
>
> I am wondering how many of you use the RuleSet editor much or whether you
> just create an inline action which calls a perl/shell/C script to handle
> the incoming events.
> I am finding it hard to get what I need done, just simple things like ( if
> Enterprise OID =Lotus or Cisco or Netfinity and Severity is > 2 then page
> this group of people, if Enterprise OID = ArcServe then page this person)
> become quite cumbersome and the rule set edit fills up very quickly with
> the very large icons, they are also not labelled with anything too
> meaningful and my customer doesn't like it too much.
> I can't seem to page a group of people anyway and the nvsec_admin on
> Solaris can't be used to administrer user/group names much.
>
> Any comments ?
>
> Mark

--
Ray Schafer                   | schafer AT tkg DOT com
The Kernel Group              | Network Computing Consulting