Handling PATROL Events Generated by Sentry KMs in BMC Helix Operations Manager

  • kb1268
  • Jun. 24, 2022 - Last Update: Oct. 9, 2023
  • 2 min read

How to receive and manage PATROL events generated by Sentry Software's KMs in BMC Helix Operations Manager(BHOM).

Best Practice Helix BHOM Events

Related Topics

Downloads

ManagingSentryPATROLEvents-Final.zip

0.9KB

Introduction

Each time a threshold is breached:

  • Events of class ALARM are generated by BMC Helix Operations Management (BHOM). These events are based on signature/static thresholds
  • Events of class 11 or 9 are generated by the PATROL Agent
  • STD_41 or specific PATROL events such as HardwareProblem, ConnectorProblem, StorageProblem, Studio, etc. are generated by the Sentry Software’s KMs. These events are based on custom thresholds recommended and exposed by manufacturers.

By default, the PATROL Agent does not send PATROL_EV events to BMC Helix Operations Managements. However, since the events generated by the Sentry Software’s KMs provide more information about the actual problem, we strongly recommend to expose them in your BMC Helix Operations Management Events console. Here is an example of the event enriched with the message of the event generated by Sentry Software’s KM:

Enriched PATROL events

In this article, you will learn how to:

  • force the PATROL Agent to send PATROL events to BMC Helix Operations Management Events
  • enrich the events of class 11 with the message generated by Sentry’s KMs and delete Sentry Events to reduce the number of events.
  • allow OK events (p_class == 9) to close previous alarms/warnings.

Procedure

Forcing the PATROL Agent to send PATROL Events

To allow PATROL events of class PATROL_EV to be sent to Helix, add the following ruleset to your PATROL Agent through a monitoring policy or by using other tools such as pconfig, wpconfig, or PATROL Configuration Manager:

"/AgentSetup/integration/HelixMonitorEvents" = { REPLACE = "1" }
Enabling this option may result in a large amount of PATROL events to be sent. To prevent performance issues, it is strongly recommended to create additional event policies to handle the unwanted events.

Enrich the events of class 11 and delete the Sentry ones

To update and enrich the events of class 11 with the message generated by Sentry’s KMs, you need to create the following event policy in BMC Helix Operations Management:

class equals 'PATROL_EV' AND ( p_class has_suffix 'Problem' OR p_class equals 'Studio' )

as explained below:

  1. Connect to BMC Helix Operations Management

  2. Go to Configuration > Event Policies and configure the policy below:

    Keeping the events of class 11

  3. In the Policy Configuration pull-down list, click Advanced Enrichment and create this rule:

    Look up Sentry events

    Updating p_class=11 events

    Dropping Sentry events

  4. Save your changes.

This policy can be imported using the ManagingSentryPATROLEvents-Final.json file (available in the Downloads section)

An internal BHOM policy called PatrolEventsCloseProcessing deletes the STATE_CHANGE events (p_class=9) once they have closed the related ALARM/WARNING event. The STATE_CHANGE events (p_class=9) are therefore not displayed in the Events console .

Patrol Events Close Processing

Best Practice Helix BHOM Events