How to trigger an action on an alert?

Quantellium uses a simple and straightforward method to to start a Windows script file triggered by an alert. It takes four steps:

  1. Quantellium searches the directory
    <BaseDataDirectory>\FCMS\PoEn\Comm\

    for existing command (.cmd) or powershell (.ps1) files.

  2. If one is found, a “search-and-replace” action is performed on the script body-text and all keyword variables (table below) are substituted by real values (arguments).
  3. The modified script file is saved to a temporary file…and
  4. executed.

Notice that:

  1. If multiple script files exist, the above 4 steps are repeated for every script file found!
  2. The above steps are followed for each occurring event! Use “if .. then .. else” logic within the script to limit execution of a script for just one device or event type!

Script parameters

The table below shows the parameters that are replaced by actual arguments in a script file. Each parameters should be in uppercase and should begin with a $ sign. Be aware that not all arguments passed to a command file contain relevant information in all circumstances. A “No response from” event which is generated if a device does not respond to a ICMP ping command, does not pass OID and Instance values!

Variable Description
$COMMPATH The Path of the COMM directory
$EID The Event Identifier
$ETYPE The EventType (see the table below for the type descriptions)
$ETSTR The translation of the EventType to a string
$RECIPIENTS A CSV string containing the email addresses of the recipients of the alert eMail
$EMESS The Event Message
$EMAILBODY the Event Message complemented by a number of event-related data that make up the body text of an eMail
$DID The Identifier of the device
$DNAME The Name of the device
$DADDRESS The Address of the device (IP address or host name)
$DCID The Identifier of the class the device belongs to
$DCNAME The Name of the class the device belongs to
$LID The Identifier of “the Launch”. A “Launch” is internally used to identify a Device/sDC combination
$SDCID The Identifier of the sDC that triggered the alert
$SDCNAME The Name of the SNMP Data Collector that triggered the alert
$TS The event TimeStamp as a string
$UTC The event Timestamp in UTC (seconds elapsed since jan 1, 1970)
$OID The SNMP ObjectIdentifier
$INST The SNMP Instance

The EventType to Description table:

EventType Description
Threshold violation 1 Threshold violation
Threshold violation cleared 2 Back to normal after a Threshold violation
No ICMP response 4 No response from event (Device did not reply on a ICMP ping)
Responding on ICMP again 3 Back to normal after a ICMP down (No response from) event
Trap received 5 Trap message received
Anomaly detected 6 Anomaly detected
Anomaly cleared 7 Anomaly cleared
syslog 8 Syslog message received
User action 90 User triggered action
Program or script executed 98 A Program or script has been executed
Application 99 An application message

Event types >= 90 do not trigger alerts! They are only logged to the Event history.

Example 1) Running a script for one specific device only (based on its ID 4).

@echo off
if $DID == 4 goto labelA
goto Finish
:labelA
REM Your code comes here!
:Finish

Example 2) Running a script for traps only (based on eventype 5).

@echo off
if $ETYPE == 5 goto labelA
goto Finish
:labelA
REM Your code comes here!
:Finish