NodeBrain  Demonstration Site
A Rule Engine for State and Event Monitoring     

IfAlert

Next  Prior  Up        Home        
Suppose we are monitoring events having two attributes, A and B, and we are interested in events where A is "happy" and B is "sad". This demonstration illustrates how an IF rule fires on an ALERT command when the condition of interested is true. We include the IsFalse and IsUnknown rules in this demonstration just to illustrate the changing state of the IsTrue rule when it is not firing. The IsTrue and IsFalse rules are initially in an unknown state and the IsUnknown rule is in a true state. One of these conditions must be true at any given time, so we expect every ALERT to trigger one of these rules.

This rule set also illustrates something called "event attribute transience". This means that when a term is specified in an ALERT command, but not on the next ALERT, it will revert to an unknown state.

Tutorial: Formulas Rules     Language: Formulas Define Alert

Rules

Transactions

Log

again after modifications.     Reset to orignal rules and transactions.

N o d e B r a i n   0.9.04 (Columbo) 2015-09-24
Spec 0.0.904 built for x86_64-redhat-linux-gnu
Copyright (C) 2014-2015 Ed Trettevik <eat@nodebrain.org>
MIT or NodeBrain License
----------------------------------------------------------------
/usr/bin/nb = ++safe 
Date       Time     Message
---------- -------- --------------------------------------------
2017-06-23 15:21:53 NB000I NodeBrain nb[24692] apache@ip-172-31-40-21.us-west-2.compute.internal
2017-06-23 15:21:53 NB000I Argument [1] =
2017-06-23 15:21:53 NB000I Reading from standard input.
---------- --------
Rules
| define IsTrue if(A="happy" and B="sad");
| define IsFalse if(!IsTrue); # just to illustrate when false
| define IsUnknown if(?IsTrue); # just to illustrate when unkown
Transactions
| alert A="sad",B="sad"; # expect IsFalse to fire
2017-06-23 15:21:53 NB000I Rule IsFalse fired 
| alert B="sad"; # expect IsUnknown to fire
2017-06-23 15:21:53 NB000I Rule IsUnknown fired 
| # notice A is now unknown
| show A,B;
A = ?
B = "sad"
| alert A="happy"; # expect IsUnknown to fire
2017-06-23 15:21:53 NB000I Rule IsUnknown fired 
| show A,B;
A = "happy"
B = ?
| alert ?B; # expect IsUnknown to fire
2017-06-23 15:21:53 NB000I Rule IsUnknown fired 
| alert A="happy",B="happy"; # expect IsFalse to fire
2017-06-23 15:21:53 NB000I Rule IsFalse fired 
| alert A="happy",B="sad"; # expect IsTrue to fire
2017-06-23 15:21:53 NB000I Rule IsTrue fired 
2017-06-23 15:21:53 NB000I NodeBrain nb[24692] terminating - exit code=0