search

Thomas-Gelf / icingaweb2-module-eventtracker

2 stars 3 forks source link

Change default severities for BMC Event Manager #12

Closed Thomas-Gelf closed 3 years ago

Thomas-Gelf commented 3 years ago

Severity order in BEM is WARNING MINOR < MAJOR < CRITICAL, while Syslog uses NOTICE < WARNING < CRITICAL < ALERT < EMERGENCY. As both of them use CRITICAL, but BMC Event Manager having two additional severities between them, while Syslog has none (but two above CRITICAL) made the existing mapping confusing. So we opted for NOT keeping "CRITICAL" (the wording) consistent, but instead looking for a mapping trying to be as "linear" as possible.

As a result of this conclusion, the default mapping changes from:

[msend-severity-map]
CRITICAL      = alert
MAJOR         = critical
MINOR         = error
WARNING       = warning
INFORMATIONAL = informational
INFO          = informational
NORMAL        = informational
OK            = informational

...to:

[msend-severity-map]
MAJOR         = alert
CRITICAL      = critical
MINOR         = error
WARNING       = warning
INFORMATIONAL = informational
INFO          = informational
NORMAL        = informational
OK            = informational
Thomas-Gelf commented 3 years ago

Related to this, we switch critical and alert in the the alert_severity mapping for SCOM alerts.