TEC Rules Tips

Most of the posts are extracted from TME10 Mailing List  IBM web front end mangles the messages so you are better off searching for the other mirror.

Orb Data - TEC Rule Writing - how to use Assertion Lists

This tip looks at using assertion lists to preven events from being displayed in the Event Console until a certain threshold has been met

RE: [TME10][TEC] Tec predicate similar to perl split

Subject: RE: [TME10][TEC] Tec predicate similar to perl split

I messed up the cut and paste:
The re_matches in the first example should be:
re_match(re_1,_msg,1,_re_date),
re_match(re_1,_msg,2,_re_time),
re_match(re_1,_msg,3,_re_host),
re_match(re_1,_msg,4,_re_path),
re_match(re_1,_msg,5,_re_app),
re_match(re_1,_msg,6,_re_data)

-----Original Message-----
From: Blankenship, I.V. (Contractor) 
[mailto:[email protected]]
Sent: Thursday, July 29, 2004 9:08 AM
To: '[email protected]'
Subject: RE: [tme10] [TME10][TEC] Tec predicate similar to perl split


I am surprised that old TEC 3.6 stuff is still floating around ;-)

I think that the re_* regular expression predicates provided since 3.7 will
work better and with less overhead.

For the specific problem in the original post this should work:

reception_action: tec_start_action:
(
 %                     Date           time             host           path
app             data
 
re_create(re_1,'^\s*([^\|]+)\s*\|\s*([^\|]+)\s*\|\s*([^\|]+)\s*\|\s*([^\|]+)
\s*\|\s*([^\|]+)\s*\|\s*(.+)$'),
 )

In the processing rule I assume that the msg slot will be split:

action: split_msg:
(
 re_match(re_1,_msg,1,_re_date),
 re_match(re_2,_msg,1,_re_time),
 re_match(re_3,_msg,1,_re_host),
 re_match(re_4,_msg,1,_re_path),
 re_match(re_5,_msg,1,_re_app),
 re_match(re_6,_msg,1,_re_data)
 ) 

If I wanted to make a more generic predicate that worked along the lines of
the perl split I could do something such as this:
Step 1 - define the Prolog rules to split the string:

split(_regex_id,_string,_list) :-
  atom(regex_id),atom(_string),
  re_split(_regex_id,_string,_list),!.

re_split(_regex_id,_string,_list) :-
  re_before_match(_regex_id,_string,_element),
  (re_after_match(_regex,_id_string,_rest) ->
(re_split(_regex_id,_rest,_working),!);_working=[]),
  _list=[_element|_working].

re_split(_,_string,[_string]).

Step 2 - setup regular expression and processing rule:
reception_action: tec_start_action:
(
 re_create(re_1,'\s*\|\s*'),
 )

action: split_msg:
(
 split(re_1,_msg,[_re_date,_re_time,re_path,_re_app,_re_data])
 ) 


I have not  tested the code listed above so it may need some tweaking.



-----Original Message-----
From: [email protected] 
[mailto:[email protected]]
Sent: Thursday, July 29, 2004 7:05 AM
To: [email protected]
Subject: Re: [tme10] [TME10][TEC] Tec predicate similar to perl split


I have not been around for the last couple of days so this may have been
answered already. Anyway, here is I.V.'s original predicate for splitting a
string. At the moment, I cannot find his upgraded, more efficient version.

reception_action: split_atom:
    (
     assert((
     split_atom(ATOM,DELIM,_LIST) :-
      nonvar(ATOM),nonvar(DELIM),var(LIST),
      name(ATOM,_codes),
      name(DELIM,_list),
      [_delim|[]]=_list,
      re_split_atom(_codes,_delim,[],_working),!,
      _LIST=_working
      )),

     assert((
     re_split_atom([],_,[],_WORKING):- _WORKING=[]
      )),

     assert((
     re_split_atom([],_,CURRENT,_WORKING) :-
      name(_current,CURRENT),
      _WORKING=[_current]
      )),

     assert((
     re_split_atom([DELIM|Y],DELIM,[],_WORKING) :-
      re_split_atom(Y,DELIM,[],_WORKING),!
      )),

     assert((
     re_split_atom([DELIM|Y],DELIM,CURRENT,_WORKING) :-
      re_split_atom(Y,DELIM,[],_working),!,
      name(_current,CURRENT),
      _WORKING=[_current|_working]
      )),

     assert((
     re_split_atom([X|Y],DELIM,[],_WORKING) :-
      re_split_atom(Y,DELIM,[X],_WORKING),!
      )),

     assert((
     re_split_atom([X|Y],DELIM,CURRENT,_WORKING) :-
      append(CURRENT,[X],_current),
     re_split_atom(Y,DELIM,_current,_working),!,
      _WORKING=_working
      ))
    ),

Kyle Amundson
3M Tivoli Group
224-3W-17
Phone: 651-575-1906
Fax: 651-736-3125

                      john_willis@gulfso

                      ft.com                   To:
[email protected]                                   
                 
                      Sent by:                 cc:

                      owner-tme10@lists.       Subject:  Re: [tme10]
[TME10][TEC] Tec predicate similar to perl split              
                      us.ibm.com

 

 

                      07/29/2004 05:20

                      AM

                      Please respond to

                      tme10

Look at the re_create and re_match predicates.

Jim Sander did an article on RegEx predicates in this newsletter:

 http://www.gulfsoft.com/downloads/GBF_Newsv1_3.pdf

John Willis
Gulf Breeze Software
www.gulfsoft.com


Quoting "Haynes Ian (UK)" <[email protected]>:

> List
>
>
>
> Does anyone know of a tec predicate similar in functionality to the perl
> split function.
>
>
>
> I have slot which is pipe "|" delimited and would like to split it up int
to
> its 6 constituent parts
>
>
>
> Ie
>
>
>
> Date|time|host|path|application|data
>
>
>
> The information is not always the same length so I need to be able to
split
> the slot at the | symbol and put the data into a variable
>
>
>
>
>
> Many thanks
>
>
>
> Ian Haynes

RE: postemsg

Use the -f option to specify a config file. This file should be an EIF compliant configuration file so you can use the BufEvtPath=pathname keyword to specify a cache file.

-----Original Message-----
From: Maleski David M [mailto:[email protected]]
Sent: Tuesday, January 25, 2005 11:38 AM
To: [email protected]
Subject: [tme10] postemsg

 

If this question has already been asked then I apologize.  We use the postemsg command quite extensively mostly to get Mainframe abends into Tivoli.   When TEC is down for any reason, these alerts get lost.  Is there anyway to have postemsg alerts cached if the TEC is not available?

Thank you

RE Ref [TEC371] limit for string used in PROLOG list

if I recall correctly the limit to the size of a list is the amount of
memory you have available. Now the limit on a Prolog string atom is
something around 32k.

As for a better way of handling the logic as you add more strings to check
it will take longer to process each event.

You could use facts or the recorded database to keep the string lists short,
or even use simple facts to handle the strings. For example:

% Prolog source file to be compiled and loaded at TEC_Start
atompart_match_fact('EVENT_Class','Fatal Exception occurred').
atompart_match_fact('EVENT_Class','IsEvents  ERROR
IntegrationServiceException').
atompart_match_fact('EVENT_Class','java.io.IOException: Stream closed').
atompart_match_fact('EVENT_Class2','The maximum number of characters for
this COBOL').
atompart_match_fact('EVENT_Class2','Failure retrieving policy access').


Your TEC rule would now look something like:
reception_action:
 (
  bo_get_classof(_event,_class),
  findall(_match,
            (
             atompart_match_fact(_class,_match),
             atompart(_msg,_match,_,_), !),
           [_matched]),  /* succeeds if at least one match is found */
        drop_received_event,
        commit_set
  ),


-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of [email protected]
Sent: Friday, January 28, 2005 9:58 AM
To: [email protected]
Subject: [tme10] Ref: [TEC371] limit for string used in PROLOG list


Hi, List.


I am dropping event if certain string is found in the msg slot. To achieve
this I created a list and the request keeps coming form administrator to
drop events.  The list is growing as I add more string to filter events. Is
there any limitation for using list this way? Any one has experienced any
problem? Is there any limit on number of characters that can be used in
list? Is there any better way to accomplish this?
reception_action:
 (
_string_list = ['Fatal Exception occurred','IsEvents  ERROR
IntegrationServiceException,''java.io.IOException: Stream closed','The
maximum number of characters for this COBOL', 'Failure retrieving policy
access'],
  findall(_match,
            (
             member(_match, _string_list),
             atompart(_msg,_match,_,_), !),
           [_matched]),  /* succeeds if at least one match is found */
        drop_received_event,
        commit_set
  ),


Vina Patel
IT  Infrastructure,
Tivoli Support
Chubb & Sons, Inc.
Phone: 908-903-5794
[email protected]

RE [TEC] Question regarding TEC task for events with slo t strings encl

RE: [TEC] Refreshing the Rules cache

Thanks for the detailed explanation of these predicates. Apart from a reference 
to them in a rule example in a redbook I could not find any info on them. 

We are experiencing some problems with tec at the moment. In our investigation 
we noticed the following behaviour:

1) I closed all current Events a specific class, lets call it joeclass, in the 
TEC.
2) A new joeclass Event came in
3) Our dup detect rule ran and even though there were no open events in the 
repository, the first_duplicate predicate matched an existing event, even 
though there is a "status: outside [ 'CLOSED' ]" clause on the rule.
4) I bounced the TEC and replayed the event. The event was successfully entered 
into the repository.

I was just wondering if a scheduled refresh of the cache, without restarting 
the tec server as described above, is something that is used, and might solve 
this problem. 

Cheers

Joe 




-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Blankenship, I.V.
(Contractor)
Sent: 11 March 2005 13:51
To: '[email protected]'
Subject: RE: [tme10] [TEC] Refreshing the Rules cache


The save_event_cache predicate dumps the event cache to a flat BAROC file.
This file is formatted similarly to a BAROC class definition file but does
have some differences.

CLASS_NAME ;
        SLOT_NAME =
                SLOT_VALUE;
.
.
.
END

.
.
.

The restore_event_cache predicate calls bo_parse_baroc_file/2 to read the
file and add the instances to the event cache. Both save and restore
predicates call get_config_param to read the your
$BINDIR/TME/TEC/.tec_config file for the event_cache_file parameter and will
only work if that parameter is defined. To dump your cache to an arbitrary
file you can use print_cache(FILENAME). To read from any BAROC file do
something like this:

bo_get_config_options(_old_quote,_old_parse_in,_old_parse_out),
bo_set_config_options(_old_quote,0,_old_parse_out),
bo_parse_baroc_file(FILENAME,add_to_cache),
bo_set_config_options(_old_quote,_old_parse_in,_old_parse_out),


If you wanted to "reload" the event cache I suppose you could write a
program or perl script to read from the event repository to build a BAROC
file, iterate through all instances of events in your cache  and remove them
with bo_delete_instance/1 and then call bo_parse_baroc_file/2 to reload the
events.

The real question is not "can you" (there is almost always a way...) but
"why would you need to?" Are you experiencing  problem where you events in
cache are out of sync with your repository as a result of forced cache
cleaning? If so you would be better off implementing better duplicate detect
rules, drop and or close irrelevant events, and increase your event cache
size.

-----Original Message-----
From: john willis [mailto:[email protected]]
Sent: Friday, March 11, 2005 6:38 AM
To: [email protected]
Subject: RE: [tme10] [TEC] Refreshing the Rules cache


The undocumented predicates I saw in a flisting output were
save_event_cache and restore_event_cache.  My guess is they are used in
the non-tme TEC.    Other than that I think you are going to have to
wait till I.V. checks in. 

John Willis
Gulf Breeze Software
www.gulfsoft.com
OpenESM Project
www.sourceforge.net/projects/gulfsoft


-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Moran, Joseph
Sent: Friday, March 11, 2005 6:27 AM
To: [email protected]
Subject: RE: [tme10] [TEC] Refreshing the Rules cache

John, 

Thanks for the explanation of the rules cache update process.  

I don't suppose you, or anyone on the list, know any of these
undocumented predicates, that you mentioned so I can search for them,
and take a look?  

Regards, 

Joe 

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of john willis
Sent: 11 March 2005 10:55
To: [email protected]
Subject: RE: [tme10] [TEC] Refreshing the Rules cache


>Has anyone got a method to refresh the rules cache without restarting
the >tec? 

I don't believe there is a documented way to do this.  There are some
undocumented predicates but I am not brave enough try them.

>Also when an event slot is modified (closed on the console for example)
>what is the process that is triggered in order to update that event in
the >Cache, from the event in the event repository?

It kinds of works the other way around.  First the requested change is
queued for the TEC_Rule process.  TEC_Rule then processes the change
against the change_rules.  If the change is not dropped the rules cache
copy is updated and a request is sent to the TEC_Dispatch to request an
update of the event in the event repository.

John Willis
Gulf Breeze Software
www.gulfsoft.com
OpenESM Project
www.sourceforge.net/projects/gulfsoft


-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Moran, Joseph
Sent: Friday, March 11, 2005 5:29 AM
To: [email protected]
Subject: [tme10] [TEC] Refreshing the Rules cache

Hello list,  

Has anyone got a method to refresh the rules cache without restarting
the tec? 

Also when an event slot is modified (closed on the console for example)
what is the process that is triggered in order to update that event in
the Cache, from the event in the event repository? 

Thanks in advance,

Joseph Moran

Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotes :  Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce :  Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS :  Programming Languages History : PL/1 : Simula 67 : C : History of GCC development :  Scripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month :  How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March, 12, 2019