17.3 Actions
There are many types of actions, many of which are intended only to be used with correlation rules. For more information about the correlation rule actions, see Section 4.0, Correlation Tab. This section focuses on JavaScript actions, which can be used in correlation rule deployments, within an incident, or in a right-click menu action.
17.3.1 Creating Actions
The Action Manager allows you to manage action instances, which are individual configurations of an action plug-in.
-
Click the Tools menu and select Action Manager.
-
Click the button located on the top left corner of the screen. The Configure Action window displays.
-
To create a JavaScript action, select an already imported JavaScript action plug-in from the available action types in the Action drop-down list.
Alternatively, you can import another plug-in by clicking the button.
If you select an action plug-in that is configured to use an Integrator to connect to an external system, the Add Integrator button displays.
The parameters for the selected plug-in display. For actions provided by Novell, more information about configuration and the available parameters are available in the help file for the action.
-
Specify the attribute values for the type of action selected.
-
Click .
17.3.2 Editing Actions
If you edit an action that is associated with a deployed rule, the changes take effect the next time the correlation rule fires.
-
Click the Tools menu and select Action Manager.
-
Select an action and click the View or Edit link next to it. The Configure Action window displays.
-
Edit the options as required and click .
17.3.3 Deleting Actions
You cannot delete an action that is associated with a deployed correlation rule or Event Menu Configuration item.
To delete an action:
-
Click .
-
Select an action and click .
-
Click to confirm.
17.3.4 Using JavaScript Actions
After an action instance is configured, it can be selected in one or more of the following locations:
-
on the tab to create right-click menu actions
-
tab when deploying a correlation rule (to be executed when a correlation rule fires)
-
Execute Incident Action within an incident (to be executed within an incident)
However, not all JavaScript actions are available in all contexts. The developer who creates the JavaScript action plug-in can define the required inputs for a JavaScript action, which determines what type of input it requires and in what contexts it can be used. For more information, see Table 17-1. For more information on using these actions, see Section 4.0, Correlation Tab, Section 5.0, Incidents Tab, and Section 12.0, Administration.
17.3.5 Developing JavaScript Actions
The information below is very basic development information about developing JavaScript actions. For more information, see Novell Developer Community web site.
Creating a JavaScript Action
JavaScript actions take advantage of the functionality and flexibility of the JavaScript language and can be used to execute actions using Sentinel system methods to do things such as:
-
Start/stop the Collectors
-
Add/remove from dynamic lists
-
Get a current event
-
Get a correlated event
-
Get a correlation event collection
-
Get an incident
-
Execute actions by using Integrators
The code sample below starts or stops a Collector based on the information in the correlated event.
importPackage(java.lang);
var CollectorName = "TC_5";
var evt = scriptEnv.getCurrentEvent();
var collNm = evt.getPort();
var outfile = new java.io.PrintWriter(new java.io.FileWriter("/opt/jaya/strtcoll.txt", true));
if(collNm && collNm.equals(CollectorName))
{
var collist = ESM.collectorsForName(collNm);
if (collist.size() > 0)
{
var coll = collist.get(0);
outfile.println("Stopping " + CollectorName);
coll.stop();
Thread.sleep(60000);
outfile.println("starting " +CollectorName);
coll.start();
}
}
else
{
outfile.println("JSTest collector does not exist");
}
outfile.close();
Debugging JavaScript Actions
You can debug JavaScript files from the Sentinel Control Center with the help of the JavaScript debugger. The JavaScript debugger is a local debugger that executes scripts with respect to the machine on which the Sentinel Control Center is running. The JavaScript debugger instantiates a debug session from the Data Access Service (DAS) machine.
A JavaScript Correlation action can only be debugged after it is associated with a fired correlation rule. Therefore, a prerequisite to debugging is to create a correlation rule that is guaranteed to fire, then associate the JavaScript correlation action with that rule.
The debugger has the following controls:
Table 17-2 Debugger Controls
To open a JavaScript Debugger:
-
Click Correlation on the menu bar and select Correlation Engine Manager. Alternatively, you can click the Correlation Engine Manager button on the toolbar.
-
Right-click a JavaScript action associated with a correlation rule and select . The Debug JavaScript Correlation Action window displays.
The screen displays the following message: Retrieved source file, waiting for associated correlation rule to fire.
The correlation rule must fire (and a correlated event or incident must be created) before you can debug the script. After the rule fires, this text panel is replaced by a debug panel and the actual debugging session begins. The following JavaScript Correlation Action window displays.
-
Click . The debugger panel displays the source code and positions the cursor on the first line of the script.
You can debug the script as many times as needed (without requiring a new correlation rule to fire). After the debugger gets to the end of the script (or after you click the Stop button), click Run again.
To debug the script by using a different rule, different correlated event, or different incident, close the Debug JavaScript Correlation Action window and repeat the debugging process.