Common Request Parameters
A set of Common Request Parameters are required for each of the Alert Service operations. When using the CreateAlert or UpdateAlert operations, you must specify the alertRules parameter.
Common Request Parameters usage must follow several rules:
- You must specify a value for all Required Common Request Parameters.
- All Common Request parameters must be implemented in the order in which they appear in the Request Parameters section for each of the Alert Service operations.
- For Common Request Parameters, you must specify the value of the parameter only. Note that LogLogic expects the values in the order defined in this document.
- All values for Common Request Parameters must be enclosed by double quotation marks (“value”).
Parameter | Description | Values | Required | Type |
---|---|---|---|---|
authToken | Token string returned from the authentication service or the “username/password”. | yes | string | |
applianceIp | The managed Appliance on which you perform the operation.
If the value is blank, it retrieves the Appliance IP address from the local Appliance. This parameter is available only for Management Station Appliances using operations with Remote in the name. |
IP address of a managed Appliance. To specify an IP address, use the standard IP address format. For example:
10.1.2.3 |
yes
(for xxxxRemote operations only) |
string |
alertType | Type of alert, such as Network Policy Alert or System Alert. | For a list of alert types, see Alert Types. | yes | string |
name | Name of the alert. | Any text up to 64 characters in length. | yes | string |
desc | Description for the remote device. | Any text up to 64 characters in length. | optional | string |
priorityName | Priority level of the alert. | Possible values:
low, medium, and, high |
yes | string |
enabled | Determines if the alert is enabled or disabled.
(Appears as enabled or disabled in returned value.) |
Possible values:
yes — enabled no — disabled The default is no. |
yes | string |
deviceNames | List of devices. Valid entries contain one or more devices and/or device groups.
To see a list of all available devices and device groups, use the Devices tab in the LogLogic Appliance user interface. To access the Devices tab, click Alerts > Manage Alerts Rules, click the Add New button, select an alert type, and then click the Devices tab. |
List of valid devices and/or groups. Use a forward slash (/) as a delimiter for multiple entries. For example:
10.1.1.1/10.1.1.7 If a device has a forward slash (/) in the name, such as HP/UX or IBM i5/OS, you must replace the forward slash with %2F. (The F is case-sensitive.) For example: HP%2FUX |
yes | string |
usernames | User names for the alerts. Specify a single user or a user group. | Use a forward slash (/) as a delimiter for multiple entries. For example:
user1/usergroup7 |
yes | string |
trapIds | Trap name or IP Address to send the SNMP messages when the alert is triggered. | Use a forward slash (/) as a delimiter for multiple entries. For example:
trap1/trap2/trap3 |
yes | string |
resetTime | Time to wait between alerts that are generated.
The Appliance does not issue an additional alert of the same type until the resetTime elapses. |
Any positive integer.
The value is in seconds. For example, the value 120 represents two minutes. |
yes | number |
trackIndividualDevice | Enables or disables individual device tracking. | Possible values:
yes— enabled no — disabled The default is no. |
yes | string |
alertRules | Alert rule specific to the alert type. | See Alert-Specific Request Parameters for a list of specific alert rules for each alert type. | yes | string |
snmpOId | Specifies an SNMP OID to identify the originator of this alert. | Any valid SNMP OID | no | string |
changeNameTo | New name of the alert.
If empty, the object name is unchanged. |
Any text up to 64 characters in length. | yes
(for updateAlert and updateAlert Remote only) |
string |
filters | List of expressions applied to narrow down affected alert logs.
Filters are used only in getAlertHistory and removeAlertHistory operations. The priority and type filters work the same way as the drop-down boxes in alert viewer. For example, /Priority/=/All_System/ returns all system alerts. The New_Entry, Offset and Count filters are used only in getAlertHistory operation. When New_Entry is set to true. It will return only new logs since the last call to getAlertHistory with New_Entry turned on. If this is the first time, then all alert logs will be returned. Count allows you to specify how many alert logs will be returned. The maximum count is 10,000. Offset allows you to specify the start offset. It is zero-based. Because you cannot return all alert logs at once if the total amount exceeds the maximum value. You have to use offset to get remaining alert logs. |
Values must use the format:
/filtername/=/Value/ The valid filter names are "Type", "Priority", "Offset", "Count" and "New_Entry". "Type" supports "Unacknowledged", "Acknowledged" and "All". "Priority" supports "High", "Medium", "Low", “All_System” and "All". “Count” and “Offset” can not be negative. "New_Entry" supports "True" or "False". If the filters are not present, the default is all types, all priorities, 0, 1000 and New_Entry set to false. |
no | Array of string |
keyList | A list consists of keys returned from getAlertHistory operation. | With getAlertHistory operation, you will retrieve a list of alert logs. The key value can be obtained from the key attribute of an alert log. | yes | Array of string |