Hi,
I am trying to configure a combination of bad_if, bad_if_regexp, good_if, etc… that fits to me.
I would like to add only interfaces that has a concrete description configured. The issue is that if I apply this config i.e:
$config[‘bad_if_regexp’][] = ‘/(Ethernet)/’;
To ignore the rest of inerfaces, it looks that has more priority than the configured good_ifalias_regexp i.e:
$config[‘good_ifalias_regexp’][] = ‘/(SWITCH|ROUTER|AP)/’;
I assume you want to specify the relavant interfaces for your alert rules… like only alert “port down” if the port description contains some certain pattern?
I am using an alert macro for that:
$config[‘alert’][‘macros’][‘rule’][‘port_isrelevant’] = ‘((%ports.ifAlias like “%_WATCHME%” || %ports.ifAlias like “beginning_of_ifAlias%” || %ports.ifAlias like “%end_of_ifAlias” || %ports.ifAlias like “%something_in_between%” && not %ports.ifAlias like “%_IGNOREME%”)’;
I have more than 20 strings in my interface descriptions that specifify the ports I’m interested in… this can only be done in an alert macro.
The string “_WATCHME” can be set in an interface-description that would not match otherwise.
The string “_IGNOREME” can be set to exclude an interface of which the interface-description would match otherwise.
In the alert rule I can check for “macros.port_isrelevant” to be true.