#38 Prioritize by alert group

Incident Grouping
closed
Tim Rupp
Interface (44)
6
2005-07-30
2005-06-01
quuxo
No

This sort of goes hand in hand with feature req 1212531.

Ultimately I would like to get away from using
SUPPRESS directives in threshold.conf - pass all alerts
to the database and use BASE to prioritize them into or
out of the reports I see.

Given the comment fields requested in 1212531, the
next step would be to have some mechanism for
defining AG's that contain sigs we want prioritize low,
high, or invisible in BASE's reports.

As an example, suppose I created an AG called
DONOTDISPLAY. Then I add sig-id's 1447 and 1448 to
it. These alerts would be added to the database, but I
wouldn't see them from any of the reports reachable by
clicking links on BASE's home page. To see items from
the DONOTDISPLAY AG, I'd have to go to the AG
maintenance page and click that AG.

Likewise we could have some other keywords, possibly
even combinable:

DONOTDISPLAY
HIPRIORITY
LOWPRIORITY
AUTOARCHIVE

and finally there's two other reports that would become
pretty valuable in such a setting: 1) the report of all
alerts in the database which are not in /any/ AG, and 2)
a report of all items that are in /multiple/ AGs.

Well that's my 2 cents. Thank you for BASE (and ACID
which precedes it!).

Discussion

  • Joel Esler

    Joel Esler - 2005-06-01
    • labels: 615364 --> Interface
    • milestone: --> 467936
    • priority: 5 --> 6
    • assigned_to: nobody --> caphrim007
     
  • Joel Esler

    Joel Esler - 2005-06-01
    • milestone: 467936 --> Incident Grouping
     
  • Kevin Johnson

    Kevin Johnson - 2005-07-30
    • status: open --> closed
     
  • Kevin Johnson

    Kevin Johnson - 2005-07-30

    Logged In: YES
    user_id=836228

    Part of the TODO for 2.x