Event Policy Not working when deployed to the Nimsoft connector.

Document ID : KB000008025
Last Modified Date : 14/02/2018
Show Technical Document Details

An event policy(see below) configured to update the userattribute6 with an extract of
an alert message and localhost does not work when deployed to the Nimsoft connector.

The same policy works when deployed to the UC or MTC connector.


<Catalog version='1.0'>
<EventClass name='Alert'>
        <Field input='Summary' output='eventtype' outval='SOX_UIM_User' pattern='^.*4625.*$' />
<EventClass name='SOX_UIM_User' extends='Alert'>
        <Field output='temp_parse_userAttribute60' pattern='^[^*]+(.*0Account\sName:.*Account).*.*' input='Message' />
        <Field conditional='temp_parse_userAttribute60' output='userAttribute6' format='{1}|{0}' input='{localhost},temp_parse_userAttribute60' />
        <Field  conditional='!MdrProduct' output='MdrProduct' format='{0}' input='AlertedMdrProduct' />
        <Field  conditional='!MdrProdInstance' output='MdrProdInstance' format='{0}' input='AlertedMdrProdInstance' />
        <Field  output='ClassName' format='Alert' input='' />


SOI 3.3 + RO94182Nimsoft connector. Build:

UIM connector provides variables as "summary" and "message" and not Summary and Message


1) Open the policy file in the ..\extensions folder on the UIM connector machine and change "Summary" to "summary" and "Message" to "message"
2) Stop Catalyst Container service
3) Start Catalyst Container service