Assuming "alarm on detected reboot" is checked on in "Advanced" section in "cdm" probe, how to ensure that every reboot alarm is logged as a separate alarm instead of getting de-duplicated with exsiting alarm ?
I thought of a few ways you might be able to do this, but I think is is by far the simplest option:
Setup an AO pre-processing rule that makes the reboot alarms invisible when they come in. Then setup an AO profile that matches the same alarms on arrival and runs a script. In the script, generate a new alarm using the rawalarm() function here:
(Note that there is a correction for the rawalarm() fuction mentioned further down in that thread.)
You can use the rawalarm() function to create a new alarm that matches the original in every way, but you can use a different suppression key. If the suppression key is unique on every reboot alarm, they will not suppress (unless you have the NAS configured to ignore suppression keys). If you do not care about the new alarm looking like the original, you may even be able to do this without a script (maybe not) or with a simpler script.
Then the script can close the original alarm, so the next time a reboot happens, it would create a new invisible alarm and trigger this process again.
Thanks for the solution. I will try the same in my development environment. I would like the upcoming versions of the "cdm" probe to specify an additional option on whether the reboot alarm to be de-duplicated or different.
Retrieving data ...