Follow details about our environment:
CAUIM VERSION: 8.2
NAS VERSION: 4.91
SNGTW VERSION: 2.12
In our monitoring environment, we use CAUIM for network management and ServiceNow for ticket management, ITSM. We have a integration between CAUIM and ServiceNow that is performed using the SNGTW probe. The operation is simple:
- If a Major or Critical alarm is generated by CAUIM; after 5 minutes it is signed by the Auto-Operator for the Optimal user. SNGTW probe uses Optimal user to sent the alarm to ServiceNow. Done! An incident is opened using this simple workflow.
Auto-Operator Rule, we made one rule for each hub:
SNGTW Probe using the optimal user.
I think that we have used this integration since 2013 and the integration rule is that only MAJOR or CRITICAL alarms can be signed for the Optimal user, however today an alarm that was in the CLEAR status was signed for the Optimal user and therefore an incident was generated with Severity CLEAR and with Message CLEAR.
On 28-11-2017 at 08:04:02 a CLEAR alarm was assigned to optimal user, and I do not know why.
The incident was opened in ServiceNow, with a clear message and severity – CLEAR, but everything is OK with NAS configuration.
nas LOG
Nov 28 08:04:02:034 [16632] nas: ExecEvent: OVERDUE rule='Service - HS1B-Unidas', trigger='internal', nimid=BC25433479-57555, age=301s, ACTION:assign Nov 28 08:04:02:034 [16632] nas: ExecEvent: Rule='Service - HS1B-Unidas' on nimid='BC25433479-57555' with ACTION:assign, age:301s, status:OK
NAS.CFG
<Service - HS1B-Unidas>
active = yes
action = assign optimal
overdue = 5m
level = major,critical
hub = HS1B-Unidas
visible = 1
order = 16
break = no
</Service - HS1B-Unidas>
Searching on ServiceNow I encountered other cases similar to this(Severity = CLEAR) and I found 2300 cases since 2015 with 1464 incident only in 2017.
Please, would anyone have an#y suggestions or ideas about this case?