Introduction

Download this manual as a PDF file

This section describes the automation policies and the action policies that you can use to create an run book automation in SL1.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

What is Run Book Automation?

Run Book Automation allows you to specify actions you want SL1 to execute automatically when specific event conditions are met. Automation in SL1 is divided into two parts:

  • An automation policy defines the event conditions that can trigger an automatic action.
  • An action policy defines an action that can be triggered by an automation policy. An action policy can perform one of the following tasks:
  • Send an email message to a pre-defined list of users and/or external contacts.
  • Send an SNMP trap from SL1 to an external device.
  • Create a new ticket (using ticket templates defined in the Ticket Templates page [Registry > Ticketing > Templates]).
  • Update an existing ticket. An action policy can change the status and/or severity of an existing ticket and/or add a note to an existing ticket. For this action policy to trigger successfully, a ticket must be associated with the event that triggered the action.
  • Write an SNMP value to an existing SNMP object on an external device.
  • Query a database.
  • Run a custom python script, called a snippet.
  • Send an SNS Message to a Topic ARN (Amazon Resource Name). All subscribers to the Topic ARN will receive the message.
  • Run a PowerFlow application.
  • Send an HTTP request.

If an automation policy has a Policy Type of Scheduled, then an automation schedule from the Automation Schedule Manager page (Registry > Run Book > Schedules) is required instead of an event condition to trigger the automation. You can use an automation schedule to automatically trigger run book automations. The actions are executed according to the schedule, regardless of event status, or you can manually execute a scheduled automation policy at any time. You can also use an automation schedule as a criteria in event-triggered run book automations. For more information, see Scheduling an Automation Policy.

In addition, you can enable user-initiated automations that let a user manually trigger an automation policy and its aligned action policies in the SL1 user interface. The list of available user-initiated automations for an event are based on the organization, devices, and events that are aligned with the automation policy. For more information, see  User-initiated Automations.

Custom Settings

The process that executes run book tasks is parallelized. The default settings for parallelization are appropriate for most SL1 systems. However, the run book feature does include internal settings that can be changed to support extremely large SL1 systems. For help customizing run book for your environment, contact ScienceLogic Customer Support.

Automation Policies

An automation policy defines the event conditions that can trigger an automation action. To view a list of automation policies, create an automation policy, or edit an action policy, go to the Automation Policy Manager page (Registry > Run Book > Automation).

If an automation policy has a Policy Type of Scheduled, then an automation schedule from the Automation Schedule Manager page (Registry > Run Book > Schedules) is required instead of an event condition to trigger the automation. For more information, see Scheduling an Automation Policy.

You can enable user-initiated automations that let a user manually trigger an automation policy and its aligned action policies in the SL1 user interface. For more information, see User-initiated Automations.

When the event criteria in an automation policy are met, one or more actions are executed. These actions are defined in an action policy. To view a list of action policies, create an action policy, or edit an action policy, go to the Action Policy Manager page (Registry > Run Book > Actions).

For example, an automation policy might specify the following:

  • If the event "illicit process" occurs on device "mailserver01",
  • and the event is not cleared within five minutes,
  • then execute the action policy "Email NOC".

The action policy "Email NOC" could notify all NOC staff about the "illicit process" event.

When an automation policy executes actions, the time stamps for the actions will use the time zone defined in the System Timezone field (System > Settings > Behavior page). However, the timestamp for the Event Action Log window will display the user's local time zone, as defined in the Account Information page (Preferences > Account > Information). For more information, see My Contact Information.

Automation policies can describe the following criteria. One or more of these criteria must be met before an action is executed.

Scheduled automation works differently. For more information, see Scheduling an Automation Policy.

  • At least one of the specified events must have occurred.
  • Event(s) must have occurred on at least one of the specified devices.
  • Event(s) must have specified severity (critical, major, minor, notice, or healthy).
  • Event(s) must have specified status (event is not cleared, event is now acknowledged, ticket is not created for event).
  • Specified amount of time must elapse after the event occurs and before the other criteria are evaluated by SL1.
  • Specified text must appear in the event message.

When the criteria are met, the automation policy triggers the execution of one or more specified action policies. The automation policy specifies one or more actions to execute and the order in which to execute those actions.

To create an automation policy, go to the Automation Policy Manager page (Registry > Run Book > Automation). For details, see Automation Policies.

Action Policies

An action policy is an action that can be automatically triggered in SL1 when certain event criteria are met. To view a list of action policies, create an action policy, or edit an action policy, go to the Action Policy Manager page (Registry > Run Book > Actions). For details on creating action policies, see Action Policies.

The triggers for action policies are defined in an automation policy on the Automation Policy Manager page (Registry > Run Book > Automation).

An action policy can perform one of the following tasks:

  • Send an email message to a pre-defined list of users and/or external contacts.
  • Send an SNMP trap from SL1 to an external device.
  • Create a new ticket (using ticket templates defined in the Ticket Templates page [Registry > Ticketing > Templates]).
  • Update an existing ticket. An action policy can change the status and/or severity of an existing ticket and/or add a note to an existing ticket. For this action policy to trigger successfully, a ticket must be associated with the event that triggered the action.
  • Write an SNMP value to an existing SNMP object on an external device.
  • Query a database.
  • Run a custom Python script, called a snippet.
  • Send a Message to a Topic ARN (Amazon Resouce Name). All subscribers to the Topic ARN will receive the message.
  • Run a PowerFlow application.
  • Send an HTTP request.