[rt-users] Some RTIR automation?

Mon Dec 20 05:33:36 EST 2010

Hi,

Condition looks good. On a side note I recommend you start developing
using RTIR 2.6 and a dev server, then upgrade when code is ready. We
deleted prefix _RTIR_ from custom fields and you'll have to change
that if you delay upgrade.

Start action from getting IP addresses and storing them into an array
then dumping into RT's logs. Look for usage of CustomFieldValues
method.

On Sat, Dec 18, 2010 at 4:00 AM, Landon Stewart <lstewart at superb.net> wrote:
> Hello RT-Users,
>
> To recap what I wrote about in this thread before was:
> - An incident report comes in...
> - If it has at least one IP address in the _RTIR_IP field do EITHER:
> -- Link to an existing incident by IP address *OR*
> -- Create a new incident
>
> (The goal is to automatically group Incident Reports by IP address instead
> of doing it manually.)
>
> Ruslan wrote back saying:
>>
>> It's totally doable with scrips. RTIR itself has a lot of examples
>> with bits you need. Basicly you need:
>>
>> When IR is created with and IP is set or when IP is changed from no
>> value to a value, link to existing incident or create a new one. First
>> part is a condition and second part is an action.
>>
>> For example lib/RT/Condition/RTIR_
>> BlockActivation.pm is quite close.
>> Checks whether ticket is created with active state or state is changed
>> to active.
>>
>> Action is not that straightforward, but try it and if you have
>> problems return back to us with detailed questions.
>
> OK lets talk about the Condition first...
>
> Is this enough to trigger the condition?
> my $self = shift;
> my $txn = $self->TransactionObj;
> my $type = $txn->Type;
> return 1 if $type eq 'Create'
>   && ($self->TicketObj->FirstCustomFieldValue('_RTIR_IP'));
>
> The other thing is the action... I really don't know where to start on the
> action.  I know its going to be lengthy though because there's some checks
> has to do itself to decide what the exact course of action will be.
>
> Here's what it should do, I think:
> - foreach IP address in _RTIR_IP
> -- Look for an Incident that contains that IP address
> -- When it finds one, LINK to that Incident
> -- If it does not find one, create a new Incident
>
> There will probably need to be a list of exclusions somewhere.  For example
> if someone does a lookup on a domain we host and sends a complaint about it
> they might sent the domain name, the IP address it resolves to as well as
> the IP address of our name server.  I wouldn't want every report that
> contained the IP address our name server linked to a common Incident.
>
> Also there's a what if here...  What if they report two IP addresses that
> already each have an Incident created for them.  Would I merge them all
> together into one Incident?
>
> Any ideas on where to start writing the action and reviewing the condition
> above would be appreciated.  On or off list is fine with me.
>
> Thank you!
>
> --
> Landon Stewart <LStewart at SUPERB.NET>
> SuperbHosting.Net by Superb Internet Corp.
> Toll Free (US/Canada): 888-354-6128 x 4199
> Direct: 206-438-5879
> Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
>

-- 
Best regards, Ruslan.