No subject


Sun Apr 11 16:21:37 EDT 2004


downstream reseller as its correspondent.  In this case, you still
retain ownership of the incident, but its due date is set to some
point in the future (7 days by default, but that's configurable), so
that you'll be reminded to look into it again if the reseller hasn't
responded after a certain amount of time.

Another option, depending on the model that you want to use, and if
the reseller is also a user of your RTIR system, you can transfer
ownership of the incident to them, and they can take it all from
there.

   Now: What I would really like is a better way of handling items 2 and 3
   ... (the bit where we do work!). What would be cool is:
   (a) the ability to select items of text in the body of a complaint and
   mark them as "bad-guy" ip addresses and "incident date/time".... And to
   move these values somewhere sensible in the database; and then

I'm not sure what sort of action you normally take against the
"bad-guy" ips, but perhaps RTIR's Blocks feature would serve your
needs.

RTIR's "clicky" functionality in the ticket view doesn't currently
support clicking on an IP to go directly to Block creation, but I've
added it to the list as a proposed future feature.

   (b) A script that can pass the IP address and date/time to an external
   script that will return text to add into the ticket as a comment, and a
   username to re-assign the ticket to automatically.

Using a srip that triggered on Block creation, you could add a comment
and change the owner of the parent Incident.

RTIR also has a Scripted Action feature, which you could use as an
example for creating additional scripted actions.  

Currently, given a list of email addresses, the Scripted Action
feature creates one Incident per address, creates a linked
Investigation for each ticket with the address as the correspondent,
and send a message to that correspondent based on a template.  Or,
given a list of IP addresses and a WHOIS server that can return
appropriate email addresses, it can look up the addresses and then do
all of the above actions.

   That's my dream system... Which (if any) of the above functions can RTIR
   help me out with? I'd love to help with coding, but my perl is not up to
   scratch :-) Maybe this is an excuse to get into it?

So, RTIR isn't (yet) 100% of your dreams, but it sounds like most of
your dreams aren't out of the question.  Except maybe the coffee.  :-)

Thanks for your feedback.

Linda



More information about the Rtir mailing list