Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog

Want to play with Rule ID's?

Created: 29 Jun 2009
Guido Langendorff's picture
+1 1 Vote
Login to vote

Ever wanted to, not only know which rule has run, but also want to work with that data?

I did and here are my findings so far as I have not found any historical information on this matter here.

Looking in the workitem_details_view, there is a filed called workitem_rules_fired. In here the rules are stored that are started after the saving of that "workitem_number" - "workitem_version".
When you start looking for these ID's you will see no rules has the same ID as stored in workitem_xxx_view (xxx = does not matter which workitem view you are looking at).

Going through all the views/tables I found the following:
All rules defined by Altiris or created in your company, are "stored" in wu_custom_instance_view view. Strange thing is, the value of ID's in the workitem_xxx_views are completely different in comparisson with wu_custom_instance_view. So when I search further I found workitem_wuci_join_view (which was not so hard to do). This view keeps track of all the rules/workitem/version combination. This view is used to show in a console the overview of rules that ran for an incident. The wuci ID's are used in the workitem_xxx_views.

This information you can use to further automate your helpdesk process

If you have anything to add to this, please do. It is not yet fully revealed with this information only.

Guido