But can it make coffee?

Hi RT / RTIR people.

I have been using RT for a while now, to handle abuse@comindico.com.au
email tracking and incident resolution. I have dreamt for a long time
about some of the functionality that you are talking about…

I am not quite yet ready to evaluate rtir though - we are going through
some pains in our upgrade to RT3 at the moment, which I will not discuss
in this context.

Back to RTIR: Without being able to look at it, I would like to ask a
few “Can it do that” type questions… But first, let me describe our
how RT works for us now…

  1. Tickets are sent in to abuse@comindico.com.au or
    cert@comindico.com.au, and a ticket created. Most tickets are in the
    abuse queue at present. We are nearly up to ticket number 20,000 after
    running RT since April 12, 2002. Current volume is about 100-200 tickets
    a day.
  2. For incidents that relate to our customers as “the bad guy”, we need
    to search by IP address and date/time through radius logs to identify
    the guilty party.
  3. 99% of the time, the bad guy is not our direct customer… We usually
    forward these tickets to a downstream re-seller.
  4. The reseller does a reply to the ticket (back to the initial
    complainant) via RT, and then resolves the ticket leaving a comment
    detailing what action was taken.

Now: What I would really like is a better way of handling items 2 and 3
… (the bit where we do work!). What would be cool is:
(a) the ability to select items of text in the body of a complaint and
mark them as “bad-guy” ip addresses and “incident date/time”… And to
move these values somewhere sensible in the database; and then
(b) A script that can pass the IP address and date/time to an external
script that will return text to add into the ticket as a comment, and a
username to re-assign the ticket to automatically.

That’s my dream system… Which (if any) of the above functions can RTIR
help me out with? I’d love to help with coding, but my perl is not up to
scratch :slight_smile: Maybe this is an excuse to get into it?

Anyway, thanks Jessee for a great product.

Greg Kuhnert
abuse@comindico.com.au

Hi Greg,

I have been using RT for a while now, to handle abuse@comindico.com.au
email tracking and incident resolution. I have dreamt for a long time
about some of the functionality that you are talking about…

We’re happy to oblige!

  1. Tickets are sent in to abuse@comindico.com.au or
    cert@comindico.com.au, and a ticket created. Most tickets are in the
    abuse queue at present. We are nearly up to ticket number 20,000 after
    running RT since April 12, 2002. Current volume is about 100-200 tickets
    a day.

In the RTIR model, new reports would appear in the "Incident Reports"
queue. When you determine that it’s a real issue (and not a mistake,
or some sort of confusion on the user’s part, or spam, etc.), you
would create an Incident from the Incident Report. Relevant
information from the report will be filled in, so if the user sent in
a good description of the problem, you won’t need to cut & paste.

This incident will become the focal point for the issue.

If you receive multiple reports about the same issue, you can link all
of these reports to the same parent incident, to keep them together.

  1. For incidents that relate to our customers as “the bad guy”, we need
    to search by IP address and date/time through radius logs to identify
    the guilty party.
  2. 99% of the time, the bad guy is not our direct customer… We usually
    forward these tickets to a downstream re-seller.
  3. The reseller does a reply to the ticket (back to the initial
    complainant) via RT, and then resolves the ticket leaving a comment
    detailing what action was taken.