Hi all,
First of all, thanks for replying to my other post ...Please let me make sure I
understand SEC usage correctly. What I am trying to is to use SEC to send log
entries to OpenNMS as events:
I have a subsystem installed on a CentOS 5.2 machine which generates and adds
log entries to a file called output.log which is located on the same box where
I have my OpenNMS installed.
The entries in that log file are not in the same format and I am only
interested in the ones with similar format as the one below:
[2009-01-29 10:05:19] Notification: severity = STATUS, message =
servername|192.168.1.1|CONFIG
This is the file which contains the rule: (my.conf)
# Example my.conf
# Recognize a pattern and execute send-event.pl
#
type=Single
ptype=RegExp
#pattern=^\[\d{4}(-\d\d){2}
(\d\d:){2}\d\d\].\s*Notification:\sseverity\s=.\s*(\S+).\s*message\s=.\s*(\S+)\|(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\|(CONFIG)
pattern=^\[\d{4}(-\d\d){2}
(\d\d:){2}\d\d\].\s*Notification:\sseverity\s*=\s*([^,]*),\s*message\s=.\s*(\S+)\|(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\|(CONFIG)
desc=$0
#action=write /opt/opennms/logs/syslogd.log The following new event has been
created: $0
action=shellcmd /opt/opennms/bin/send-event.pl --interface 192.168.1.1
uei.opennms.org/internal/discovery/newSuspect
And as I mentioned before, this is how I run SEC:
./sec.pl -conf=my.conf -input=/opt/collectd/var/log/output.log
I looked everywhere to find a HowTo on how to use SEC with OpenNMS but no
dice...when I run the sec command, it shows that 1 rule loaded and everything
else looks fine, so looks like it's happy with the command but what I'm trying
to find out, is if it does work on the OpenNMS side and what really happens on
that side is still not clear to me...
So I was hoping if you guys could please help me figuring this out :-)
Thanks in advance,
Honia
_________________________________________________________________
Access your email online and on the go with Windows Live Hotmail.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_AE_Access_022009------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
