Risto,
Got it thanks. I chose the second option and just typed the command inside the
my.conf right in front of the action. But I just ran into a new problem.
Although my regexp pattern is correct, but SEC fails to run properly. I don't
get any errors or anything and looks like it's running but when I check the log
file of the destination, it shows nothing has been sent out from SEC...
Here are all the work I've done so far:
my.conf
type=Single
ptype=RegExp
pattern=\[\d{4}(-\d\d){2}
(\d\d:){2}\d\d\].\s*Notification:\sseverity\s*=\s*([^,]*),\s*message\s=.\s*(\S+)\|(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\|(CONFIG)
desc=$0
action=shellcmd /opt/opennms/bin/send-event.pl
uei.mycompany.net/generic/collectd/inconsistentconfig -i 192.168.1.1
Input file
[2008-09-29 20:28:58] uc_update: Value too old: name =
server/netlink-eth0/if_tx_errors-window; value time = 1222708104; last cache
update = 1222708104;
[2008-09-29 20:28:58] uc_update: Value too old: name =
server/netlink-sit0/if_octets; value time = 1222708104; last cache update =
1222708104;
[2008-09-29 20:28:58] uc_update: Value too old: name =
server/netlink-sit0/if_packets; value time = 1222708104; last cache update =
1222708104;
[2008-09-29 20:58:59] uc_update: Value too old: name =
server/processes/state-s; value time = 1222709904; last cache update =
1222709904;
[2008-09-29 20:58:59] uc_update: Value too old: name =
server/processes/state-z; value time = 1222709904; last cache update =
1222709904;
[2009-01-29 06:50:10] Notification: severity = OKAY, message =
servername|192.168.1.179|NOCONFIG
[2009-01-29 10:05:19] Notification: severity = OKAY, message =
servername|192.168.1.172|CONFIG
The command I am running
./sec.pl -conf=my.conf -input=/opt/collectd/var/log/test.log
Then I get the following message back (which is just saying sec is working
fine):
SEC (Simple Event Correlator) 2.5.0
Reading configuration from my.conf
1 rules loaded from my.conf
Stdin connected to terminal, handler for SIGINT not installed
Before I send this email to SEC mailing list, I double checked everything on
the destination software which is OpenNMS and even manually sent the event to
the system by running this command:
/opt/opennms/bin/send-event.pl
uei.mycompany.net/generic/collectd/inconsistentconfig -i 192.168.1.1
Then checked the OpenNMS event log files and the event was listed there with no
problem, so I am pretty sure something is not configured properly on the SEC
side. Therefore I ran a couple of diagnosis tests:
1- Had SEC read the input from the terminal: ./sec.pl -conf=my.conf -input=-
Then typed this input:
[2009-01-29 10:05:19] Notification: severity = OKAY, message =
servername|192.168.1.179|CONFIG
It printed the same line as an output so if I'm not mistaken, this proves the
regexp pattern is correct.
2- Thought may be for some reasons SEC can't find the input file so I moved the
input file from /opt/collectd/var/log directory to the same directory as SEC
and tried running it again:
./sec.pl -conf=my.conf -input=test.log
Still no dice...
I can't seem to find the problem. As I mentioned earlier, I am sure the
send-event.pl command is working...
Please help me figuring this out,
Thanks in advance,
~honia
_________________________________________________________________
Windows Liveā¢ Groups: Create an online spot for your favorite groups to meet.
http://windowslive.com/online/groups?ocid=TXT_TAGLM_WL_groups_032009------------------------------------------------------------------------------
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
