Sven,
Try adding --parsehost when you run zensyslog that should (I hope :))
get the hostname for you. I haven't run using ntsyslog in a while
how is it going? Evtsys is totally depricated so I will make its
line the ntsyslog line in the trunk. Let me know if parsehost
works. You can put it in the zensyslog.conf file as well like:
parsehost True
-EAD
On Jun 16, 2006, at 10:38 AM, Schuran, Sven wrote:
Hi again,
Fixed it a little bit,
r"^(?P<hostspec>\S+) (?P<component>.*)\[(?P<ntseverity>\D+)\] (?
P<ntevid>\d+) (?P<summary>.*)",
First ist just to skip the hostname, there are some Windows
componets with more than one word.
Thanks Sven
-----Ursprüngliche Nachricht-----
Von: Schuran, Sven
Gesendet: Freitag, 16. Juni 2006 15:35
An: General discussion of using zenoss system
Betreff: AW: [zenoss-users] Event parseing
Hi,
Seems to work fine, please add parser into the trunk.
Thanks Sven
-----Ursprüngliche Nachricht-----
Von: Schuran, Sven
Gesendet: Freitag, 16. Juni 2006 14:53
An: General discussion of using zenoss system
Betreff: [zenoss-users] Event parseing
Hi,
I send my Windows Server Events via syslog to zenoss.
Example, but Parse Error appears.
2006-06-16 14:47:46 WARNING zen.Syslog: parseTag failed:'diskport
perflib[error] 1008 Die Open-Prozedur für den Dienst "ASP" in der
DL"C:\WINNT\System32\aspperf.dll" ist fehlgeschlagen.
DiSystemleistungsdaten für diesen Dienst sind nichverfügbar. Der
zurückgegebene Statuscode ist DWORD 0.'
I Try to add to Event parse section, is this correct?
Thanks Sven
# Regular expressions that parse syslog tags from different sources
parsers = (
# evtsys windows msg
r"^evtsys: (?P<component>.+)\[(?P<ntseverity>\D+)\] (?P<ntevid>\d+)
(?P<summary>.*)",
# added
r"(?P<component>.+)\[(?P<ntseverity>\D+)\] (?P<ntevid>\d+) (?
P<summary>.*)",
# cisco msg with card inicator
r"%CARD-\S+:(SLOT\d+) %(?P<eventClassKey>\S+): (?P<summary>.*)",
# cisco standard msg
r"%(?P<eventClassKey>(?P<component>\S+)-\d-\S+): (?P<summary>.*)",
# unix syslog with pid
r"(?P<component>\S+)\[(?P<pid>\d+)\]: (?P<summary>.*)",
# unix syslog without pid
r"(?P<component>\S+): (?P<summary>.*)",
)
-----Ursprüngliche Nachricht-----
Von: Erik A. Dahl [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 16. Juni 2006 00:40
An: General discussion of using zenoss system; zenoss-
[EMAIL PROTECTED]
Betreff: [zenoss-users] ANNOUNCE: Zenoss-0.20.1
Version 0.20.1 of Zenoss is available for download.
This version fixes several issues, upgrades to Twisted-2.4 and adds
finer grained monitoring control on device components such as:
IpInterfaces, FileSystems, and HardDisks.
Project Home:
http://www.zenoss.org/
To download:
http://www.zenoss.org/download
Release Notes:
http://dev.zenoss.org/trac/wiki/zenoss-0.20
-----------
Project Blurb:
Zenoss is a GPL licensed enterprise grade monitoring system that
provides Inventory/Configuration, Event, Performance and
Availability management in a single integrated package. It is
written in Python using the Zope web application framework and
Twisted network programming environment. Zenoss is designed to be
easy to use for a beginner yet flexible and powerful enough for the
advanced user
Enjoy,
-EAD
Erik Dahl
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
