I'm having some problems mapping eventClasses. I'm using zensyslog and have messages as shown below. Right now, I have the messages mapping to .../Audit. What is the best way to filter messages below Audit into more groupings based on the "ACTION" below? Basically, 'ACTION: "100"' is the id of what type of audit event was triggered (100=xx 101=yy). Would regex be used? If so, could someone provide me a generic example?
SESSIONID: "2156106" ENTRYID: "1" STATEMENT: "1" USERID: "OPS$ORACLE" USERHOST: "hpts" TERMINAL: "pts/ta" ACTION: "100" RETURNCODE: "0" Thanks for your help. -------------------- m2f -------------------- Read this topic online here: http://community.zenoss.com/forums/viewtopic.php?p=16437#16437 -------------------- m2f -------------------- _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
