Just a little bit of housekeeping: I've added ticket "Add method to update syslog regexes inside of Zenoss" http://dev.zenoss.org/trac/ticket/3973 to Trac so that it can be prioritized and scheduled.
From a quick look at the code, the regular expressions match the special Python 'group' names and these get turned into the fields that get provided to the event 'evt'. To take a specific example: Code: r"^(?P<deviceModel>.*)\s(?P<eventClassKey>.*):+(?P<summary>.*)" will populate the evt object with 'deviceModel', 'eventClassKey' and 'summary'. You don't need anything really except for 'eventClassKey' and possibly 'summary', but more is nicer. :) Check out the more detailed view of the fields in evt from the Event Console to see what's available. So to try to tackle a few of the regular expressions in here: Sample: device_host_name ETHERNET_INTERFACE:eth 0/12 auto-negotiation complete Regex: r"^(?P<device>\S+)\s(?P<eventClassKey>.*):(?P<component>eth\s* \d+/\d+)\s*(?P<summary>.*)" Sample: Parameter Type Violation on server.domain.com from xxx.xxx.xxx.xxx Regex: r"^(?P<eventClassKey>Parameter Type Violation)\son\s(?P<device>.*)\sfrom (?P<reportedip>\S+)" NB: I had to make up a field there. I *think* that should work :) Make a backup copy of the SyslogProcessing.py file, make your edits, restart zensyslog and look for errors in the log file. Hopefully that helps! kells -------------------- m2f -------------------- Read this topic online here: http://forums.zenoss.com/viewtopic.php?p=26942#26942 -------------------- m2f -------------------- _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
