Archived community.zenoss.org | full text search
Skip navigation
Up to Discussions in zenoss-users
6672 Views 8 Replies Latest reply: Aug 30, 2012 6:59 PM by agarcia RSS
Guest
Currently Being Moderated

Jan 22, 2009 11:59 AM

Syslog messages and Event Console

Is there a way to have Zenoss shows all syslogs messages via Event Console ?

2009-01-22 16:24:00 DEBUG zen.Syslog: facility=local7 severity=2
2009-01-22 16:24:00 DEBUG zen.Syslog: 108879: Jan 22 11:24:00 EST: %ISDN-6-DISCONNECT: Interface Serial1:0 disconnected from 3052596300 , call lasted 11 seconds
2009-01-22 16:24:00 DEBUG zen.Syslog: 108879: Jan 22 11:24:00 EST: %ISDN-6-DISCONNECT: Interface Serial1:0 disconnected from 3052596300 , call lasted 11 seconds
2009-01-22 16:24:00 DEBUG zen.Syslog: tag regex: ^(?P<component>.+)\[(?P<ntseverity>\D+)\] (?P<ntevid>\d+) (?P<summary>.*)
2009-01-22 16:24:00 DEBUG zen.Syslog: tag regex: %CARD-\S+:(SLOT\d+) %(?P<eventClassKey>\S+): (?P<summary>.*)
2009-01-22 16:24:00 DEBUG zen.Syslog: tag regex: %(?P<eventClassKey>(?P<component>\S+)-\d-\S+): (?P<summary>.*)
2009-01-22 16:24:00 DEBUG zen.Syslog: tag match: {'eventClassKey': 'ISDN-6-DISCONNECT', 'component': 'ISDN', 'summary': 'Interface Serial1:0 disconnected from 3052596300 , call lasted 11 seconds'}
2009-01-22 16:24:00 DEBUG zen.ZenSyslog: Sending event {'firstTime': 1232641440.8563671, 'severity': 2, 'facility': 'local7', 'eventClassKey': 'ISDN-6-DISCONNECT', 'component': 'ISDN', 'agent': 'zensyslog', 'summary': 'Interface Serial1:0 disconnected from 3052596300 , call lasted 11 seconds', 'priority': 6, 'manager': 'localhost', 'eventGroup': 'syslog', 'device': 'dremote.bkuna.com', 'lastTime': 1232641440.8563671, 'ipAddress': '10.59.250.254', 'monitor': 'localhost'}
2009-01-22 16:24:48 DEBUG zen.ZenSyslog: Sending event {'manager': 'localhost', 'timeout': 180, 'device': 'localhost', 'eventClass': '/Heartbeat', 'component': 'zensyslog', 'agent': 'zensyslog'}
2009-01-22 16:25:48 DEBUG zen.ZenSyslog: Sending event {'manager': 'localhost', 'timeout': 180, 'device': 'localhost', 'eventClass': '/Heartbeat', 'component': 'zensyslog', 'agent': 'zensyslog'}
2009-01-22 16:26:19 DEBUG zen.Syslog: host=dremote.bkuna.com, ip=10.59.250.254
2009-01-22 16:26:19 DEBUG zen.Syslog: <190>108880: Jan 22 11:26:19 EST: %ISDN-6-CONNECT: Interface Serial1:0 is now connected to 3058261884
2009-01-22 16:26:19 DEBUG zen.Syslog: fac=184 pri=6

I can the message coming in to the server. However, I don’t know how to show the “message” at the Event Console.

Any suggestions ?

Manny


The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. BankUnited is a federal savings bank.
  • jcurry ZenossMaster
    jcurry
    1,021 posts since
    Apr 15, 2008
    Currently Being Moderated
    1. Jan 22, 2009 1:44 PM (in response to Guest )
    RE: Syslog messages and Event Console
    Try pulling the paper I have just put on the Wiki. Chapter 4 discusses syslog and chapter 6 looks at event mapping with some syslog examples.
    http://www.zenoss.com/community/wiki/events-documentation-and-examples/
  • Guest
    Currently Being Moderated
    2. Jan 22, 2009 5:17 PM (in response to jcurry)
    Syslog messages and Event Console
    Jane –

    Thanks a lot for the link to your syslog document. I appreciate your assistance.

    Best regards,


    Manny


    The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. BankUnited is a federal savings bank.
  • slmiller Rank: White Belt
    slmiller
    53 posts since
    Jun 27, 2008
    Currently Being Moderated
    3. Jan 26, 2009 11:39 AM (in response to Guest )
    Syslog messages and Event Console
    This is great! I haven't yet had time to read it in-depth, but at first glance, this provides a LOT of good material.

    Thanks!

    -Scott

    On Thu, Jan 22, 2009 at 6:44 PM, jcurry <jane.curry@skills-1st.co.uk ([email]jane.curry@skills-1st.co.uk[/email])> wrote:

     

     

    Try pulling the paper I have just put on the Wiki. Chapter 4 discusses syslog and chapter 6 looks at event mapping with some syslog examples.
    http://www.zenoss.com/community/wiki/events-documentation-and-examples/







    _______________________________________________
    zenoss-users mailing list
    zenoss-users@zenoss.org ([email]zenoss-users@zenoss.org[/email])
    http://lists.zenoss.org/mailman/listinfo/zenoss-users

  • vincem Rank: White Belt
    vincem
    20 posts since
    Jan 14, 2009
    Currently Being Moderated
    4. Feb 11, 2009 2:00 PM (in response to slmiller)
    Syslog Noise
    Any transform coding experts perfected a way to acknowledge syslog events during a reboot in order to suppress multiple alerts.
    I find when I reboot a linux server it creates numerous events which we do not want reported - All We need to see is /Status/Ping down/up. If however the event occurs outside of a reboot we would like to have the events reported. This would be for both scheduled and unscheduled reboots.
  • agarcia Newbie
    agarcia
    4 posts since
    Aug 29, 2012
    Currently Being Moderated
    5. Aug 29, 2012 8:04 PM (in response to vincem)
    Re: Syslog Noise

    Did you ever figure out a way to do this? I think I may have an idea on how to write a transform to do this, but I wanted to ask first.

  • nilie Rank: Green Belt
    nilie
    372 posts since
    May 27, 2010
    Currently Being Moderated
    6. Aug 30, 2012 1:54 PM (in response to jcurry)
    Re: RE: Syslog messages and Event Console

    Jane,

     

    Can't access the URL. I'm being redirected to community/forums, a page which I'm familiar with but no trace of a wiki.

     

    Any idea ?

  • jcurry ZenossMaster
    jcurry
    1,021 posts since
    Apr 15, 2008
    Currently Being Moderated
    7. Aug 30, 2012 5:53 PM (in response to nilie)
    Re: RE: Syslog messages and Event Console

    Hmm - that was a very old append.  The document is now here - docs/DOC-3538 .

    Cheers,

    Jane

  • agarcia Newbie
    agarcia
    4 posts since
    Aug 29, 2012
    Currently Being Moderated
    8. Aug 30, 2012 6:59 PM (in response to vincem)
    Re: Syslog Noise

    Since I have revived this thread I just wanted to point out how I solved the issue raised by vincem for any people reading this in the future.

     

    After looking at the timing of all syslog messages coming in after a reboot happened between the ping down event and the ping clear event. So to get around this you could just supress or drop events for a device when its ping status is down. The following link shows how to do that in a transform.

     

    blogs/zenossblog/2009/05/28/tip-of-the-month-event-suppression

     

    Also, thanks Jane for that paper you wrote. It has proven to be extremely helpful to me in the past.

More Like This

  • Retrieving data ...