Archived community.zenoss.org | full text search
Skip navigation
Up to Discussions in zenoss-users
3879 Views 4 Replies Latest reply: Jun 1, 2012 7:45 AM by jcurry RSS
Adam Williams Rank: White Belt
Adam Williams
26 posts since
Oct 1, 2009
Currently Being Moderated

May 29, 2012 11:03 AM

Using Custom Event Mappings

I recevie syslog messages from printers, most HPs, eventClassKey is "printer", these get mapped to Event Class /Printer, but nothing seems to get specifically mapped to an event in that class. I have a rule of evt.message=="paper out" for /Printer/Paper_Out also a rule of  "evt.message.statswith('offline or intervention needed') and (evt.component=='printer')" for /Printer/Intervention_Required.  But these events just get mapped to /Printer.  Is there a way to "debug" this? (find out what I am doing wrong).

 

I have defined actions & severities for the events, but they do not get applied / matched to the events.

Tags: rules, event_class, printer_toner, printers, event_mapping
  • Mark Henwood Rank: White Belt
    Mark Henwood
    8 posts since
    Feb 9, 2012
    Currently Being Moderated
    1. May 29, 2012 11:42 AM (in response to Adam Williams)
    Re: Using Custom Event Mappings

    Hi Adam,

     

    I am still exploring Zenoss and have not used the command line yet, but I have set up a couple of custom rules.  On your zenoss website, go to EVENTS->EventClasses->Classes and click on the class you are intrested in.on the right.

     

    Click on the Gear next to SubClasses in the right panel and select "Add New Organizer..."  Give the subclass a name and hit the OK button.  After a little churning the new subclass should be added to the list of subclasses.

     

    If you now go back to EVENTS->Event Console, select the event you want to put in your new subclass and click the tree diagram (top left right under the Event Console button) a popup will allow you to bind the event to your new subclass.

     

    Mark

  • Adam Williams Rank: White Belt
    Adam Williams
    26 posts since
    Oct 1, 2009
    Currently Being Moderated
    2. May 29, 2012 1:38 PM (in response to Mark Henwood)
    Re: Using Custom Event Mappings

    If you now go back to EVENTS->Event Console, select the event you want to put in your new subclass and click the tree diagram (top left right under the Event Console button) a popup will allow you to bind the event to your new subclass.

     

    These event classes were originally created using the Map-Event functionality from the event console.  The issue is that they do not get matched to events.

     

    Under Events -> Perf -> Interface I've creared an EventClassMapping of WAN_High_Utilization with a rule/evaluation of "evt.message.startswith('threshold of high utilization exceeded') and evt.component.startswith('Serial') and evt.DeviceClass.startswith('/Network/Router/Cisco/')" and then a transform of the message.  But I still get the same message as before.

     

    Clearly I'm missing something that puts this-and-that together.   But I already have the entries under "Event Classes".

     

    My understanding is that the Event Class Key of the mapping must match the eventClassKey of the generated event; and then rules are evaluated to perform further matching [I watched the webinar on ZenOSS event mapping].

  • Mark Henwood Rank: White Belt
    Mark Henwood
    8 posts since
    Feb 9, 2012
    Currently Being Moderated
    3. May 31, 2012 6:22 PM (in response to Adam Williams)
    Re: Using Custom Event Mappings

    I believe the events I used had information like the source IP address in the matching criteria, which meant the event would only match that error form that address.  I edited the event definition to remove the source IP information and the event started matching for any IP. 

    I say I believe because I have not been able to locate exactly where I did that editing ( I think I edited the event definition and put the part I wanted to match in the "Rule" section.

     

    Mark

  • jcurry ZenossMaster
    jcurry
    1,021 posts since
    Apr 15, 2008
    Currently Being Moderated
    4. Jun 1, 2012 7:45 AM (in response to Adam Williams)
    Re: Using Custom Event Mappings

    Hi Adam,

    When you are trying to create event class mappings based on the message attribute of the event, Zenoss provides the regex configuration which might be better than using a rule that tests against evt.message.  There is nothing wrong with your idea - just that regex is actually designed for the job you seem to be doing.

     

    Have you found my paper on Zenoss Event Management? docs/DOC-3538 There is lots of discussion and examples in there of using rules, regex transforms and the sequence number.

     

    You are correct that it is the EventClassKey that is the fundamental match field. 

     

    Cheers,

    Jane

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 4 points
  • Helpful Answers - 2 points