Package Products :: Package ZenEvents :: Module SyslogProcessing :: Class SyslogProcessor
[hide private]
[frames] | no frames]

Class SyslogProcessor

source code

object --+
         |
        SyslogProcessor

Class to process syslog messages and convert them into events viewable in the Zenoss event console.

Instance Methods [hide private]
 
__init__(self, sendEvent, minpriority, parsehost, monitor, defaultPriority)
Initializer
source code
 
process(self, msg, ipaddr, host, rtime)
Process an event from syslog and convert to a Zenoss event
source code
 
parsePRI(self, evt, msg)
Parse RFC-3164 PRI part of syslog message to get facility and priority.
source code
 
defaultSeverityMap(self, pri)
Default mapping from syslog priority to severity.
source code
 
parseHEADER(self, evt, msg)
Parse RFC-3164 HEADER part of syslog message.
source code
 
parseTag(self, evt, msg)
Parse the RFC-3164 tag of the syslog message using the regex defined at the top of this module.
source code
 
buildEventClassKey(self, evt)
Build the key used to find an events dictionary record.
source code
Class Variables [hide private]
  timeParse = re.compile("^(\S{3} [\d ]{2} [\d ]{2}:[\d ]{2}:[\d...
  notHostSearch = re.compile("[\[:]").search
Method Details [hide private]

__init__(self, sendEvent, minpriority, parsehost, monitor, defaultPriority)
(Constructor)

source code 

Initializer

Parameters:
  • sendEvent (string) - message from a remote host
  • minpriority (integer) - ignore anything under this priority
  • parsehost (string) - hostname where this parser is running
  • monitor (string) - name of the distributed collector monitor
  • defaultPriority (integer) - priority to use if it can't be understood from the received packet
Overrides: object.__init__

process(self, msg, ipaddr, host, rtime)

source code 

Process an event from syslog and convert to a Zenoss event

Parameters:
  • msg (string) - message from a remote host
  • ipaddr (string) - IP address of the remote host
  • host (string) - remote host's name
  • rtime (string) - time as reported by the remote host

parsePRI(self, evt, msg)

source code 

Parse RFC-3164 PRI part of syslog message to get facility and priority.

Parameters:
  • evt (dictionary) - dictionary of event properties
  • msg (string) - message from host
Returns:
tuple of dictionary of event properties and the message

defaultSeverityMap(self, pri)

source code 

Default mapping from syslog priority to severity.

Parameters:
  • pri (integer) - syslog priority from host
Returns:
numeric severity

parseHEADER(self, evt, msg)

source code 

Parse RFC-3164 HEADER part of syslog message. TIMESTAMP format is: MMM HH:MM:SS and host is next token without the characters '[' or ':'.

Parameters:
  • evt (dictionary) - dictionary of event properties
  • msg (string) - message from host
Returns:
tuple of dictionary of event properties and the message

parseTag(self, evt, msg)

source code 

Parse the RFC-3164 tag of the syslog message using the regex defined at the top of this module.

Parameters:
  • evt (dictionary) - dictionary of event properties
  • msg (string) - message from host
Returns:
dictionary of event properties

buildEventClassKey(self, evt)

source code 

Build the key used to find an events dictionary record. If eventClass is defined it is used. For NT events "Source_Evid" is used. For other syslog events we use the summary of the event to perform a full text or'ed search.

Parameters:
  • evt (dictionary) - dictionary of event properties
Returns:
dictionary of event properties

Class Variable Details [hide private]

timeParse

Value:
re.compile("^(\S{3} [\d ]{2} [\d ]{2}:[\d ]{2}:[\d ]{2}) (.*)").search