Skip navigation
3883 Views 4 Replies Latest reply: Jun 1, 2012 7:45 AM by jcurry RSS
Adam Williams Rank: White Belt 26 posts since
Oct 1, 2009
Currently Being Moderated

May 29, 2012 11:03 AM

Using Custom Event Mappings

I recevie syslog messages from printers, most HPs, eventClassKey is "printer", these get mapped to Event Class /Printer, but nothing seems to get specifically mapped to an event in that class. I have a rule of evt.message=="paper out" for /Printer/Paper_Out also a rule of  "evt.message.statswith('offline or intervention needed') and (evt.component=='printer')" for /Printer/Intervention_Required.  But these events just get mapped to /Printer.  Is there a way to "debug" this? (find out what I am doing wrong).

 

I have defined actions & severities for the events, but they do not get applied / matched to the events.

  • Mark Henwood Rank: White Belt 8 posts since
    Feb 9, 2012
    Currently Being Moderated
    1. May 29, 2012 11:42 AM (in response to Adam Williams)
    Re: Using Custom Event Mappings

    Hi Adam,

     

    I am still exploring Zenoss and have not used the command line yet, but I have set up a couple of custom rules.  On your zenoss website, go to EVENTS->EventClasses->Classes and click on the class you are intrested in.on the right.

     

    Click on the Gear next to SubClasses in the right panel and select "Add New Organizer..."  Give the subclass a name and hit the OK button.  After a little churning the new subclass should be added to the list of subclasses.

     

    If you now go back to EVENTS->Event Console, select the event you want to put in your new subclass and click the tree diagram (top left right under the Event Console button) a popup will allow you to bind the event to your new subclass.

     

    Mark

  • Mark Henwood Rank: White Belt 8 posts since
    Feb 9, 2012
    Currently Being Moderated
    3. May 31, 2012 6:22 PM (in response to Adam Williams)
    Re: Using Custom Event Mappings

    I believe the events I used had information like the source IP address in the matching criteria, which meant the event would only match that error form that address.  I edited the event definition to remove the source IP information and the event started matching for any IP. 

    I say I believe because I have not been able to locate exactly where I did that editing ( I think I edited the event definition and put the part I wanted to match in the "Rule" section.

     

    Mark

  • jcurry ZenossMaster 1,021 posts since
    Apr 15, 2008
    Currently Being Moderated
    4. Jun 1, 2012 7:45 AM (in response to Adam Williams)
    Re: Using Custom Event Mappings

    Hi Adam,

    When you are trying to create event class mappings based on the message attribute of the event, Zenoss provides the regex configuration which might be better than using a rule that tests against evt.message.  There is nothing wrong with your idea - just that regex is actually designed for the job you seem to be doing.

     

    Have you found my paper on Zenoss Event Management? http://community.zenoss.org/docs/DOC-3538 There is lots of discussion and examples in there of using rules, regex transforms and the sequence number.

     

    You are correct that it is the EventClassKey that is the fundamental match field. 

     

    Cheers,

    Jane

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 4 points
  • Helpful Answers - 2 points