Hi,
I'm not sure this is the right way to clear the event/alarm.
basically, I end up adding another type with severity 2 and
have up event point to the new type. Without a new type, the
event will not be cleared. That is, an "abc" type event with
"up" state has the same display (fg/bg color) as an "abc" type
event with the "down" state. I'm not sure if it related to
undefineded or failed to find interfaces, which is my another
problem--my interfaces from syslog can not be recognized by
jffnms. Both host and interface are identified by ip
addresses. Hosts that are defined have the correct name/zone
displayed. But not the interfaces.
Min
PS: Below are my example, all data are from db tables (not
from GUI). (Craig, you may want to add some examples in the
document to guide people on how new types are defined/works)
Syslog:
1) 41511; <--- down event
"2005-04-01 20:36:57";
"172.16.0.1";
"2005-04-01 20:36:57";
"host=172.16.0.1, ABC-PROB:172.16.16.1, DOWN at 172.16.16.2";
"10241";
"1"
2) 41514; <--- up event
"2005-04-01 20:37:33";
"172.16.0.1";
"2005-04-01 20:37:33";
"host=172.16.0.1, ABC-PROB:172.16.16.1, UP";
"10244";
"1"
Syslog_types:
1) 34023;
"10001";
"ABC-PROB:(\d+\.\d+\.\d+\.\d+), (.*UP)";
"1"; <---- above IP map to a interface, but failed to related
to defined interface when the event is displayed
"abc";
"up";
"2";
"101";
"3"
2)34056;
"10002";
"ABC-PROB:(\d+\.\d+\.\d+\.\d+), (.*DOWN at.*)";
"1";
"abc";
"down";
"2";
"100";
"3"
Types:
1) 35791;
"100";
"ABC";
"4";
"<interface>: <info>";
"1";
"1"; <-- tried it with different values(==types) but no
difference
"0";
"1";
"1"
2) 41542; <-- new type added later to allow up event map to diff
severity
"101";
"ABC";
"2";
"<interface>: <info>";
"1";
"1";
"0";
"1";
"1"
Events:
1) 41520;
"11461";
"2005-04-01 20:36:57";
"100";
"3"; <--- able to find the right host ID
"172.16.16.1"; <-- failed to find the interface ID?
"down";
"abc";
"DOWN at 172.16.16.2";
"10241";
"0";
"0"
2) 41523;
"11464";
"2005-04-01 20:37:33";
"101"; <--- was 100 before mapping to the new type, color not
changed
"3"; <--- able to find the righ host ID
"172.16.16.1"; <-- failed to find the interface ID?
"up";
"abc";
"UP";
"10244";
"0";
"0"
-----Original Message-----
From: Min Qiu
Sent: Wednesday, March 30, 2005 6:28 PM
To: [email protected]
Subject: RE: [jffnms-users] How to clear syslog alerts
I believed I got the type and host right (event view display the right
type name an host name). However, I'm not sure I fed the right
interface. I used the ip address and... the ip I fed does not defined
in hosts/interfaces table.
Anything wrong?
Thanks,
Min
-----Original Message-----
From: Craig Small [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 30, 2005 5:44 PM
To: [email protected]
Subject: Re: [jffnms-users] How to clear syslog alerts
On Wed, Mar 30, 2005 at 04:37:14PM -0500, Min Qiu wrote:
> I've tried to use state="up"/"down", I've also tried to use 100 in
> types.alarm_up but failed to change the color.
> Do I need to define another type with severity=1 and have
> types.alarm_up pointed to the new type? It appears I miss-understood
> how things are worked. Please help.
The consolidator will clear the down event when it sees an up event that
has the same type, host and interface.
If you dont need an interface field then put something in there and
don't show it up in the event.
- Craig
--
Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA
DFA5
Eye-Net Consulting http://www.enc.com.au/ MIEE Debian
developer
csmall at : enc.com.au ieee.org
debian.org
-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
_______________________________________________
jffnms-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jffnms-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id�396&op=click
_______________________________________________
jffnms-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jffnms-users
