If I understand it correctly, this question is about OpenNMS internals? Have you tried posting to OpenNMS lists first -- for me it looks like a natural place for inquiries if you have doubts how SEC output is exactly handled by OpenNMS. br, risto
Honia A wrote: > I'd really appreciate if some one could please help me with this... > > thanks in advance > > > > ------------------------------------------------------------------------ > From: [email protected] > To: [email protected] > Subject: Using SEC with OpenNMS > Date: Tue, 24 Feb 2009 08:37:49 -0500 > > > Hi all, > > First of all, thanks for replying to my other post ...Please let me make > sure I understand SEC usage correctly. What I am trying to is to use SEC > to send log entries to OpenNMS as events: > > I have a subsystem installed on a CentOS 5.2 machine which generates and > adds log entries to a file called output.log which is located on the > same box where I have my OpenNMS installed. > > The entries in that log file are not in the same format and I am only > interested in the ones with similar format as the one below: > > [2009-01-29 10:05:19] Notification: severity = STATUS, message = > servername|192.168.1.1|CONFIG > > This is the file which contains the rule: (my.conf) > > # Example my.conf > # Recognize a pattern and execute send-event.pl > # > type=Single > ptype=RegExp > #pattern=^\[\d{4}(-\d\d){2} > (\d\d:){2}\d\d\].\s*Notification:\sseverity\s=.\s*(\S+).\s*message\s=.\s*(\S+)\|(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\|(CONFIG) > pattern=^\[\d{4}(-\d\d){2} > (\d\d:){2}\d\d\].\s*Notification:\sseverity\s*=\s*([^,]*),\s*message\s=.\s*(\S+)\|(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\|(CONFIG) > desc=$0 > #action=write /opt/opennms/logs/syslogd.log The following new event has > been created: $0 > action=shellcmd /opt/opennms/bin/send-event.pl --interface 192.168.1.1 > uei.opennms.org/internal/discovery/newSuspect > > > And as I mentioned before, this is how I run SEC: > ./sec.pl -conf=my.conf -input=/opt/collectd/var/log/output.log > > I looked everywhere to find a HowTo on how to use SEC with OpenNMS but > no dice...when I run the sec command, it shows that 1 rule loaded and > everything else looks fine, so looks like it's happy with the command > but what I'm trying to find out, is if it does work on the OpenNMS side > and what really happens on that side is still not clear to me... > > So I was hoping if you guys could please help me figuring this out :-) > > Thanks in advance, > Honia > > > * > ** > * > > > > ------------------------------------------------------------------------ > Access your email online and on the go with Windows Live Hotmail. Sign > up today. > <http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_AE_Access_022009> > ------------------------------------------------------------------------ > HotmailĀ® is up to 70% faster. Now good news travels really fast. Find > out more. > <http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009> > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > > > ------------------------------------------------------------------------ > > _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
