Regex. (?P<message>.*) tells python to extract what matches in the
() to a variable named 'message' which we then add to the event. So
we have changed the event message from its full form down to the
section we selected with the regex.
-EAD
On Aug 25, 2006, at 9:36 AM, Schuran, Sven wrote:
Hi,
Where to put it: Rule/regex/transform ?
What means this P<message> ?
Sven
-----Ursprüngliche Nachricht-----
Von: Erik A. Dahl [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 25. August 2006 14:45
An: General discussion of using zenoss system
Betreff: Re: AW: [zenoss-users] Event counting
Sven,
Looks like the issue is that the first 150 characters are the same
on all messages, correct? You can fix this by grabbing the unique
part to the event with a regular expression. Make an event
instance to map this event. I'm guessing a little bit due to lack
of german but something like:
eTrust-Audit\](?P<message>.*)
In the regex fields of the event instance might do it.
-EAD
On Aug 25, 2006, at 3:58 AM, Schuran, Sven wrote:
Hi,
Event text:
NOTE :[***** Computer Associates ALERT-Ereignisprotokolldatei *****]
[Anwendung:eTrust ITM][Priorität:Kritisch]
[Aktion:Broadcast,Numerischer Pager,Alphanumerischer Pager,E-
mail,Fehlerbericht,Ereignisprotokoll,SNMP,Notes,Unicenter
TNG,SMTP,eTrust-Audit][Nachricht:[Uhrzeit 24.08.2006 10:33:36: ID
129: Rechner xxxx.xxxx.xxx: Antwort 24.08.2006 17:56:05] Fehler beim
Aktualisieren von eTrust Vet Engine auf Version
30.3.3.3038.0.0][Von:xxxx.xxxx.xxxx]
Sven
-----Ursprüngliche Nachricht-----
Von: Erik A. Dahl [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 25. August 2006 02:46
An: General discussion of using zenoss system
Betreff: Re: [zenoss-users] Event counting
Sven,
By default windows have an eventClassKey that uses the source and the
event id. They should still de-duplicate using the windows
message as
well which is usually good enough. For some reason its not working
can you post and example of the event text?
-EAD
On Aug 24, 2006, at 12:13 PM, Schuran, Sven wrote:
Hi,
I have the etrust itm 8.0 Virusscanner + Global admin server.
I like to have the events generated by the Alerting system in
Zenoss.
Problem:
I am sending all events to Windows Event log, these event log is
send
as syslog message to zenoss.
All the Events have a Windows event number 1.
Is it possible to put them in diffrent Zenoss Events?
Zenoss is generating only one Warning for hundrets of warnings cause
of event number 1.
Thanks Sven
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
