Hi, Regex is correct, I have checked with kodos.
But it is not working. Sven -----Ursprüngliche Nachricht----- Von: Erik A. Dahl [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 25. August 2006 15:48 An: General discussion of using zenoss system Betreff: Re: AW: AW: [zenoss-users] Event counting Regex. (?P<message>.*) tells python to extract what matches in the () to a variable named 'message' which we then add to the event. So we have changed the event message from its full form down to the section we selected with the regex. -EAD On Aug 25, 2006, at 9:36 AM, Schuran, Sven wrote: > Hi, > > Where to put it: Rule/regex/transform ? > > What means this P<message> ? > > Sven > > -----Ursprüngliche Nachricht----- > Von: Erik A. Dahl [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 25. August 2006 14:45 > An: General discussion of using zenoss system > Betreff: Re: AW: [zenoss-users] Event counting > > Sven, > > Looks like the issue is that the first 150 characters are the same on > all messages, correct? You can fix this by grabbing the unique part to > the event with a regular expression. Make an event instance to map > this event. I'm guessing a little bit due to lack of german but > something like: > > eTrust-Audit\](?P<message>.*) > > In the regex fields of the event instance might do it. > > -EAD > > On Aug 25, 2006, at 3:58 AM, Schuran, Sven wrote: > >> Hi, >> >> Event text: >> >> NOTE :[***** Computer Associates ALERT-Ereignisprotokolldatei *****] >> [Anwendung:eTrust ITM][Priorität:Kritisch] >> [Aktion:Broadcast,Numerischer Pager,Alphanumerischer Pager,E- >> mail,Fehlerbericht,Ereignisprotokoll,SNMP,Notes,Unicenter >> TNG,SMTP,eTrust-Audit][Nachricht:[Uhrzeit 24.08.2006 10:33:36: ID >> 129: Rechner xxxx.xxxx.xxx: Antwort 24.08.2006 17:56:05] Fehler beim >> Aktualisieren von eTrust Vet Engine auf Version >> 30.3.3.3038.0.0][Von:xxxx.xxxx.xxxx] >> >> Sven >> >> -----Ursprüngliche Nachricht----- >> Von: Erik A. Dahl [mailto:[EMAIL PROTECTED] >> Gesendet: Freitag, 25. August 2006 02:46 >> An: General discussion of using zenoss system >> Betreff: Re: [zenoss-users] Event counting >> >> Sven, >> >> By default windows have an eventClassKey that uses the source and the >> event id. They should still de-duplicate using the windows message >> as well which is usually good enough. For some reason its not >> working can you post and example of the event text? >> >> -EAD >> >> On Aug 24, 2006, at 12:13 PM, Schuran, Sven wrote: >> >>> Hi, >>> >>> I have the etrust itm 8.0 Virusscanner + Global admin server. >>> >>> I like to have the events generated by the Alerting system in >>> Zenoss. >>> >>> Problem: >>> I am sending all events to Windows Event log, these event log is >>> send as syslog message to zenoss. >>> All the Events have a Windows event number 1. >>> >>> Is it possible to put them in diffrent Zenoss Events? >>> Zenoss is generating only one Warning for hundrets of warnings cause >>> of event number 1. >>> >>> >>> Thanks Sven >>> >>> _______________________________________________ >>> zenoss-users mailing list >>> [email protected] >>> http://lists.zenoss.org/mailman/listinfo/zenoss-users >> >> _______________________________________________ >> zenoss-users mailing list >> [email protected] >> http://lists.zenoss.org/mailman/listinfo/zenoss-users >> >> >> _______________________________________________ >> zenoss-users mailing list >> [email protected] >> http://lists.zenoss.org/mailman/listinfo/zenoss-users > > _______________________________________________ > zenoss-users mailing list > [email protected] > http://lists.zenoss.org/mailman/listinfo/zenoss-users > > > _______________________________________________ > zenoss-users mailing list > [email protected] > http://lists.zenoss.org/mailman/listinfo/zenoss-users _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
