Sven,
Paste the example text in to the example part of the event mapping
and save. IF the regex doesn't match it will turn red.
-EAD
On Aug 25, 2006, at 10:35 AM, Schuran, Sven wrote:
Hi,
Regex is correct, I have checked with kodos.
But it is not working.
Sven
-----Ursprüngliche Nachricht-----
Von: Erik A. Dahl [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 25. August 2006 15:48
An: General discussion of using zenoss system
Betreff: Re: AW: AW: [zenoss-users] Event counting
Regex. (?P<message>.*) tells python to extract what matches in the
() to a variable named 'message' which we then add to the event.
So we have changed the event message from its full form down to the
section we selected with the regex.
-EAD
On Aug 25, 2006, at 9:36 AM, Schuran, Sven wrote:
Hi,
Where to put it: Rule/regex/transform ?
What means this P<message> ?
Sven
-----Ursprüngliche Nachricht-----
Von: Erik A. Dahl [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 25. August 2006 14:45
An: General discussion of using zenoss system
Betreff: Re: AW: [zenoss-users] Event counting
Sven,
Looks like the issue is that the first 150 characters are the same on
all messages, correct? You can fix this by grabbing the unique
part to
the event with a regular expression. Make an event instance to map
this event. I'm guessing a little bit due to lack of german but
something like:
eTrust-Audit\](?P<message>.*)
In the regex fields of the event instance might do it.
-EAD
On Aug 25, 2006, at 3:58 AM, Schuran, Sven wrote:
Hi,
Event text:
NOTE :[***** Computer Associates ALERT-Ereignisprotokolldatei *****]
[Anwendung:eTrust ITM][Priorität:Kritisch]
[Aktion:Broadcast,Numerischer Pager,Alphanumerischer Pager,E-
mail,Fehlerbericht,Ereignisprotokoll,SNMP,Notes,Unicenter
TNG,SMTP,eTrust-Audit][Nachricht:[Uhrzeit 24.08.2006 10:33:36: ID
129: Rechner xxxx.xxxx.xxx: Antwort 24.08.2006 17:56:05] Fehler beim
Aktualisieren von eTrust Vet Engine auf Version
30.3.3.3038.0.0][Von:xxxx.xxxx.xxxx]
Sven
-----Ursprüngliche Nachricht-----
Von: Erik A. Dahl [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 25. August 2006 02:46
An: General discussion of using zenoss system
Betreff: Re: [zenoss-users] Event counting
Sven,
By default windows have an eventClassKey that uses the source and
the
event id. They should still de-duplicate using the windows message
as well which is usually good enough. For some reason its not
working can you post and example of the event text?
-EAD
On Aug 24, 2006, at 12:13 PM, Schuran, Sven wrote:
Hi,
I have the etrust itm 8.0 Virusscanner + Global admin server.
I like to have the events generated by the Alerting system in
Zenoss.
Problem:
I am sending all events to Windows Event log, these event log is
send as syslog message to zenoss.
All the Events have a Windows event number 1.
Is it possible to put them in diffrent Zenoss Events?
Zenoss is generating only one Warning for hundrets of warnings
cause
of event number 1.
Thanks Sven
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
