Hi, Even summary is not working, seems to be it is not found.
Might be something like.. useful: message=eTrust-Audit\](?P<summary>.*) So we are able to make sure the regex is checked against the message and not against only the first 150 or so characters. When I have a look at the field: dedupid With this in it: diskport|diskport alert notification server|||4|NOTE :[***** Computer Associates ALERT-Ereignisprotokolldatei *****][Anwendung:eTrust ITM][Priorität:Kritisch][Aktion:Broadcast,Numerischer Pager,Alphanumerischer Pager,E-Mail,Fehlerbericht,Ereignisprot It seems to be the regex is checked against: NOTE :[***** Computer Associates ALERT-Ereignisprotokolldatei *****][Anwendung:eTrust ITM][Priorität:Kritisch][Aktion:Broadcast,Numerischer Pager,Alphanumerischer Pager,E-Mail,Fehlerbericht,Ereignisprot So it might be useful to make sure regex is checked against the right content. Sven -----Ursprüngliche Nachricht----- Von: Erik A. Dahl [mailto:[EMAIL PROTECTED] Gesendet: Montag, 28. August 2006 14:30 An: General discussion of using zenoss system Betreff: Re: AW: AW: AW: AW: [zenoss-users] Event counting Sven sorry it should be summary eTrust-Audit\](?P<summary>.*) -EAD On Aug 28, 2006, at 8:20 AM, Schuran, Sven wrote: > Hi, > > This example and regex works, > But the are still one and not several hundreds. > > Is the variable message correct? > eTrust-Audit\](?P<message>.*) > > Sven > > > > -----Ursprüngliche Nachricht----- > Von: Erik A. Dahl [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 25. August 2006 18:03 > An: General discussion of using zenoss system > Betreff: Re: AW: AW: AW: [zenoss-users] Event counting > > Sven, > > Paste the example text in to the example part of the event mapping and > save. IF the regex doesn't match it will turn red. > > -EAD > > On Aug 25, 2006, at 10:35 AM, Schuran, Sven wrote: > >> Hi, >> >> Regex is correct, I have checked with kodos. >> >> But it is not working. >> >> Sven >> >> >> >> >> -----Ursprüngliche Nachricht----- >> Von: Erik A. Dahl [mailto:[EMAIL PROTECTED] >> Gesendet: Freitag, 25. August 2006 15:48 >> An: General discussion of using zenoss system >> Betreff: Re: AW: AW: [zenoss-users] Event counting >> >> Regex. (?P<message>.*) tells python to extract what matches in the >> () to a variable named 'message' which we then add to the event. >> So we have changed the event message from its full form down to the >> section we selected with the regex. >> >> -EAD >> >> On Aug 25, 2006, at 9:36 AM, Schuran, Sven wrote: >> >>> Hi, >>> >>> Where to put it: Rule/regex/transform ? >>> >>> What means this P<message> ? >>> >>> Sven >>> >>> -----Ursprüngliche Nachricht----- >>> Von: Erik A. Dahl [mailto:[EMAIL PROTECTED] >>> Gesendet: Freitag, 25. August 2006 14:45 >>> An: General discussion of using zenoss system >>> Betreff: Re: AW: [zenoss-users] Event counting >>> >>> Sven, >>> >>> Looks like the issue is that the first 150 characters are the same >>> on all messages, correct? You can fix this by grabbing the unique >>> part to the event with a regular expression. Make an event instance >>> to map this event. I'm guessing a little bit due to lack of german >>> but something like: >>> >>> eTrust-Audit\](?P<message>.*) >>> >>> In the regex fields of the event instance might do it. >>> >>> -EAD >>> >>> On Aug 25, 2006, at 3:58 AM, Schuran, Sven wrote: >>> >>>> Hi, >>>> >>>> Event text: >>>> >>>> NOTE :[***** Computer Associates ALERT-Ereignisprotokolldatei >>>> *****] [Anwendung:eTrust ITM][Priorität:Kritisch] >>>> [Aktion:Broadcast,Numerischer Pager,Alphanumerischer Pager,E- >>>> mail,Fehlerbericht,Ereignisprotokoll,SNMP,Notes,Unicenter >>>> TNG,SMTP,eTrust-Audit][Nachricht:[Uhrzeit 24.08.2006 10:33:36: ID >>>> 129: Rechner xxxx.xxxx.xxx: Antwort 24.08.2006 17:56:05] Fehler >>>> beim Aktualisieren von eTrust Vet Engine auf Version >>>> 30.3.3.3038.0.0][Von:xxxx.xxxx.xxxx] >>>> >>>> Sven >>>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: Erik A. Dahl [mailto:[EMAIL PROTECTED] >>>> Gesendet: Freitag, 25. August 2006 02:46 >>>> An: General discussion of using zenoss system >>>> Betreff: Re: [zenoss-users] Event counting >>>> >>>> Sven, >>>> >>>> By default windows have an eventClassKey that uses the source and >>>> the event id. They should still de-duplicate using the windows >>>> message as well which is usually good enough. For some reason its >>>> not working can you post and example of the event text? >>>> >>>> -EAD >>>> >>>> On Aug 24, 2006, at 12:13 PM, Schuran, Sven wrote: >>>> >>>>> Hi, >>>>> >>>>> I have the etrust itm 8.0 Virusscanner + Global admin server. >>>>> >>>>> I like to have the events generated by the Alerting system in >>>>> Zenoss. >>>>> >>>>> Problem: >>>>> I am sending all events to Windows Event log, these event log is >>>>> send as syslog message to zenoss. >>>>> All the Events have a Windows event number 1. >>>>> >>>>> Is it possible to put them in diffrent Zenoss Events? >>>>> Zenoss is generating only one Warning for hundrets of warnings >>>>> cause of event number 1. >>>>> >>>>> >>>>> Thanks Sven >>>>> >>>>> _______________________________________________ >>>>> zenoss-users mailing list >>>>> [email protected] >>>>> http://lists.zenoss.org/mailman/listinfo/zenoss-users >>>> >>>> _______________________________________________ >>>> zenoss-users mailing list >>>> [email protected] >>>> http://lists.zenoss.org/mailman/listinfo/zenoss-users >>>> >>>> >>>> _______________________________________________ >>>> zenoss-users mailing list >>>> [email protected] >>>> http://lists.zenoss.org/mailman/listinfo/zenoss-users >>> >>> _______________________________________________ >>> zenoss-users mailing list >>> [email protected] >>> http://lists.zenoss.org/mailman/listinfo/zenoss-users >>> >>> >>> _______________________________________________ >>> zenoss-users mailing list >>> [email protected] >>> http://lists.zenoss.org/mailman/listinfo/zenoss-users >> >> _______________________________________________ >> zenoss-users mailing list >> [email protected] >> http://lists.zenoss.org/mailman/listinfo/zenoss-users >> >> >> _______________________________________________ >> zenoss-users mailing list >> [email protected] >> http://lists.zenoss.org/mailman/listinfo/zenoss-users > > _______________________________________________ > zenoss-users mailing list > [email protected] > http://lists.zenoss.org/mailman/listinfo/zenoss-users > > > _______________________________________________ > zenoss-users mailing list > [email protected] > http://lists.zenoss.org/mailman/listinfo/zenoss-users _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
