[zenoss-users] zensyslog parsing problem

Alan J. Gagne Thu, 04 Jan 2007 08:36:27 -0800

> Hi Alan,
> 
> I've entered a bug:
> 
>     http://dev.zenoss.org/trac/ticket/765
> 
> To work around for now, you can define a default priority for these 
> messages.
> 
> In $ZENHOME/Products/ZenEvents/SyslogProcessingThread.py, find the 
> method called parsePRI, and look for these lines:
> 
>         pri = None
>         fac = None
> 
> Change:
> 
>         pri = None
> 
> To:
> 
>         pri = 3
> 
> These instructions are untested (they are just a guess by me).  If you 
> are uncomfortable changing the source code, you'll have to wait for the 
> 1.1 or 1.0.3 release, or watch the bug for the fix.



Thanks !!!

That change stopped the errors but there are still some parsing issues.
(hostname=Thu).(summary='x.x.x.100 - Destination: y.y.y.242 - [Connection 
closed.Bytes transferred : 21222 Src 41242 Dst 81 from EXT n/w]')
Below are cuts from origlog and zensyslog.log.

ORIGLOG:
Thu, 2007-01-04 11:16:08 - TCP packet - Source: x.x.x.100 - Destination: 
y.y.y.242 - [Connection closed.Bytes transferred : 2831 Src 41248 Dst 81 from 
EXT n/w]

Thu, 2007-01-04 11:16:08 - TCP packet - Source: x.x.x.100 - Destination: 
y.y.y.242 - [Connection closed.Bytes transferred : 44570 Src 41249 Dst 81 from 
EXT n/w]

ZENSYSLOG:
2007-01-04 11:16:08 DEBUG zen.Syslog: host=router.somedomain.com, ip=r.r.r.1
2007-01-04 11:16:08 DEBUG zen.Syslog: Thu, 2007-01-04 11:16:08 - TCP packet - 
Source: x.x.x.100 - Destination: y.y.y.242 - [Connection closed.Bytes 
transferred : 21222 Src 41242 Dst 81 from EXT n/w]

2007-01-04 11:16:08 DEBUG zen.Syslog: fac=None pri=3
2007-01-04 11:16:08 DEBUG zen.Syslog: facility=unknown severity=4
2007-01-04 11:16:08 DEBUG zen.Syslog: Thu, 2007-01-04 11:16:08 - TCP packet - 
Source: x.x.x.100 - Destination: y.y.y.242 - [Connection closed.Bytes 
transferred : 21222 Src 41242 Dst 81 from EXT n/w]

2007-01-04 11:16:08 DEBUG zen.Syslog: parseHEADER hostname=Thu,
2007-01-04 11:16:08 DEBUG zen.Syslog: 2007-01-04 11:16:08 - TCP packet - 
Source: x.x.x.100 - Destination: y.y.y.242 - [Connection closed.Bytes 
transferred : 21222 Src 41242 Dst 81 from EXT n/w]
2007-01-04 11:16:08 DEBUG zen.Syslog: tag regex: 
^(?P<component>.+)\[(?P<ntseverity>\D+)\] (?P<ntevid>\d+) (?P<summary>.*)
2007-01-04 11:16:08 DEBUG zen.Syslog: tag regex: %CARD-\S+:(SLOT\d+) 
%(?P<eventClassKey>\S+): (?P<summary>.*)
2007-01-04 11:16:08 DEBUG zen.Syslog: tag regex: 
%(?P<eventClassKey>(?P<component>\S+)-\d-\S+): (?P<summary>.*)
2007-01-04 11:16:08 DEBUG zen.Syslog: tag regex: 
(?P<component>\S+)\[(?P<pid>\d+)\]: (?P<summary>.*)
2007-01-04 11:16:08 DEBUG zen.Syslog: tag regex: (?P<component>\S+): 
(?P<summary>.*)
2007-01-04 11:16:08 DEBUG zen.Syslog: tag match: {'component': 'Source', 
'summary': 'x.x.x.100 - Destination: y.y.y.242 - [Connection closed.Bytes 
transferred : 21222 Src 41242 Dst 81 from EXT n/w]'}
2007-01-04 11:16:08 DEBUG zen.Syslog: eventClassKey=Source
2007-01-04 11:16:08 DEBUG zen.Events: Found device=router.somedomain.com
2007-01-04 11:16:08 DEBUG zen.Events: lookup eventClassKey:Source
2007-01-04 11:16:08 DEBUG zen.Events: match on:/Events/Net/instances/Source
2007-01-04 11:16:08 DEBUG zen.Events: regex='' summary='x.x.x.100 - 
Destination: y.y.y.242 - [Connection closed.Bytes transferred : 21222 Src 41242 
Dst 81 from EXT n/w]'
2007-01-04 11:16:08 DEBUG zen.Events: EventClass:/Net matched
2007-01-04 11:16:08 DEBUG zen.Events: EventClassInst=Source
2007-01-04 11:16:09 DEBUG zen.Events: insert into status set 
Location='/Home',priority=3,prodState=1000,firstTime=1167927368.955,severity=4,facility='unknown',eventClassKey='Source',component='Source',DeviceGroups='|/router',summary='x.x.x.100
 - Destination: y.y.y.242 - [Connection closed.Bytes transferred : 21222 Src 
41242 Dst 81 from EXT 
n/w]',dedupid='router.somedomain.com|Source|/Net||4|x.x.x.100 - Destination: 
y.y.y.242 - [Connection closed.Bytes transferred : 21222 Src 41242 Dst 81 from 
EXT n/w]|x.x.x.100 - Destination: y.y.y.242 - [Connection closed.Bytes 
transferred : 21222 Src 41242 Dst 81 from EXT 
n/w]',eventKey='',manager='linux2.somedomain.com',Systems='|/router',device='router.somedomain.com',eventClass='/Net',lastTime=1167927368.955,ipAddress='r.r.r.1',message='x.x.x.100
 - Destination: y.y.y.242 - [Connection closed.Bytes transferred : 21222 Src 
41242 Dst 81 from EXT 
n/w]',DeviceClass='/Network/Router/Firewall',evid='0a75ad7434cde4c8ffffec0' on 
duplicate key update prodState=1000,summary='x.x.x.100 - Destination: y.y.y.242 
- [Connection closed.Bytes transferred : 21222 Src 41242 Dst 81 from EXT 
n/w]',count=count+1,lastTime=116792732007-01-04 11:16:09 DEBUG zen.Events: 
insert into detail (evid, name, value) values 
('0a75ad7434cde4c8ffffec0','hostname','Thu,'): --> 1
2007-01-04 11:16:09 DEBUG zen.Events: DELETE FROM status WHERE clearid IS NOT 
NULL: --> 068.955: --> 1



_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users

[zenoss-users] zensyslog parsing problem

Reply via email to