On Mar 23, 2008, at 7:45 AM, gentux31 wrote:
And should I do that for every specific syslog message or can I just
say somewhere if the source is syslog then move to history?
And if so, how do I do that?
This is possible using the "defaultmapping" eventClassKey. If you
create an event mapping rule using "defaultmapping" as the
eventClassKey it will match any events that don't have any other
mapping rules that match them. It's the catch-all. Here's how you can
do this.
1. Go to Events/Archive
2. Choose Add Mapping from the EventClass Mappings menu
3. Set the ID to defaultmapping_allSyslog
4. Click into the new mapping you just created
5. Click the Edit tab
6. Change the eventClassKey to "defaultmapping"
7. Set the rule to "evt.agent == 'zensyslog'"
The /Archive event class already has the zEventAction property set to
history. This is what will cause all syslog events that aren't matched
by a more specific mapping to go directly to history.
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
