On Oct 2, 2008, at 1:49 PM, Axis wrote:
For some reason Zenoss is cutting off the main part of the syslog
when it creates a new event. Watching the syslog come across port
514 with tcpdump, the entire event is coming through. When it
displays as an event in Zenoss however part of the syslog is missing
and is causing everything to display the same and map to all the
same classes.
Whenever we create a new group or new user in active directory, the
event in Zenoss is exactly the same so we can't classify them
separately....the same goes for deletion.
It seems zenoss is cutting off the "Security Enabled Global Group
Created:" and "User Account Created:" to where the events show up as
"New Account Name: newuser...etc" both for groups and users...
I've tried setting the logorig to 1/True but nothing seems to work.
Any suggestions?
It sounds like the set of parsers that try to figure out what part of
the log is the eventClassKey, component and etc. isn't handling these
logs properly. What kind of system are these logs coming from?
You can find these parsers in $ZENHOME/Products/ZenEvents/
SyslogProcessing.py near the top.
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
