cluther wrote: > On Oct 2, 2008, at 1:49 PM, Axis wrote: > > It sounds like the set of parsers that try to figure out what part of > the log is the eventClassKey, component and etc. isn't handling these > logs properly. What kind of system are these logs coming from? > > You can find these parsers in $ZENHOME/Products/ZenEvents/ > SyslogProcessing.py near the top. > _______________________________________________ > zenoss-users mailing list > [email protected] > http://lists.zenoss.org/mailman/listinfo/zenoss-users
Just wanted to say thanks again, that pointed me in the right direction. Luckily we have somebody who is kind of a regex guru and we just wrote a new parser into the SyslogProcessing.py #Windows Event Syslogs r"^\S+\s+MSWinEventLog\s+\d\s+Security\s+\d+\s+\S\S\S\s\S\S\S\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d\s+(?P<component>\d\d\d)\s+(?P<summary>.+)$", With that, it pulls the entire evenlog into the summary and uses the Event ID as the component so we can classify by event id now and use a transform on the summary portion if we need to. Way easier classifying event logs by event id's -------------------- m2f -------------------- Read this topic online here: http://forums.zenoss.com/viewtopic.php?p=26035#26035 -------------------- m2f -------------------- _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
