[zenoss-users] zenhub gropping events

Fri, 12 Dec 2008 08:25:14 -0800 

Hey all, 

I am forwarding syslog events from my cisco switches to Zenoss. The messages 
were getting to zensyslog and then zensyslog proceeded to forward the even to 
zenhub. But zenhub would drop the event. 

Any ideas?

Here is the output of zensyslog and zenhub:

ZENSYSLOG.LOG

2008-12-12 11:17:14 DEBUG zen.ZenSyslog: Sending event {'firstTime': 
1229098626.978574, 'severity': 2, 'facility': 'local7', 'eventClassKey': 
'CLEAR-5-COUNTERS', 'component': 'CLEAR', 'agent': 'zensyslog', 'summary': 
'Clear counter on all interfaces by xxxxxc on console', 'priority': 5, 
'manager': 'localhost', 'eventGroup': 'syslog', 'device': 'x.x.x.x', 
'lastTime': 1229098626.978574, 'ipAddress': 'x.x.x.x', 'monitor': 'localhost'


ZENHUB.LOG

2008-12-12 11:17:14 DEBUG zen.hub: Time in sendEvent: 0.00
2008-12-12 11:17:14 DEBUG zen.hub: Servicing sendEvent in EventService
2008-12-12 11:17:14 DEBUG zen.Events: Found device=x.x.x.x
2008-12-12 11:17:14 DEBUG zen.Events: lookup eventClassKey:CLEAR-5-COUNTERS
2008-12-12 11:17:14 DEBUG zen.Events: lookup eventClassKey:defaultmapping
2008-12-12 11:17:14 DEBUG zen.Events: match 
on:/Events/Archive/instances/defaultmapping
2008-12-12 11:17:14 DEBUG zen.Events: eval rule:getattr(evt, 'agent', '') == 
'zeneventlog' and getattr(evt, 'severity',0) == 1
2008-12-12 11:17:14 DEBUG zen.Events: match 
on:/Events/Security/Login/instances/defaultmapping
2008-12-12 11:17:14 DEBUG zen.Events: regex='\d+ \S+ \S+ SEV=\d+ 
(?P<component>\S+) RPT=\d+ \S+  (?P<summary>Group \[(?P<secGroup>\S+)\] User 
\[(?P<username>\S+)\] PHASE 2 COMPLETED)' message='Clear counter on all 
interfaces by xxxxxx on console'
2008-12-12 11:17:14 DEBUG zen.Events: match 
on:/Events/Cisco/FW/instances/defaultmapping
2008-12-12 11:17:14 DEBUG zen.Events: regex='\d+ \S+ \S+ SEV=\d+ 
(?P<component>\S+) RPT=\d+ \S+ (?P<summary>Received SNMP .*)' message='Clear 
counter on all interfaces by xxxxxxx on console'
2008-12-12 11:17:14 DEBUG zen.Events: match 
on:/Events/Ignore/instances/defaultmapping_local7
2008-12-12 11:17:14 DEBUG zen.Events: eval rule:getattr(evt, 'facility', 
None)=="local7" and getattr(evt, 'priority', 0)>4
2008-12-12 11:17:14 DEBUG zen.Events: EventClass:/Ignore matched
2008-12-12 11:17:14 DEBUG zen.Events: EventClassInst=defaultmapping_local7
2008-12-12 11:17:14 DEBUG zen.Events: dropping event

Thanks all!




-------------------- m2f --------------------

Read this topic online here:
http://forums.zenoss.com/viewtopic.php?p=29101#29101

-------------------- m2f --------------------



_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users

Reply via email to