Troy Cunningham
2012-11-06 19:30:09 UTC
Troy Cunningham [http://community.zenoss.org/people/troy%40rideau.com] created the discussion
"Event does not have an event class key"
To view the discussion, visit: http://community.zenoss.org/message/69723#69723
--------------------------------------------------------------
I've been searching these forums something fierce for a clear and concise solution to this problem. Basically, I have some syslog events that enter into zenoss without an event class key, which does two things: 1) Classifies the event as /unknown and 2) makes it so that you cannot re-classify the event. Now before someone says you should read "Zenoss Event Manager" I can tell you that I've read through the relevant section and understood very little of it. I'm not a zenoss, perl or python guru. Still, I did the research and saw people trying to do regex fixes, or transforms (none of which I could decode for my life) and a lot of people saying those solutions were wrong. So how do you fix this problem?
I am running Zenoss 3.2.1 Community on Ubuntu 10.04.3 LTS (For which there is no release of Zenoss 4.x)
If the incoming syslog message is parsed (and it is) it makes sense to me that we should be able to either a) take another section of the message and create an "event class key" or, assign a default "event class key" to incoming messages that are lacking them. Is this possible? How could I do such a thing (keeping in mind my level of knowledge)?
Thanks,
Troy
--------------------------------------------------------------
Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/69723#69723]
Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
"Event does not have an event class key"
To view the discussion, visit: http://community.zenoss.org/message/69723#69723
--------------------------------------------------------------
I've been searching these forums something fierce for a clear and concise solution to this problem. Basically, I have some syslog events that enter into zenoss without an event class key, which does two things: 1) Classifies the event as /unknown and 2) makes it so that you cannot re-classify the event. Now before someone says you should read "Zenoss Event Manager" I can tell you that I've read through the relevant section and understood very little of it. I'm not a zenoss, perl or python guru. Still, I did the research and saw people trying to do regex fixes, or transforms (none of which I could decode for my life) and a lot of people saying those solutions were wrong. So how do you fix this problem?
I am running Zenoss 3.2.1 Community on Ubuntu 10.04.3 LTS (For which there is no release of Zenoss 4.x)
If the incoming syslog message is parsed (and it is) it makes sense to me that we should be able to either a) take another section of the message and create an "event class key" or, assign a default "event class key" to incoming messages that are lacking them. Is this possible? How could I do such a thing (keeping in mind my level of knowledge)?
Thanks,
Troy
--------------------------------------------------------------
Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/69723#69723]
Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]