Discussion:
Creating An Event From Syslog Information
Shane Ketterman
2013-05-31 16:09:24 UTC
Permalink
Shane Ketterman [http://community.zenoss.org/people/shaneketterman] created the discussion

"Creating An Event From Syslog Information"

To view the discussion, visit: http://community.zenoss.org/message/73423#73423

--------------------------------------------------------------
We have a situation where we have been asked to capture specific "authentication" information from a syslog.  I know that Zenoss can be a syslog collector so I am wondering if there are any good articles or tutorials on how to properly collect syslog info but more importantly, what I'd like to do is organize it such that it comes in on it's own event category that I can create such as "syslog authentication".  Then I can create reports, etc. based on the information it is collecting. 

I have looked around for Zenoss Syslog tutorials but haven's found a good one as of yet and I'm not sure how to take in a syslog message and organize it so it's separated in it's own event class.

Thanks for any advice and help!
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73423#73423]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
jmp242
2013-05-31 16:19:49 UTC
Permalink
jmp242 [http://community.zenoss.org/people/jmp242] created the discussion

"Re: Creating An Event From Syslog Information"

To view the discussion, visit: http://community.zenoss.org/message/73427#73427

--------------------------------------------------------------
This one also gets to RTM - syslog events come in as standard events. As it's an external event, you can set an event class mapping to do what you want. See Chapter 7 of the Admin guide. You probably may want to also look into event transforms to manage the event fields - Section 7.1.10 of the Admin Guide deals with those. There is also an event management paper from Jane Curry linked from zcaportal.org that dives into event management in great depth.

--
James Pulver
ZCA Member
CLASSE Computer Group
Cornell University
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73427#73427]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Shane Ketterman
2013-05-31 16:28:11 UTC
Permalink
Shane Ketterman [http://community.zenoss.org/people/shaneketterman] created the discussion

"Re: Creating An Event From Syslog Information"

To view the discussion, visit: http://community.zenoss.org/message/73432#73432

--------------------------------------------------------------
Got it! Thanks James....I'll look at that today.  And thanks again for your help - massively appreciate it.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73432#73432]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Loading...