Discussion:
Cisco Syslog Priority and Zenoss Event Severity
aletatone
2012-10-03 14:42:23 UTC
Permalink
aletatone [http://community.zenoss.org/people/aletatone] created the discussion

"Cisco Syslog Priority and Zenoss Event Severity"

To view the discussion, visit: http://community.zenoss.org/message/68837#68837

--------------------------------------------------------------
Hi,

is there anyone of you than could explain me the relationship between
cisco syslog priority and zenoss event severity?

I didn't understand how zenoss assigns event severity when It receives
a Cisco Syslog.
For Example:

%SYS-2-INTSCHED: 'suspend' at level 2 -Process= "...   ---> Cisco Priority 2 ----> Zenoss Event Critical


SYS-5-CONFIG_I: Configured from console  ---> Cisco Priority 5 ----> Zenoss Event Info

I found a table in this file: http://community.zenoss.org/docs/DOC-3538 http://community.zenoss.org/docs/DOC-3538
but it doesn't match.

Thanks
Alex
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68837#68837]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
nilie
2012-10-03 17:18:05 UTC
Permalink
nilie [http://community.zenoss.org/people/nilie] created the discussion

"Re: Cisco Syslog Priority and Zenoss Event Severity"

To view the discussion, visit: http://community.zenoss.org/message/68838#68838

--------------------------------------------------------------
According to page 28 of the document you are mentioning,

* *syslog priority < 3 (emerg, alert, crit) map to Zenoss severity 5 (Critical)*
* syslog priority 3 (err) maps to Zenoss severity 4 (Error)
* syslog priority 4 (warning) maps to Zenoss severity 3 (Warning)
* *syslog priority 5 or 6 (notice , info) map to Zenoss severity 2 (Info)*

So you have a Cisco priority 2 (Critical) mapped into a Zenoss severity 5 (Critical) -- See rule #1 -- and a Cisco priority 5 (Notice) mapped into Zenoss severity 2 (Informational) -- See rule #4. By default Zenoss is doing it pretty much right but you can further play with severity in Zenoss increasing or decreasing it for certain classes of events generated from syslog messages.

Hoping this will help
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68838#68838]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Loading...