Main Contents

Fixing Zenoss Event Class Key for Syslogs

August 2, 2008

Had a problem where syslogs fed to Zenoss 2.2 were coming in as Unknown. They had no Event Class Key and therefore could not map them to an Event Class. Someone better then me at python also found the problem and came up with a solution. His post is here: http://mysql-python.blogspot.com/2008/05/zenoss-deathmatch.html. To sum it up, modify the file zenoss/Products/ZenEvents/SyslogProcessing.py. Find the function buildEventClassKey (at the very bottom) and change it to:

    def buildEventClassKey(self, evt):
        """Build the key used to find an events dictionary record. If eventClass
        is defined it is used. For NT events "Source_Evid" is used. For other
        syslog events we use the summary of the event to perform a full text
        or'ed search.
        """
        if evt.has_key('eventClassKey') or evt.has_key('eventClass'):
            return evt
        elif evt.has_key('ntevid'):
            evt['eventClassKey'] = "%s_%s" % (evt['component'],evt['ntevid'])
        elif evt.has_key('component'):
            evt['eventClassKey'] = evt['component']
        if evt.has_key('eventClassKey'):
            slog.debug("eventClassKey=%s", evt['eventClassKey'])
            try:
                evt['eventClassKey'] = evt['eventClassKey'].decode('latin-1')
            except:
                evt['eventClassKey'] = evt['eventClassKey'].decode('utf-8')
        else:
            slog.debug("no eventClassKey assigned")
        return evt

Filed under: Zenoss |

Sorry, the comment form is closed at this time.