event mapping in zenoss

Written in

by

Finally I understand how event mapping in Zenoss monitoring works. We are using this opnsource monitoring solution for a while and we even start to send syslogs from other hosts as another level of monitoring. Today it starts to be annoying to read tons of messages how someone mistyped mount command at one machine in recovery.

I knew from the past, that Zenoss has something called „Event Mapping“ exactly for situation like this – false positive alert. Idea is that even thou syslog send message with hight servility, you recognize it as nothing important to report and setup rule that such events are doped immediately. Only problem was that it didn’t work for me.

My key misunderstanding was, that I didn’t noticed each event has „eventKey“, „eventClass“ and „eventClassKey“! The last one is really important, because it is a main criteria for an event match with a rule. Good doccumentation of event mappings.

To setup such a rule, login as admin to your zenoss server and go to „Events“ in left menu. Navigate to the EventClass (in my case /Unknown). In bottom block „EventClass Mappings“ click triangle button and „Add mapping…“ item. Enter the name of rule and you should see something like this:

zenoss event mapping edit

Now its important to choose really „eventClassKey“ value from many event properties and enter it to second field in form. You can then enter either python code (event object is refered as „evt“) or regex. If you enter also example, Zenoss tries to match it with regex and in case it cannot, its in red.

Tags

Napsat komentář