4.2.5 eventd.log warning
22 views
Skip to first unread message
Sam Nirmal
May 30, 2023, 1:53:38 PM5/30/23
to zenos...@googlegroups.com
Hi,
In the log, i see this warning for all event classes..
WARNING root EventClassInst: <rule-name> rule failure: oid
I see the rule is defind but not sure why this warning appears in the log.
evt.oid.startswith('<oid>')
Thanks
Jane Curry
May 31, 2023, 8:15:35 AM5/31/23
to Zenoss Core
I am running 4.2.5 also so we should be on the same event architecture.
Couple of initial questions:
What event class contains this rule statement? The implication from your log line is that you have applied it to the very top-level "root" event class, which probably isn't what you want?
Presumably in your actual rule statement you do not have the diamond brackets around your oid, just the quotes?
If you want more discussion on event management with rules, regexes and transforms, you might pull my "Event Management for Zenoss Core 4" paper from https://www.skills-1st.co.uk/papers/jane/zenoss4-events/
I have the following rule on an event class /Traps which works and produces no errors in zeneventd.log:
getattr(evt,'agent','') == 'zentrap' and evt.summary.find('Hello') != 0 and evt.oid.startswith('1.3.6.1.4.1.123')
Note that there is no colon at the end of the rule line as you might expect if you were writing a standard python test.
It is only the last test for evt.oid that you care about. A better way of testing that would be:
getattr(evt,'agent','') == 'zentrap' and evt.summary.find('Hello') != 0 and getattr(evt,'oid','2').strip().startswith('1.3.6.1.4.1.123')
I am using getattr on the evt dictionary to get the 'oid' attribute and if that fails then the default value will be '2' (which clearly does not start with 1.3.6.1.4.1.123).
I have also stripped the oid attribute just in case there is white space at the start or end of the oid string.
To test, I have put on a little transform:
evt.summary = 'JC ' + evt.summary
myOid = evt.oid.strip()
evt.myOidStripped = myOid
if myOid.startswith('1.3.6.1.4.1.123'):
evt.myOid = evt.oid
else:
evt.myOid = 'None'
myOid = evt.oid.strip()
evt.myOidStripped = myOid
if myOid.startswith('1.3.6.1.4.1.123'):
evt.myOid = evt.oid
else:
evt.myOid = 'None'
The result is that in the event details both evt.myOidStripped and evt.myOid are '1.3.6.1.4.1.123'. That said, I have shown a couple of enhancements here but the original test with evt.oid.startswith('1.3.6.1.4.1.123') also worked in exactly the same way.
I used snmptrap to generate an SNMP V2c trap to the manager localhost, with:
/usr/bin/snmptrap -v 2c -c public localhost '' .1.3.6.1.4.1.123.0.1236 .1.3.6.1.4.1.123.0.1236 s 'Hello world 6 via SNMP V2c'
Is your Zenoss 4.2.5 patched up to the latest PTF?
Hope some of that might help.
Cheers,
Jane
Sam Nirmal
Jun 23, 2023, 11:54:50 AM6/23/23
to george....@gmail.com, Sam Nirmal' via Zenoss Core
Thanks George. I found this reply of ypurs in the spam folder .. I will give it a try.
On Wed, May 31, 2023 at 1:48 AM, George den Boer<george....@gmail.com> wrote:Hi Sam,Could this be a Python syntax error? Maybe the expression you apply the startwitth to is not considered to be a string?Maybe a str(evt.oid).startswith( '<oid>') might work.George
--
You received this message because you are subscribed to the Google Groups "Zenoss Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zenoss-core...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zenoss-core/968274862.4424904.1685469212813%40mail.yahoo.com.
Sam Nirmal
Jun 23, 2023, 11:58:27 AM6/23/23
to 'Sam Nirmal' via Zenoss Core, george....@gmail.com
The rule exist in all event.claases. All these event claases have event mappings.with classkey as "defaultmapping" and this rule.
The oid is enclosed in side parentheses with quotes.
You.maybe right that the rule is at 'root' event class.
This instance is not patched.up to lthe latest.
On Fri, Jun 23, 2023 at 10:54 AM, 'Sam Nirmal' via Zenoss Core<zenos...@googlegroups.com> wrote:
Thanks George. I found this reply of ypurs in the spam folder .. I will give it a try.
--On Wed, May 31, 2023 at 1:48 AM, George den Boer<george....@gmail.com> wrote:Hi Sam,Could this be a Python syntax error? Maybe the expression you apply the startwitth to is not considered to be a string?Maybe a str(evt.oid).startswith( '<oid>') might work.GeorgeOn Tue, 30 May 2023 at 19:53, 'Sam Nirmal' via Zenoss Core <zenos...@googlegroups.com> wrote:Hi,In the log, i see this warning for all event classes..WARNING root EventClassInst: <rule-name> rule failure: oidI see the rule is defind but not sure why this warning appears in the log.evt.oid.startswith('<oid>')Thanks--
You received this message because you are subscribed to the Google Groups "Zenoss Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zenoss-core...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zenoss-core/968274862.4424904.1685469212813%40mail.yahoo.com.
You received this message because you are subscribed to the Google Groups "Zenoss Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zenoss-core...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zenoss-core/98546657.2343519.1687535682641%40mail.yahoo.com.
jstanley
Jun 26, 2023, 1:10:58 PM6/26/23
to Zenoss Core
The oid field is not always added to an event. Use getattr or hasattr to check it first.
getattr(evt, 'oid', '').startswith('<oid>')
Sam Nirmal
Jun 27, 2023, 9:57:22 AM6/27/23
to Zenoss Core
That worked!
Thanks much
--
You received this message because you are subscribed to the Google Groups "Zenoss Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zenoss-core...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zenoss-core/c7640766-c2c4-402f-8387-d4e53150e692n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages