|
|
| Subject: | Transforming Event Logs |
| Author: | [Not Specified] |
| Posted: | 2015-11-23 17:15 |
Hi, I am trying to transform this data to be sorted and grouped by ip address. I don't mind doing the research my self but I don't know what I am looking for when I want to search for the ip address in the event log. The two possiblites are'Interface %s' and of the wiki site here on the zenoss.org website. Any help or even direction to my next step would helpful thanks.
This is a incoming from my firewall
96,16777216,,0,bge0,match,block,in,4,0x20,,49,43089,0,DF,6,tcp,60,81.169.237.146,10.10.10.1,48874,443,0,S,2274982712,,14600,,mss;sackOK;TS;nop;wscale
Current Design of the Transforming Event:
match = re.search(bge0, block, IP ADDRESS:IN, IP ADDRESS:OUT)
if match and device:
evt.severity = 2
evt.eventClassKey = "rule-block"
evt.eventClass = "/firewall/pfsense/rule/block"
evt.component = match.group(1)+match.group(2)+match.group(3)
| Subject: | why not use a regexp as in |
| Author: | Andrew Kirch |
| Posted: | 2015-12-18 12:55 |
why not use a regexp as in here for IP addresses
http://wiki.zenoss.org/Drop_Events_with_Transforms
you could start with the following as a regexp:^(:[0-9]{1,3}\.){3}[0-9]{1,3}$
Andrew Kirch
akirch@gvit.com
Need Zenoss support, consulting or custom development Look no further. Email or PM me!
Ready for Distributed Topology (collectors) for Zenoss 5 Coming May 1st from GoVanguard
| < |
Previous Threshold changes for the Filessytem - Zenoss |
Next Device Status should have nothing to do with other tasks |
> |