| Attribute | Description |
|---|---|
| dedupid | A key used to correlate duplicate events |
| evid | A unique id for the event |
| device | The id of the associated device, if applicable |
| ipAddress | The IP Address of the associated device, if applicable |
| component | The component of the associated device, if applicable |
| eventClass | The event class associated with this device |
| eventGroup | logical group of event source (syslog, ping, nteventlog etc) |
| eventKey | The eventKey is the primary criteria for mapping events into event classes |
| facility | syslog facility of this is syslog event |
| severity | One of 0 (Clear), 1 (Debug), 2 (Info), 3 (Warning), 4 (Error) or 5 (Critical) |
| priority | syslog priority of this is syslog event |
| summary | Text description of the event |
| stateChange | When the mysql record for this event was last modified |
| firstTime | The first time this event was seen |
| lastTime | The last time this event was seen and it's count incremented |
| count | Number of times this event has been seen |
| prodState | prodState of the device context |
| manager | fqdn of the collector from which this event came |
| agent | collector name from which event came (zensyslog, zentrap, etc) |
zProperties are also available for devices and events using the same syntax as above.
Zenoss News