Trees       Indices       Help   
Zenoss
Package ZenEvents :: Module SyslogProcessing :: Class SyslogProcessor
[hide private]
[frames] | no frames]

Class SyslogProcessor

source code

object --+
         |
        SyslogProcessor
Class to process syslog messages and convert them into events viewable in the Zenoss event console.

Instance Methods [hide private]
 
__init__(self, sendEvent, minpriority, parsehost, monitor, defaultPriority)
Initializer		 source code
 
process(self, msg, ipaddr, host, rtime)
Process an event from syslog and convert to a Zenoss event		 source code
 
parsePRI(self, evt, msg)
Parse RFC-3164 PRI part of syslog message to get facility and priority.		 source code
 
defaultSeverityMap(self, pri)
Default mapping from syslog priority to severity.		 source code
 
parseHEADER(self, evt, msg)
Parse RFC-3164 HEADER part of syslog message.		 source code
 
parseTag(self, evt, msg)
Parse the RFC-3164 tag of the syslog message using the regex defined at the top of this module.		 source code
 
buildEventClassKey(self, evt)
Build the key used to find an events dictionary record.		 source code

Inherited from object: __delattr__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __str__

Class Variables [hide private]
  timeParse = re.compile("^(\S{3} [\d ]{2} [\d ]{2}:[\d ]{2}:[\d...
  notHostSearch = re.compile("[\[:]").search
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, sendEvent, minpriority, parsehost, monitor, defaultPriority)
(Constructor)

source code 
Initializer
Parameters:
  • sendEvent (string) - message from a remote host
  • minpriority (integer) - ignore anything under this priority
  • parsehost (string) - hostname where this parser is running
  • monitor (string) - name of the distributed collector monitor
  • defaultPriority (integer) - priority to use if it can't be understood from the received packet
Overrides: object.__init__

process(self, msg, ipaddr, host, rtime)

source code 
Process an event from syslog and convert to a Zenoss event
Parameters:
  • msg (string) - message from a remote host
  • ipaddr (string) - IP address of the remote host
  • host (string) - remote host's name
  • rtime (string) - time as reported by the remote host

parsePRI(self, evt, msg)

source code 
Parse RFC-3164 PRI part of syslog message to get facility and priority.
Parameters:
  • evt (dictionary) - dictionary of event properties
  • msg (string) - message from host
Returns:
tuple of dictionary of event properties and the message

defaultSeverityMap(self, pri)

source code 
Default mapping from syslog priority to severity.
Parameters:
  • pri (integer) - syslog priority from host
Returns:
numeric severity

parseHEADER(self, evt, msg)

source code 
Parse RFC-3164 HEADER part of syslog message. TIMESTAMP format is: MMM HH:MM:SS and host is next token without the characters '[' or ':'.
Parameters:
  • evt (dictionary) - dictionary of event properties
  • msg (string) - message from host
Returns:
tuple of dictionary of event properties and the message

parseTag(self, evt, msg)

source code 
Parse the RFC-3164 tag of the syslog message using the regex defined at the top of this module.
Parameters:
  • evt (dictionary) - dictionary of event properties
  • msg (string) - message from host
Returns:
dictionary of event properties

buildEventClassKey(self, evt)

source code 
Build the key used to find an events dictionary record. If eventClass is defined it is used. For NT events "Source_Evid" is used. For other syslog events we use the summary of the event to perform a full text or'ed search.
Parameters:
  • evt (dictionary) - dictionary of event properties
Returns:
dictionary of event properties

Class Variable Details [hide private]

timeParse

Value:
re.compile("^(\S{3} [\d ]{2} [\d ]{2}:[\d ]{2}:[\d ]{2}) (.*)").search

   Trees       Indices       Help   
Zenoss
Generated by Epydoc 3.0beta1 on Thu May 7 11:46:09 2009 http://epydoc.sourceforge.net