opEvents processes syslog, SNMP Traps, NMIS Events into a common format for further processing. This process is called normalisation. The following table represents all the current properties of the normalised events.
...
Event Property
...
Description
...
Example
...
eventid (_id
)
...
A globally unique Event ID
...
time
...
Unix time of the event (seconds since 1970).
...
date
...
The event time in human readable format
...
node
...
The name of the node in question. Normally the same as the NMIS node name.
...
host
...
The IP address or hostname of the node in question. Optional.
...
event
...
Name of the event
...
Node Down, Node Up
...
element
...
What element of the node the event refers to. Optional.
...
FastEthernet1, Neighbor 1.2.4.5
...
state
...
Is the state good or bad, up or down.
Optional, but always present if stateful
is present.
...
up/down, open/closed, etc
...
stateful
...
Name of the stateful object. Optional, but always present if state
is present.
...
Node, Interface, OSPF Neighbor
...
details
...
Other event details
...
type
...
Where did the event originate?
...
escalate
...
Has the event been marked for escalation?
...
acknowledged
...
Has the event been acknowledged?
...
flap
...
Is this event a flap?
...
0 or 1
...
In addition to those a number of properties are optional and created only under certain conditions:
Event Property | Description | Example |
---|---|---|
interface_description | The ifAlias (or Description) of the interface in question
| |
authority | The server name of the system that originated the event; Optional, only relevant for remotely/API-generated events. | |
location | The URI for this event at the originating server. Optional, only relevant for remotely/API-generated events. | |
duplicateof | list of Event IDs that this one is a duplicate of | |
nodes | lists nodes that caused this synthetic event | |
eventids | list of Event IDs that were involved in causing this synthetic event | |
| Unix time, until then the event is held back from processing for actions and policies | 1385079231 |
action_checked | Has the event been processed wrt. actions and policies? | 0 or 1 |
<scriptname>.output | If an event triggered a script action that is set to save, then the script output is stored in this property. | |
synthetic | whether this event was created by a correlation policy action, or because a watchdog expired | 0 or 1 |
watchdog | whether this is a watchdog expiration event | 0 or 1 |
notes | a list of originator- and time-tagged comments for this event (optional, supported in opEvents 2.0 and newer) |