...
For the sake of this discussion let's assume the new vendor can be parsed with the existing cisco_alternate rules found in /usr/local/omk/conf/EventParserRules.nmis. We need to tell opEvents to use these parser rules on /usr/local/nmis8/logs/newVendor.log. This is done by modifying /usr/local/omk/conf/opCommon.nmis in the following manner.
Provision syslog trap routing based on facility (restart syslogd)
modify EventParserRules.nmis to interpret events.
Tell opEvents to interpret that file. (restart opeventsd). Find the 'opevents_logs section and add the 'cisco_alternate', '<nmis_logs>/newVendor' relationship.
Code Block |
---|
### /usr/local/omg/conf/opCommon.nmis
#--Snip
'opevents_logs' => {
'cisco_alternate' => [
'<nmis_logs>/newVendor.log'
],
'cisco_syslog' => [
'<nmis_logs>/cisco.log'
],
'nmis_eventlog' => [
'<nmis_logs>/event.log'
],
#--snip
|
Identify GUI interesting events (EventActions.nmis)