...
Both black and white lists are configured inĀ in /usr/local/omk/conf/EventListRules.nmis
, in sections like this example:
...
The format is straight-forward: the numeric key controls order of rule application, and the right side is a regular expression that the log entries are matched against.
opEvents 4.x:
/usr/local/omk/conf/EventListRules.json
Code Block | ||
---|---|---|
| ||
{
"whiteList" : {
"91" : "CISCO-RTTMON-MIB::rttMonNotification",
"90" : "CISCO-RTTMON-MIB::rttMonTimeoutNotification",
"80" : "CISCO-CONFIG-MAN-MIB::ciscoConfigManEvent .+ ccmHistoryEventConfigDestination\\.\\d+=running",
"1" : "TIVOLI\\|\\w+\\|ams",
"72" : "BGP4-MIB::bgpEstablished",
"31" : "BGP-\\d-ADJCHANGE",
"30" : "OSPF-\\d-ADJCHG",
"50" : "SNMPv2-MIB::snmpTrapOID.0=IF-MIB::link",
"40" : "SYS-\\d-CONFIG_I",
"20" : "LINEPROTO",
"10" : "SYS-[0123]-\\w+",
"73" : "BGP4-MIB::bgpBackwardTransition",
"60" : "BRIDGE-MIB::newRoot",
"70" : "OSPF-TRAP-MIB::ospfNbrStateChange"
},
"blackList" : {
"30" : "CISCO-SYSLOG-MIB::clogMessageGenerated",
"10" : "NTP Core \\(INFO\\)",
"20" : "OLD-CISCO-TS-MIB::tslineSesType\\.6\\.1=tcp"
},
"archiveList" : {
"30" : {
"regex" : "Node (Up|Down)",
"archive" : "NodeEvents"
},
"20" : {
"archive" : "SoftwareErrorArchive",
"regex" : "INVMEMINT|MALLOCFAIL"
},
"10" : {
"archive" : "SyslogArchive",
"regex" : "SYS-[0123]-\\w+"
}
}
} |
Normalisation and Enrichment
...