opEvents processes syslog, SNMP Traps, NMIS Events into a common format for further processing. This process is called normalisation. The following table represents all the current properties of the normalised events.
Event Property | Description | Example |
eventid (_id) | A globally unique Event ID | |
time and time_tag | Unix time of the event (seconds since 1970) | 1385076573 |
date | The event time in human readable format | 2013-11-11T13:39:41 |
node | The NMIS node name | |
host | The IP address or hostname | |
event | Name of the event | Node Down, Node Up |
element | What is the element of the node | FastEthernet1, Neighbor 1.2.4.5 |
state | Is the state true or false | up/down, open/closed, etc |
stateful | Stateful object name | Node, Interface, OSPF Neighbor |
details | Other event details | |
type | Where did the event originate? | cisco_syslog, trap, NMIS |
escalate | Has the event been marked for escalation? | 0 or 1 |
priority | opEvents priority level, see opEvents priority levels vs. NMIS and Syslog levels | 0 to 10 |
acknowledged | Has the event been acknowledged? | 0 or 1 |
flap | Is this event a flap? | 0 or 1 |
action_required | Should the GUI show the event as open? | 0 or 1 |
In addition to those a number of properties are optional and created only under certain conditions:
Event Property | Description | Example |
---|---|---|
duplicateof | list of Event IDs that this one is a duplicate of | |
nodes | lists nodes that caused this synthetic event | |
eventids | list of Event IDs that were involved in causing this synthetic event | |
delayedaction | Unix time, until then the event is held back from processing for actions and policies | 1385079231 |
action_checked | Has the event been processed wrt. actions and policies? | 0 or 1 |
<scriptname>.output | If an event triggered a script action that is set to save, then the script output is stored in this property. | |
synthetic | whether this event was created by a correlation policy action, or because a watchdog expired | 0 or 1 |
watchdog | whether this is a watchdog expiration event | 0 or 1 |