opEvents is flexible and configurable. In the above schema you can see all the involved files to configure opEvents.
Parser Input
opEvents can parse a variety of inputs in a wide variety of formats, and the way opEvents has to understand them is with parsers. opEvents has different parsers for natively-supported log formats, to filter and normalise the data. It uses some files for each format file supported:
- EventSyslogRules
- EventNmisRules
- EventTivoliRules
- EventTrapRules
It also can process events from a database. All this configuration is in the file EventDB.nmis.
If some other syslog formats are required, we can write our own parser in EventParserRules.nmis file. It defines regular expressions to extract data and the variables to assign them to. If a parser is not enough, we can also use a parser plugin and generate the event using perl code.
Process Events
It is possible to specify rules to reduce voluminous inputs down to the relevant details, suppress duplicates or correlate events. This is the purpose of EventRules.nmis file. EventListRules.nmis also helps in controller the event in the system by blacklisting of whitelisting the events.
React to Events
Once the event is created, EventActions.nmis file specifies how to react to events. The file consist in a set of rules with flexibility to being adapted to a wide variety of use cases.
This file can be edited used the opEvents editor, http://host/en/omk/opEvents/config/actions:
One of the available actions is to notify using email, and different templates can be defined in EventEmails.nmis file.