Versions Compared

Old Version 10

changes.mady.by.user Alexander Zangerl

Saved on

compared with

New Version 11

changes.mady.by.user Alexander Zangerl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

opEvents processes syslog, SNMP Traps, NMIS Events into a common format for further processing.  This process is called normalisation.  The following table represents all the current properties of the normalised events.

...

Event Property

...

Description

...

Example

...

eventid (_id)

...

A globally unique Event ID

...

time

...

Unix time of the event (seconds since 1970).

...

date

...

The event time in human readable format

...

node

...

The name of the node in question. Normally the same as the NMIS node name.

...

host

...

The IP address or hostname of the node in question.  Optional.

...

event

...

Name of the event

...

Node Down, Node Up

...

element

...

What element of the node the event refers to. Optional.

...

FastEthernet1, Neighbor 1.2.4.5

...

state

...

Is the state good or bad, up or down.
Optional, but always present if stateful is present.

...

up/down, open/closed, etc

...

stateful

...

Name of the stateful object. Optional, but always present if state is present.

...

Node, Interface, OSPF Neighbor

...

details

...

Other event details

...

type

...

Where did the event originate?

...

escalate

...

Has the event been marked for escalation?

...

acknowledged

...

Has the event been acknowledged?

...

flap

...

Is this event a flap?

...

0 or 1

...

 

In addition to those a number of properties are optional and created only under certain conditions:

Event PropertyDescriptionExample
interface_descriptionThe ifAlias (or Description) of the interface in question
  • only available with opEvents versions 2.0 and newer,
  • only for interface-related stateful events (i.e. element is an interface), 
  • and only if the node was refreshed or imported from NMIS with opEvents  2.0 or newer
 
authorityThe server name of the system that originated the event;
Optional, only relevant for remotely/API-generated events.		 
locationThe URI for this event at the originating server.
Optional, only relevant for remotely/API-generated events.		 
duplicateoflist of Event IDs that this one is a duplicate of 
nodeslists nodes that caused this synthetic event 
eventidslist of Event IDs that were involved in causing this synthetic event 

delayedaction

Unix time, until then the event is held back from processing for actions and policies1385079231
action_checkedHas the event been processed wrt. actions and policies?0 or 1
<scriptname>.outputIf an event triggered a script action that is set to save,
then the script output is stored in this property.		 
syntheticwhether this event was created by a correlation policy action,
or because a watchdog expired		0 or 1
watchdogwhether this is a watchdog expiration event0 or 1
notesa list of originator- and time-tagged comments for this event
(optional, supported in opEvents 2.0 and newer)