...
Your event is has to include a Host and Date entry to be accepted. For it to be usable in the GUI it also at a minimum needs an "event" property. We recommend it includes further details per this page, event properties.
If your parser is only required to display the raw log output and not perform any event extraction, adding the below to EventParserRules.json will enable the new parser:
| Code Block |
|---|
"MyNewParser" : {
}, |
Once this has been added, ensure that the opEvents daemon has been restarted.
opEvents 2.0.6 and newer ships with complete generic parser rules for parsing Cisco syslogs (log format type "cisco_alternate") and SNMP trap logs (log format type "traplog"), plus other syslog, nxlog parsers for various vendors such as Huawei, Juniper, Microsoft, these can be extended and new entries can be contributed via code@opmantek.com .
...