opEvents processes syslog, SNMP Traps, NMIS Events into a common format for further processing. This process is called normalisation. The following table represents all the current properties of the normalised events.
Event Property | Description | Example |
eventid | A globally unique Event ID | |
| Unix time of the event (seconds since 1970). | 1385076573 |
| The event time in human readable format | 2013-11-11T13:39:41 |
| The name of the node in question. Normally the same as the NMIS node name. | |
| The IP address or hostname of the node in question. Optional. | |
| Name of the event | Node Down, Node Up |
| What element of the node the event refers to. Optional. | FastEthernet1, Neighbor 1.2.4.5 |
| Is the state good or bad, up or down. | up/down, open/closed, etc |
| Name of the stateful object. Optional, but always present if | Node, Interface, OSPF Neighbor |
| Other event details | |
| Where did the event originate? | cisco_syslog, trap, NMIS, (remote) API |
| Has the event been marked for escalation? | 0 or 1 |
priority | opEvents priority level, see opEvents priority levels vs. NMIS and Syslog levels | 0 to 10 |
| Has the event been acknowledged? | 0 or 1 |
| Is this event a flap? | 0 or 1 |
| action_required | Should the GUI show the event as open? | 0 or 1 |
In addition to those a number of properties are optional and created only under certain conditions:
| Event Property | Description | Example |
|---|---|---|
interface_description | The ifAlias (or Description) of the interface in question
| |
authority | The server name of the system that originated the event; Optional, only relevant for remotely/API-generated events. | |
location | The URI for this event at the originating server. Optional, only relevant for remotely/API-generated events. | |
duplicateof | list of Event IDs that this one is a duplicate of | |
nodes | lists nodes that caused this synthetic event | |
eventids | list of Event IDs that were involved in causing this synthetic event | |
| Unix time, until then the event is held back from processing for actions and policies | 1385079231 |
action_checked | Has the event been processed wrt. actions and policies? | 0 or 1 |
<scriptname>.output | If an event triggered a script action that is set to save, then the script output is stored in this property. | |
synthetic | whether this event was created by a correlation policy action, or because a watchdog expired | 0 or 1 |
watchdog | whether this is a watchdog expiration event | 0 or 1 |
notes | a list of originator- and time-tagged comments for this event (optional, supported in opEvents 2.0 and newer) |