Each Zenoss event includes several attributes to describe the details of an event; however, not all fields are populated for each event. The event fields defined in this table can be found in the log for an event, which is accessible from the Event Console. We can also configure our event views to display events using these fields via the Event Manager. We cover the Event Console and event views in Chapter 7.
The event fields are valid attributes that we can substitute in our Python statements via TALES expressions. Appendix B lists some of the device attributes that we can use with TALES.
Event Field |
Description |
---|---|
|
Identifies the event so that Zenoss can deduplicate events. Takes the form of device | component | eventClass | eventKey | severity. |
|
A unique identifier for the event. |
|
Specifies the device attached to the event. |
|
The Zenoss daemon reporting the event. |
|
The event class the event maps to. |
|
A user-defined way to map events. Event keys can be sequenced to aid the event class mapping of events from a common source to different event classes. |
|
Summary of the event. |
|
Message body for the event. May be the same as summary. |
|
An Numeric representation of the event: 5 = Critical 4 = Error 3 = Warning 2 = Info 1 = Debug 0 = Clear |
|
Numeric representation of the event state: 0 = New 1 = Acknowledged 2 = Suppressed |
|
Maps the event to an event class. |
|
Event source group: for example, syslog, Process, ping. |
|
Time stamp when the event state changed. |
|
Time stamp when the event first occurred. |
|
Time stamp when the event last occurred. |
|
The total number of times the event has occurred based on the |
|
The production state of the device. The Zenoss defaults are: 1000 = Production 500 = Pre-Production Test = 400 Maintenance = 300 Decommissioned = -1 |
|
If the event is suppressed, this is the ID of the suppressing event. |
|
The fully qualified domain name of the event collector that generated the event. |
|
Reports the Zenoss daemon responsible for generating the event. |
|
The device class. |
|
The location organizer assigned to the device. |
|
The system organizer assigned to the device. |
|
The group organizer assigned to the device. |
|
The IP address of the device. |
|
The syslog subsystem that generated the event (for example, cron, mail, lpr, auth, authpriv, daemon, ftp, kern, mark, news, syslog, user, uucp, local0 through local7). |
|
The priority of the syslog event. |
|
The Event ID field of the Windows NT event log. |
|
The ID number of the event owner. |
|
The ID number of the event that cleared this event. |
|
The priority as assigned in the device's Edit page: 5 = Highest 4 = High 3 = Normal 2 = Low 1 = Lowest 0 = Trivial |
|
The event class mapping used to evaluate and map the event. |