I've hooked up Zenoss' Zensyslog so that messages from a distributed list of client machines are all conglomerated into events on the Zenoss server. This is all fantastic, and I can bump messages by simply using the logger command:
logger -t webserver_is_down "The web server is down"
What I'd like to be able to do is also post an event that clears for when the webserver comes up.
logger -t webserver_is_up "The web server is up"
I've tried to set this up with Event classes but with no dice. Is there a Syslog level that correlates with Zenoss' clear/0 level? Is there another easy way to do this?
Thanks for any help you can give!
Apparently, zenoss is unable to do this. :-( Essentially syslog is used for creating event, but these need to be manually closed.
You can alter severity (including close) based on content of the message, but mapping the new event to close a different event is non-trivial.
There are mappings between zensyylog levels and syslog levels, but none of these map to a zenoss event level of 0 (close). Hence, it is not possible to send a log message of "logger -p local6.debug" or similar and have that close an event with a matching message"
I think you can create an event mapping based on some rule or regex. Then, you'd code a transform for that mapping which would modify the event enough to become a clearing event: same dedup id as the event that should be cleared minus the severity which should be 0. If you cannot modify it enough, you can actually create a new event from the transform. This new event could clear the error for you. Mapping bonus: you can drop the event if it's useless to you