[Zenoss-dev] FixforSyslogAgentFromLoggingEventsForDevicesThat'sNotModeled

[chitra]

We are on Zenoss 2.1.3.

We observed that the Zenoss console was filled with syslog events from devices that were not modeled in the Zenoss server.

This became issue for us when our Staging tier devices started logging events in Production tier Zenoss!

When we reviewed the codes, we noticed that there were no validation for events against the list of devices that are modeled in Zenoss.

To fix this problem, we made some code change in following files:
 $ZENHOME/Products/ZenEvents/SyslogProcessing.py
$ZENHOME/Products/ZenEvents/zensyslog.py

Original (zensyslog.py)

Code:
def __init__(self):
        EventServer.__init__(self)
        self.changeUser()
        self.minpriority = self.options.minpriority
        self.processor = SyslogProcessor(self.dmd.ZenEventManager,
                                         self.options.minpriority,
                                         self.options.parsehost)


Modified (zensyslog.py)
 
Code:
def __init__(self):
        EventServer.__init__(self)
        self.changeUser()
        self.minpriority = self.options.minpriority
        self.processor = SyslogProcessor(self.dmd.ZenEventManager,
                                         self.options.minpriority,
                                         self.options.parsehost,
                                         self.dmd.Devices)


Original Code (SyslogProcession.py):  

Code:
def process(self, msg, ipaddr, host, rtime):
        evt = SyslogEvent(device=host, ipAddress=ipaddr, rcvtime=rtime,
                agent='zensyslog', eventGroup='syslog')
        slog.debug("host=%s, ip=%s", host, ipaddr)
        slog.debug(msg)

        evt, msg = self.parsePRI(evt, msg)
        if evt.priority > self.minpriority: return

        evt, msg = self.parseHEADER(evt, msg)
        evt = self.parseTag(evt, msg)
        #rest of msg now in summary of event
        evt = self.buildEventClassKey(evt)
        self.zem.sendEvent(evt)


Modified Code (SyslogProcession.py):  

Code:
def process(self, msg, ipaddr, host, rtime):
        evt = SyslogEvent(device=host, ipAddress=ipaddr, rcvtime=rtime, eventClass=Status_Syslog,
                agent='zensyslog', eventGroup='syslog')
        slog.debug("host=%s, ip=%s", host, ipaddr)
        slog.debug(msg)

        evt, msg = self.parsePRI(evt, msg)
        if evt.priority > self.minpriority: return

        zcatalog = self.devices.deviceSearch
        query = Eq('getDeviceIp', ipaddr)
        brains = zcatalog.evalAdvancedQuery(query)
        if len(brains) == 0:
           slog.debug("Not logging event for unmonitored device: host=%s, ip=%s", host, ipaddr)
           return

        evt, msg = self.parseHEADER(evt, msg)
        evt = self.parseTag(evt, msg)
        #rest of msg now in summary of event
        evt = self.buildEventClassKey(evt)
        self.zem.sendEvent(evt)


After adding these new lines, compile .pyc and .pyo files.  Also remember to move old Events to History

Enjoy :)




-------------------- m2f --------------------

Read this topic online here:
http://community.zenoss.com/forums/viewtopic.php?p=19202#19202

-------------------- m2f --------------------