Add support for matching syslog messages by process name, severity, facility in ueiMatch
Description
Currently Syslogd can match syslog messages based on their contents, not on the severity or facility encoded in the PRIO block or the process name. This enhancement makes it possible to match on facility, severity, process name, message contents, or any combination of these. For instance, it will now be possible to catch all "mail.critical" messages from the "postfix/smtpd" process, giving them a UEI like "uei.opennms.org/vendor/postfix/syslog/mail/Critical" rather than the generic "uei.opennms.org/syslog/mail/Critical" that may also apply to messages from dovecot, even without a-priori knowledge of the messages' contents. Among other things, this capability allows for more granular classification of messages for which a specific event definition has not been created.
Acceptance / Success Criteria
None
Lucidchart Diagrams
Activity
Show:
Jeff Gehlbach June 16, 2011 at 7:14 PM
Committed enhancement work to 1.10 and merged to master.
Currently Syslogd can match syslog messages based on their contents, not on the severity or facility encoded in the PRIO block or the process name. This enhancement makes it possible to match on facility, severity, process name, message contents, or any combination of these. For instance, it will now be possible to catch all "mail.critical" messages from the "postfix/smtpd" process, giving them a UEI like "uei.opennms.org/vendor/postfix/syslog/mail/Critical" rather than the generic "uei.opennms.org/syslog/mail/Critical" that may also apply to messages from dovecot, even without a-priori knowledge of the messages' contents. Among other things, this capability allows for more granular classification of messages for which a specific event definition has not been created.