Hi, Sorry for the lenghty e-mail, but I need some help on this. I'm trying to get my Zenoss alerting working with my OTRS install. Even though I've tried tailoring the e-mails to my systemmonitoring rules specifically, I don't seem to be getting the desired results. One of the mails (html) I get from Zenoss looks like this: Subject: <Hostname> ip <IP Address> is down Body: Device: <Hostname> Component: Severity: Critical Time: 2012/03/23 09:26:12.000 Message: ip <IP Address> is down Event Detail Acknowledge Delete Device Events -------------------------------------------------------------------------------- OTRSHost: <hostname> OTRSService: OTRSState: ip <IP Address> is down OTRSNumState: 5 And the "Clear" (host up) mail for that same host: Subject: CLEAR: <Hostname> ip <IP Address> is up Body: Event: 'ip <IP Address> is down' Cleared by: 'ip <IP Address> is up' At: 2012/03/23 09:28:10.000 Device: <Hostname> Component: Severity: Critical Message: ip <IP Address> is down Undelete -------------------------------------------------------------------------------- OTRSHost: <Hostname> OTRSService: OTRSState: ip <IP Address> is up OTRSNumState: 0 For RegExps in the SystemMonitoring, I would like the following to catch what I need: 'CloseTicketRegExp' => '0', 'DefaultService' => 'Host', 'FromAddressRegExp' => '<E-Mail Address>', 'HostRegExp' => '\\s*OTRSHost:\\s+(.*)\\s*', 'NewTicketRegExp' => '1|2|3|4|5', 'ServiceRegExp' => '\\s*OTRSService:\\s+(.*)\\s*', 'StateRegExp' => '\\s*OTRSNumState:\\s+(\\Sfile:///\\S+)'
From what I've seen so far, it's actually able to match subsequent alerts to the original ticket but I can't get it to close the tickets again with the "Clear" e-mail. In fact, the Clear e-mail doesn't even seem to be recognized as a SystemMonitoring ticket, as the logfile shows:
[Kernel::System::PostMaster::Filter::SystemMonitoring::Run] SystemMonitoring Mail: SystemMonitoring: Could not find host address and/or state in mail => Ignoring I'm betting I'm just missing something obvious, I just can't spot it. Any of you regexp gurus can help me out here? Thanks a lot. -- /Sune T.