Hi,
Sorry for the lenghty e-mail, but I need some help on this.
I’m trying to get my Zenoss alerting working with my OTRS install.
Even though I’ve tried tailoring the e-mails to my systemmonitoring rules specifically, I don’t seem to be getting the desired results.
One of the mails (html) I get from Zenoss looks like this:
Subject:
<Hostname> ip <IP Address> is down
Body:
Device: <Hostname>
Component:
Severity: Critical
Time: 2012/03/23 09:26:12.000
Message:
ip <IP Address> is down
Event Detail
Acknowledge
Delete
Device Events
--------------------------------------------------------------------------------
OTRSHost: <hostname>
OTRSService:
OTRSState: ip <IP Address> is down
OTRSNumState: 5
And the “Clear” (host up) mail for that same host:
Subject:
CLEAR: <Hostname> ip <IP Address> is up
Body:
Event: 'ip <IP Address> is down'
Cleared by: 'ip <IP Address> is up'
At: 2012/03/23 09:28:10.000
Device: <Hostname>
Component:
Severity: Critical
Message:
ip <IP Address> is down
Undelete
--------------------------------------------------------------------------------
OTRSHost: <Hostname>
OTRSService:
OTRSState: ip <IP Address> is up
OTRSNumState: 0
For RegExps in the SystemMonitoring, I would like the following to catch what I need:
'CloseTicketRegExp' => '0',
'DefaultService' => 'Host',
'FromAddressRegExp' => '<E-Mail Address>',
'HostRegExp' => '\\s*OTRSHost:\\s+(.*)\\s*',
'NewTicketRegExp' => '1|2|3|4|5',
'ServiceRegExp' => '\\s*OTRSService:\\s+(.*)\\s*',
'StateRegExp' => '\\s*OTRSNumState:\\s+(\\S+)'
From what I’ve seen so far, it’s actually able to match subsequent alerts to the original ticket but I can’t get it to close the tickets again with the “Clear” e-mail.
In fact, the Clear e-mail doesn’t even seem to be recognized as a SystemMonitoring ticket, as the logfile shows:
[Kernel::System::PostMaster::Filter::SystemMonitoring::Run] SystemMonitoring Mail: SystemMonitoring: Could not find host address and/or state in mail => Ignoring
I’m betting I’m just missing something obvious, I just can’t spot it. Any of you regexp gurus can help me out here?
Thanks a lot.
--
/Sune T.