SystemMonitoring regexp failure

Hi, Sorry for the lenghty e-mail, but I need some help on this. I'm trying to get my Zenoss alerting working with my OTRS install. Even though I've tried tailoring the e-mails to my systemmonitoring rules specifically, I don't seem to be getting the desired results. One of the mails (html) I get from Zenoss looks like this: Subject: <Hostname> ip <IP Address> is down Body: Device: <Hostname> Component: Severity: Critical Time: 2012/03/23 09:26:12.000 Message: ip <IP Address> is down Event Detail Acknowledge Delete Device Events -------------------------------------------------------------------------------- OTRSHost: <hostname> OTRSService: OTRSState: ip <IP Address> is down OTRSNumState: 5 And the "Clear" (host up) mail for that same host: Subject: CLEAR: <Hostname> ip <IP Address> is up Body: Event: 'ip <IP Address> is down' Cleared by: 'ip <IP Address> is up' At: 2012/03/23 09:28:10.000 Device: <Hostname> Component: Severity: Critical Message: ip <IP Address> is down Undelete -------------------------------------------------------------------------------- OTRSHost: <Hostname> OTRSService: OTRSState: ip <IP Address> is up OTRSNumState: 0 For RegExps in the SystemMonitoring, I would like the following to catch what I need: 'CloseTicketRegExp' => '0', 'DefaultService' => 'Host', 'FromAddressRegExp' => '<E-Mail Address>', 'HostRegExp' => '\\s*OTRSHost:\\s+(.*)\\s*', 'NewTicketRegExp' => '1|2|3|4|5', 'ServiceRegExp' => '\\s*OTRSService:\\s+(.*)\\s*', 'StateRegExp' => '\\s*OTRSNumState:\\s+(\\Sfile:///\\S+)'
From what I've seen so far, it's actually able to match subsequent alerts to the original ticket but I can't get it to close the tickets again with the "Clear" e-mail. In fact, the Clear e-mail doesn't even seem to be recognized as a SystemMonitoring ticket, as the logfile shows:
[Kernel::System::PostMaster::Filter::SystemMonitoring::Run] SystemMonitoring Mail: SystemMonitoring: Could not find host address and/or state in mail => Ignoring I'm betting I'm just missing something obvious, I just can't spot it. Any of you regexp gurus can help me out here? Thanks a lot. -- /Sune T.

Hi there, According to your mail you have
'CloseTicketRegExp' => '0',
You are going to need some regex to match if the host is up. For example, the standard is : CloseTicketRegExp => 'OK|UP', That means OK or UP will mark the server as back online. See also the documentation, it names this as the default value. Let me know if that helps, mike -- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn

Thanks Mike/James, However, "0" is exactly what i'm looking for, to see if the host is up. I have an "OTRSNumState" that can be either 0, 1, 2, 3, 4 or 5. 0 is meant to close, while the rest is meant to create a new (or append to existing) ticket. Hmm, perhaps I could just try putting some other text there, instead of the 0. I control both systems, so I can put anything I like. I'll try that instead of looking for numbers. Thanks for your input, makes me think again. :) -- /Sune T. From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of James Michael DuPont Sent: 23. marts 2012 15:09 To: User questions and discussions about OTRS. Subject: Re: [otrs] SystemMonitoring regexp failure Hi there, According to your mail you have
'CloseTicketRegExp' => '0',
You are going to need some regex to match if the host is up. For example, the standard is : CloseTicketRegExp => 'OK|UP', That means OK or UP will mark the server as back online. See also the documentation, it names this as the default value. Let me know if that helps, mike -- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn

Sune T.,
you can call me mike, my full name is james michael, but everyone calls me
me mike.
Lets look at the source for for how the regex is used :
In the source code ;Kernel/System/PostMaster/Filter/SystemMonitoring.pm
you will see that it parses the state from the mail.
# Try to get State, Host and Service from email subject
my @SubjectLines = split /\n/, $Subject;
for my $Line (@SubjectLines) {
for (qw(State Host Service)) {
if ( $Line =~ /$Self->{Config}->{ $_ . 'RegExp' }/ ) {
$Self->{$_} = $1;
Then when the state is extracted, it is matched :
if ( $Self->{State} =~ /$Self->{Config}->{CloseTicketRegExp}/ ) {
where the default regex is CloseTicketRegExp => 'OK|UP'
Then the state of the ticket is stet to the state named, and specified by
CloseActionState which defaults to 'closed successful',
So if you use 0, then you would have to have 0 in the subject of the mails.
If you want to specify a different state, you need to set the name of that
state in CloseActionState.
I hope this helps explain how the system monitoring is used. Let me know if
you have any more questions.
mike
On Fri, Mar 23, 2012 at 7:35 PM, Sune T. Tougaard
Thanks Mike/James,****
** **
However, ”0” is exactly what i’m looking for, to see if the host is up.*** *
** **
I have an “OTRSNumState” that can be either 0, 1, 2, 3, 4 or 5.****
0 is meant to close, while the rest is meant to create a new (or append to existing) ticket.****
Hmm, perhaps I could just try putting some other text there, instead of the 0. I control both systems, so I can put anything I like.****
I’ll try that instead of looking for numbers.****
** **
Thanks for your input, makes me think again. J****
** **
-- ****
/Sune T.****
** **
*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf Of *James Michael DuPont *Sent:* 23. marts 2012 15:09 *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] SystemMonitoring regexp failure****
** **
Hi there,
According to your mail you have
'CloseTicketRegExp' => '0',
You are going to need some regex to match if the host is up.
For example, the standard is :
CloseTicketRegExp => 'OK|UP',
That means OK or UP will mark the server as back online.
See also the documentation, it names this as the default value.
Let me know if that helps, mike
-- ****
James Michael DuPont****
Custom Engineering/Research & Development ****
****
OTRS AG****
Norsk-Data-Straße 1****
D-61352 Bad Homburg****
** **
T: +49 (0) 9421 56818 0****
F: +49 (0) 9421 56818 18****
** **
Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065****
Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn****
** **
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
-- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn

Thanks Mike,
Excellent. I'm pretty sure that solves my problems, knowing how it works. Thank you for explaining.
However, just out of curiosity... :)
I already had a quick look at the source (too quick I guess), but I sure didn't catch that the subject was also used to extract state (or anything).
I guess I just took for granted that if I specify three specific lines to find "Host, Service and State" somewhere in the mail, those were all that was needed and used. No need to look only at the subject or body.
But is it looking at both the subject *and* the body?
...
my @SubjectLines...
...
my @BodyLines...
...
I can't say that I fully understand the code (at all), but how does it know which one to use?
If the Host, Service and State are "well-defined" (with the regexp), and no match is found in the subject, should it not just continue to the body?
Thanks a lot.
--
/Sune T.
From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of James Michael DuPont
Sent: 23. marts 2012 20:20
To: User questions and discussions about OTRS.
Subject: Re: [otrs] SystemMonitoring regexp failure
Sune T.,
you can call me mike, my full name is james michael, but everyone calls me me mike.
Lets look at the source for for how the regex is used :
In the source code ;Kernel/System/PostMaster/Filter/SystemMonitoring.pm
you will see that it parses the state from the mail.
# Try to get State, Host and Service from email subject
my @SubjectLines = split /\n/, $Subject;
for my $Line (@SubjectLines) {
for (qw(State Host Service)) {
if ( $Line =~ /$Self->{Config}->{ $_ . 'RegExp' }/ ) {
$Self->{$_} = $1;
Then when the state is extracted, it is matched :
if ( $Self->{State} =~ /$Self->{Config}->{CloseTicketRegExp}/ ) {
where the default regex is CloseTicketRegExp => 'OK|UP'
Then the state of the ticket is stet to the state named, and specified by CloseActionState which defaults to 'closed successful',
So if you use 0, then you would have to have 0 in the subject of the mails. If you want to specify a different state, you need to set the name of that state in CloseActionState.
I hope this helps explain how the system monitoring is used. Let me know if you have any more questions.
mike
On Fri, Mar 23, 2012 at 7:35 PM, Sune T. Tougaard
'CloseTicketRegExp' => '0',
You are going to need some regex to match if the host is up. For example, the standard is : CloseTicketRegExp => 'OK|UP', That means OK or UP will mark the server as back online. See also the documentation, it names this as the default value. Let me know if that helps, mike -- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0tel:%2B49%20%280%29%209421%2056818%200 F: +49 (0) 9421 56818 18tel:%2B49%20%280%29%209421%2056818%2018 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs -- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn

But is it looking at both the subject **and** the body? Yes it is looking in the subject and then the body for those regexes and the ones found in the body will overwrite the ones in the subject. mike
On Fri, Mar 23, 2012 at 9:27 PM, Sune T. Tougaard
Thanks Mike,****
** **
Excellent. I’m pretty sure that solves my problems, knowing how it works. Thank you for explaining.****
** **
However, just out of curiosity… J****
I already had a quick look at the source (too quick I guess), but I sure didn’t catch that the subject was also used to extract state (or anything). ****
I guess I just took for granted that if I specify three specific lines to find “Host, Service and State” somewhere in the mail, those were all that was needed and used. No need to look only at the subject or body.****
** **
But is it looking at both the subject **and** the body?****
** **
…****
my @SubjectLines…****
…****
my @BodyLines…****
…****
** **
I can’t say that I fully understand the code (at all), but how does it know which one to use?****
If the Host, Service and State are “well-defined” (with the regexp), and no match is found in the subject, should it not just continue to the body? ****
** **
Thanks a lot.****
** **
-- ****
/Sune T.****
** **
*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf Of *James Michael DuPont *Sent:* 23. marts 2012 20:20
*To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] SystemMonitoring regexp failure****
** **
Sune T., you can call me mike, my full name is james michael, but everyone calls me me mike.
Lets look at the source for for how the regex is used :
In the source code ;Kernel/System/PostMaster/Filter/SystemMonitoring.pm you will see that it parses the state from the mail. # Try to get State, Host and Service from email subject my @SubjectLines = split /\n/, $Subject; for my $Line (@SubjectLines) { for (qw(State Host Service)) { if ( $Line =~ /$Self->{Config}->{ $_ . 'RegExp' }/ ) { $Self->{$_} = $1;
Then when the state is extracted, it is matched : if ( $Self->{State} =~ /$Self->{Config}->{CloseTicketRegExp}/ ) { where the default regex is CloseTicketRegExp => 'OK|UP'
Then the state of the ticket is stet to the state named, and specified by CloseActionState which defaults to 'closed successful',
So if you use 0, then you would have to have 0 in the subject of the mails. If you want to specify a different state, you need to set the name of that state in CloseActionState.
I hope this helps explain how the system monitoring is used. Let me know if you have any more questions.
mike****
On Fri, Mar 23, 2012 at 7:35 PM, Sune T. Tougaard
wrote:**** Thanks Mike/James,****
****
However, ”0” is exactly what i’m looking for, to see if the host is up.*** *
****
I have an “OTRSNumState” that can be either 0, 1, 2, 3, 4 or 5.****
0 is meant to close, while the rest is meant to create a new (or append to existing) ticket.****
Hmm, perhaps I could just try putting some other text there, instead of the 0. I control both systems, so I can put anything I like.****
I’ll try that instead of looking for numbers.****
****
Thanks for your input, makes me think again. J****
****
-- ****
/Sune T.****
****
*From:* otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] *On Behalf Of *James Michael DuPont *Sent:* 23. marts 2012 15:09 *To:* User questions and discussions about OTRS. *Subject:* Re: [otrs] SystemMonitoring regexp failure****
****
Hi there,
According to your mail you have
'CloseTicketRegExp' => '0',
You are going to need some regex to match if the host is up.
For example, the standard is :
CloseTicketRegExp => 'OK|UP',
That means OK or UP will mark the server as back online.
See also the documentation, it names this as the default value.
Let me know if that helps, mike
-- ****
James Michael DuPont****
Custom Engineering/Research & Development ****
****
OTRS AG****
Norsk-Data-Straße 1****
D-61352 Bad Homburg****
****
T: +49 (0) 9421 56818 0****
F: +49 (0) 9421 56818 18****
****
Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065****
Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn****
****
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs****
-- ****
James Michael DuPont****
Custom Engineering/Research & Development ****
****
OTRS AG****
Norsk-Data-Straße 1****
D-61352 Bad Homburg****
** **
T: +49 (0) 9421 56818 0****
F: +49 (0) 9421 56818 18****
** **
Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065****
Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn****
** **
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
-- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn

Hi, FYI, it doesn't seem to be working with only numeric states (1=down, 0=up). Either that, or my regexps just plain suck. :) But as soon as I put in some text, I'm good. Thanks for your help. -- /Sune T. From: otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.org] On Behalf Of James Michael DuPont Sent: 23. marts 2012 22:20 To: User questions and discussions about OTRS. Subject: Re: [otrs] SystemMonitoring regexp failure
But is it looking at both the subject *and* the body? Yes it is looking in the subject and then the body for those regexes and the ones found in the body will overwrite the ones in the subject. mike On Fri, Mar 23, 2012 at 9:27 PM, Sune T. Tougaard
mailto:stt@lyngsoesystems.com> wrote: Thanks Mike,
Excellent. I'm pretty sure that solves my problems, knowing how it works. Thank you for explaining.
However, just out of curiosity... :)
I already had a quick look at the source (too quick I guess), but I sure didn't catch that the subject was also used to extract state (or anything).
I guess I just took for granted that if I specify three specific lines to find "Host, Service and State" somewhere in the mail, those were all that was needed and used. No need to look only at the subject or body.
But is it looking at both the subject *and* the body?
...
my @SubjectLines...
...
my @BodyLines...
...
I can't say that I fully understand the code (at all), but how does it know which one to use?
If the Host, Service and State are "well-defined" (with the regexp), and no match is found in the subject, should it not just continue to the body?
Thanks a lot.
--
/Sune T.
From: otrs-bounces@otrs.orgmailto:otrs-bounces@otrs.org [mailto:otrs-bounces@otrs.orgmailto:otrs-bounces@otrs.org] On Behalf Of James Michael DuPont
Sent: 23. marts 2012 20:20
To: User questions and discussions about OTRS.
Subject: Re: [otrs] SystemMonitoring regexp failure
Sune T.,
you can call me mike, my full name is james michael, but everyone calls me me mike.
Lets look at the source for for how the regex is used :
In the source code ;Kernel/System/PostMaster/Filter/SystemMonitoring.pm
you will see that it parses the state from the mail.
# Try to get State, Host and Service from email subject
my @SubjectLines = split /\n/, $Subject;
for my $Line (@SubjectLines) {
for (qw(State Host Service)) {
if ( $Line =~ /$Self->{Config}->{ $_ . 'RegExp' }/ ) {
$Self->{$_} = $1;
Then when the state is extracted, it is matched :
if ( $Self->{State} =~ /$Self->{Config}->{CloseTicketRegExp}/ ) {
where the default regex is CloseTicketRegExp => 'OK|UP'
Then the state of the ticket is stet to the state named, and specified by CloseActionState which defaults to 'closed successful',
So if you use 0, then you would have to have 0 in the subject of the mails. If you want to specify a different state, you need to set the name of that state in CloseActionState.
I hope this helps explain how the system monitoring is used. Let me know if you have any more questions.
mike
On Fri, Mar 23, 2012 at 7:35 PM, Sune T. Tougaard
'CloseTicketRegExp' => '0',
You are going to need some regex to match if the host is up. For example, the standard is : CloseTicketRegExp => 'OK|UP', That means OK or UP will mark the server as back online. See also the documentation, it names this as the default value. Let me know if that helps, mike -- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0tel:%2B49%20%280%29%209421%2056818%200 F: +49 (0) 9421 56818 18tel:%2B49%20%280%29%209421%2056818%2018 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs -- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0tel:%2B49%20%280%29%209421%2056818%200 F: +49 (0) 9421 56818 18tel:%2B49%20%280%29%209421%2056818%2018 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs -- James Michael DuPont Custom Engineering/Research & Development OTRS AG Norsk-Data-Straße 1 D-61352 Bad Homburg T: +49 (0) 9421 56818 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Geschäftssitz: Bad Homburg, Amtsgericht Bad Homburg, HRB 10751, USt-Nr.: DE256610065 Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann (Vorsitzender), Christopher Kuhn
participants (2)
-
James Michael DuPont
-
Sune T. Tougaard