1 Title: Fixed parsing of special syslog messages which don't contain a host name
10 The Event Console is now able to process syslog messages that don't contain the
11 host name field. An example for such a message is this one:
14 Feb 13 08:41:07 pfsp: The configuration was changed on leader blatldc1-xxx to version 1.1366 by blatldc1-xxx/admin at 2019-02-13 09:41:02 CET</tt>
17 In previous versions messages like this resulted in log messages like this in
18 the event console log (var/log/mkeventd.log):
21 2019-02-13 09:41:07,338 [40] [cmk.mkeventd.EventServer] Got non-syslog message "Feb 13 08:41:07 pfsp: The configuration was changed on leader blatldc1-xxx to version 1.1366 by blatldc1-xxx/admin at 2019-02-13 09:41:02 CET" (need more than 1 value to unpack)
22 Traceback (most recent call last):
23 File "/omd/sites/ggmcmpp1/lib/python/cmk/ec/main.py", line 2916, in create_event_from_line
24 event.update(self.parse_syslog_info(rest))
25 File "/omd/sites/ggmcmpp1/lib/python/cmk/ec/main.py", line 2667, in parse_syslog_info
26 tag, message = line.split(": ", 1)
27 ValueError: need more than 1 value to unpack
28 2019-02-13 09:41:07,338 [20] [cmk.mkeventd.EventServer] Parsed message:
33 host_in_downtime: False
37 text: Feb 13 08:41:07 pfsp: The configuration was changed on leader blatldc1-xxx to version 1.1366 by blatldc1-xxx/admin at 2019-02-13 09:41
42 A fallback event was created that had no syslog fields set and contained the
43 whole unparsed syslog message in the text field. If you have EC rules matching
44 on this fallback event, you will have to change these rules to match the parsed
47 Now that the parsing has been added, events created by such a syslog message now
48 have the fields set as follows for our example:
55 host_in_downtime: False
59 text: The configuration was changed on leader blatldc1-xxx to version 1.1366 by blatldc1-xxx/admin at 2019-02-13 09:41:02 CET
63 Please note that the EC uses the sender IP addresse of the syslog message to populate the host field.