AnsweredAssumed Answered

Manipulating events by matching a part of string from 'message'

Question asked by aahmad6 on Feb 5, 2016
Latest reply on Feb 8, 2016 by aahmad6

I am trying to update the fields for specific events if they match a string within message.

The string and the contents to be modified are held within a text file.

 

Contents of a coma (,) delimited file =>  Codes_vs_Severity

 

#####################

2304,A test String

2305,another_test String123

....

....

1000200,last_string to write

#####################

 

The LUA script for manipulation:

 

--------------------------------------

fname = "/tmp/Codes_vs_Severity"

io.input(fname)

for line in io.lines() do

   print(line)

   tmp = split(line,"/,")

 

if string.match(event.message, ':%s*(%a+)%s tmp[1]') then

      print("Found record for: " .. event.message)

      event.user_tag1 = tmp[2]

      event.custom_1 = tmp[1]

   end

end

return event

--------------------------------------

 

Also created a profile that calls the script above. This profile matches on message = *.

 

The idea is to match the string in Col-1 in the message field and if matches, populate the user_tag1 and custom_1 with values in Col-1 and Col-2.

The script fails to execute and i keep on getting an "Error in line 17: attempt to index global 'event' (a nil value)" error.

 

The contents of message that contain the string:

 

Enterprise SNMP v2 Trap : IP 20.40.60.80 : MIB The indicated event message was written to the Event system log. : Severity warning(4) : EventID 2304 : Type Any message here : Message 2201234567 node 123, event 2304, user: 1 (internal), originating ip: 20.40.60.80, local port: 1000, An attempt was made to authenticate with the unknown username ddddd. : OID .1.3.x.x.x.x.x.x.x.x.x

 

Any inputs will be much appreciated

Outcomes