Event Daemon Configuration
The back-end configuration surrounding events is split into two areas: the configuration of eventd itself, and the configuration of events definitions known to Meridian.
The eventd-configuration.xml file
The overall behavior of eventd is configured in the ${OPENNMS_HOME}/etc/eventd-configuration.xml
file.
This file does not need to be changed in most installations.
The configurable items include the following:
- TCPAddress
-
The IP address to which the eventd XML/TCP listener will bind. Defaults to
127.0.0.1
. - TCPPort
-
The TCP port number on
TCPAddress
to which the eventd XML/TCP listener will bind. Defaults to5817
. - UDPAddress
-
The IP address to which the eventd XML/UDP listener will bind. Defaults to
127.0.0.1
. - UDPPort
-
The UDP port number on
TCPAddress
to which the eventd XML/UDP listener will bind. Defaults to5817
. - receivers
-
The number of threads allocated to service the event intake work done by eventd.
- queueLength
-
The maximum number of events that may be queued for processing. Additional events will be dropped. Defaults to unlimited.
- getNextEventID
-
An SQL query statement used to retrieve the ID of the next new event. Changing this setting is not recommended.
- socketSoTimeoutRequired
-
Whether to set a timeout value on the eventd receiver socket.
- socketSoTimeoutPeriod
-
The socket timeout, in milliseconds, to set if
socketSoTimeoutRequired
is set toyes
. - logEventSummaries
-
Whether to log a simple (terse) summary of every event at level
INFO
. Useful when troubleshooting event processing on busy systems whereDEBUG
logging is not practical.
The set of known events is configured in ${OPENNMS_HOME}/etc/eventconf.xml
.
This file opens with a <global>
element, whose <security>
child element defines which event fields may not be overridden in the body of an event submitted via any eventd listener.
This mechanism stops a malicious actor from, for instance, sending an event whose operator-action
field amounts to a phishing attack.
After the <global>
element, this file consists of a series of <event-file>
elements.
The content of each <event-file>
element specifies the path of a tributary file whose contents will be read and incorporated into the event configuration.
These paths are resolved relative to the ${OPENNMS_HOME}/etc
directory; absolute paths are not allowed.
Each tributary file contains a top-level <events>
element with one or more <event>
child elements.
Consider the following event definition:
<event>
<uei>uei.opennms.org/nodes/nodeLostService</uei>
<event-label>OpenNMS-defined node event: nodeLostService</event-label>
<descr><p>A %service% outage was identified on interface
%interface% because of the following condition: %parm[eventReason]%.</p> <p>
A new outage record has been created and service-level
availability calculations will be impacted until this outage is
resolved.</p></descr>
<logmsg dest="logndisplay">
%service% outage identified on interface %interface%.
</logmsg>
<severity>Minor</severity>
<alarm-data reduction-key="%uei%:%dpname%:%nodeid%:%interface%:%service%" alarm-type="1" auto-clean="false"/>
</event>
Every event definition has this same basic structure. See Anatomy of an event for a discussion of the structural elements.
A word about severities
When setting event severities, it’s important to consider each event in the context of your infrastructure as a whole.
Events whose severity is critical at the zoomed-in level of a single device may not merit a Critical
severity in the zoomed-out view of your entire enterprise.
Since an event with Critical
severity can never have its alarms escalated, you should usually reserve this highest severity level for events that unequivocally indicate a truly critical impact to the business.
Rock legend Nigel Tufnel offered some wisdom on the subject.
Structure of the eventconf.xml
tributary files
The order of event definitions is very important, as an incoming event is matched against them in order. It is possible, and often useful, to have several event definitions that could match variant forms of a given event; for example, based on the values of SNMP trap variable bindings.
The tributary files included via the <event-file>
tag have been broken up by vendor.
When Meridian starts, each tributary file is loaded in order.
The ordering of events inside each tributary file is also preserved.
The tributary files listed at the end of eventconf.xml
contain catch-all event definitions.
When slotting your own event definitions, take care not to place them below these catch-all files; otherwise your definitions will be effectively unreachable.
A Few Tips
-
To save memory and shorten startup times, you may want to remove event definition files that you know you do not need.
-
If you need to customize some events in one of the default tributary files, you may want to make a copy of the file containing only the customized events and load the copy above the original in
eventconf.xml
. This practice will make it easier to maintain your customizations in case the default file changes in a future release of Meridian.
Reloading the event configuration
After making manual changes to ${OPENNMS_HOME}/etc/eventconf.xml
or any of its tributary files, you must restart the eventd daemon.
You can trigger a reload of the daemon in the Karaf shell or by issuing the following command on the Meridian server:
$\{OPENNMS_HOME}/bin/send-event.pl uei.opennms.org/internal/reloadDaemonConfig -p 'daemonName Eventd'