• Skip to content
  • Skip to navigation
  • Skip to footer
Zenoss Core Administration Guide
    1. Event management
    2. Basic event fields
    • About this guide
    • Chapter 1. Using Zenoss Core
      • Initial login
      • Interface and navigation
        • Navigation
        • User information area
        • Portlets
      • Customizing the dashboard
        • Adding a dashboard
        • Adding portlets
        • Arranging portlets
        • Editing the dashboard settings
        • Working with portlets
      • Search
      • Navigating the event console
        • Sorting and filtering events
        • Creating an actionable view
        • Saving a custom view
        • Refreshing the view
        • Viewing event details
        • Selecting events
        • Managing events
      • Running a command from the browser interface
      • Working with triggers and notifications
        • Working with triggers
          • Creating a trigger
          • Editing a trigger
          • Setting global trigger permissions
          • Setting individual trigger permissions
        • Working with notifications
          • Creating a notification
            • Notification actions
          • Editing a notification
            • Notification settings
          • Defining notification content
            • Notification content variables
          • Defining the SNMP trap host
          • Defining commands to run
          • Global notification permissions
          • Setting individual notification permissions
          • Adding notification schedules
      • Advanced user interface configuration
    • Chapter 2. Adding, discovering and modeling devices
      • Discovering devices
        • Providing network or IP address range for device discovery
        • Discovering devices from the command-line interface
        • Classifying discovered devices
        • Updating device authentication details
        • Adding or editing information on a device record
      • Adding devices manually
        • Adding a single device
        • Adding multiple devices
      • Modeling devices
        • Configuring Windows devices to provide data through SNMP
        • Configuring Linux devices to provide data through SNMP
        • Modeling devices using SSH/COMMAND
        • Using device class to monitor devices using SSH
        • Modeling devices using port scan
        • Using the /Server/Scan device class to monitor with port scan
      • About modeler plugins
        • Viewing and editing modeler plugins for a device
          • Adding plugins
          • Reordering plugins
          • Deleting plugins from a device
      • Debugging the modeling process
    • Chapter 3. Working with devices
      • Viewing the device list
        • Devices hierarchy
        • Managing multiple devices from the device list
      • Working with devices
        • Events
        • Components
          • Disabling component monitoring
        • Graphs (Performance)
        • Component graphs
        • Modeler plugins
        • Software
        • Custom properties
        • Configuration properties
        • Device administration
        • Overriden objects
        • Monitoring templates
      • Managing devices and device attributes
        • Clearing heartbeat events
        • Locking device configuration
        • Renaming a device
        • Re-identifying a device
        • Remodeling a device
        • Resetting the device manage IP address
        • Deleting a device
        • Exporting device list to load into another system
        • Batch loading or modifying devices
    • Chapter 4. Configuration properties
      • Configuration property types
      • Configuration properties inheritance and override
      • Viewing and overriding device properties
        • Device configuration properties
      • Viewing and overriding event properties
        • Event configuration properties
      • Viewing and overriding network properties
        • Network configuration properties
    • Chapter 5. Monitoring templates
      • Creating templates
      • Renaming templates
      • Template binding
        • Device templates
          • Binding templates
          • Resetting bindings
        • Component templates
        • Interface templates
      • Example: Defining templates in the device hierarchy
      • Example: Applying templates to multiple areas in the device hierarchy
    • Chapter 6. Basic monitoring
      • Availability monitoring
        • Controlling ping cycle time
        • Using the predefined /Ping device class
        • Monitoring processes
          • Example: Creating a process class
            • Test existing process classes
            • Create an organizer
            • Create a process class
            • Define the regular expression series of a process class
            • Test a process class
            • Test and review the process class sequence
            • Test the process class on a host
          • Process class options
        • Monitoring IP services
          • Enabling IP service monitoring
          • Using the predefined /Server/Scan device class
        • Monitoring Windows Services
      • Monitoring using ZenCommand
        • Plugin format for ZenCommands
        • Testing ZenCommands
      • SNMP monitoring
      • Monitoring devices remotely through SSH
        • Changing Zenoss Core to monitor devices remotely using SSH
        • Using the predefined /Server/Cmd device class
      • Network map
        • Choosing the network to display
        • Viewing device and network details
        • Loading link data
        • Filtering by device type
        • Adjusting viewable hops
        • Adjusting the network map
    • Chapter 7. Performance monitoring
      • Monitoring templates
        • Viewing monitoring templates
      • Template binding
        • Editing templates bound to a device
      • Data sources
        • Adding a data source to a monitoring template
      • Data points
      • Data point aliases
        • Alias formula evaluation
          • Reverse polish notation
          • Using TALES expressions in alias formulas
          • Using Python in alias formulas
        • Adding a data point alias
        • Reports that use aliases
      • Thresholds
        • MinMax threshold
        • ValueChange threshold
        • Adding thresholds
        • Editing MinMax thresholds
        • Editing ValueChange thresholds
      • Performance graphs
        • Graph points
          • Re-sequencing graph points
          • DataPoint graph points
            • Adding DataPoint graph points
            • Editing DataPoint graph points
          • Editing threshold graph points
      • Performance data retention
        • Changing the performance data retention time
    • Chapter 8. Event management
      • Basic event fields
        • Device field
        • Status field
        • Severity field
        • Summary and message fields
      • Other fields
      • Details
      • De-duplication
      • Auto-clear correlation
      • Event consoles
        • Master event console
          • Customizing the event console
          • Selecting events
          • Sorting and filtering events
          • Working with live search
          • Saving an event console view
          • Refreshing the view
          • Viewing event details
          • Acknowledging events
          • Returning events to new status
          • Classifying events
          • Closing events
          • Reopening events
          • Exporting event data
        • Creating events
      • Event sources
        • Generated events
        • Captured events
      • Creating events manually
        • Creating events in the browser interface
        • Creating events from the command line interface
          • Example: Simulate a ping down event
      • Event classes
        • Event class configuration properties
      • Mapping and transformation
        • Event class mappings
        • Event class mapping sequence
        • Event class transform
      • Event life cycle
        • Automatic event aging
        • Automatic archived event cleanup
      • Capturing email messages as events
        • ZenMail
        • ZenPop3
        • Translating message elements to the event
      • SNMP traps and event transforms
        • Classifying SNMP traps
        • Example: Sending test traps
        • Transforming events with event mappings
        • Event transforms based on event class
    • Chapter 9. Production states and maintenance windows
      • Production states
        • Setting the production state for devices
      • Maintenance windows
        • Maintenance window events
        • Creating and using maintenance windows
          • Create a maintenance window for a single device
          • Create a maintenance window for a group of devices
          • Managing maintenance windows
    • Chapter 10. Organizers and path navigation
      • Classes
        • Viewing device classes
        • Adding a class
        • Moving a class
        • Setting configuration properties at the class level
      • Groups
        • Adding a group
          • Moving a group
      • Systems
        • Adding a system or sub-system
          • Moving a system
      • Locations
        • Adding locations
          • Moving a location
        • Integration with Google Maps
          • Enabling Google Maps
          • Setting an address for a location
          • Clearing the Google Maps cache
          • Network links
            • Drawing map links (zDrawMapLinks configuration property)
          • Google Maps example
      • Inheritance
    • Chapter 11. User commands
      • Defining global user commands
      • Running global user commands
      • Defining user commands for a single device
      • Running user commands for a single device
      • Defining user commands for all devices in an organizer
      • Running user commands for devices in an organizer
      • User command example: Echo command
    • Chapter 12. Managing users
      • Creating user accounts
      • Editing user accounts
        • Associating objects with specific users
          • Adding administrators
      • User groups
        • Viewing user groups
        • Creating user groups
      • Roles
      • Device access control lists
        • About device access control lists (ACL)
        • Permissions and roles
        • Administered objects
        • Users and groups
        • Assigning administered object access
        • Portlet access control
        • Example: Restricted tser with ZenUser role
        • Example: Restricted user with ZenManager role
        • Example: Adding device organizers
        • Restricted user organizer management
        • Viewing events
        • Detailed restricted screen functionality
          • Dashboard
          • Device list
          • Device organizers
          • Reporting
    • Chapter 13. Reporting
      • Organizing reports
      • Device reports
        • All Devices
        • All Monitored Components
        • Device Changes
        • MAC Addresses (MAC Address Inventory)
        • Model Collection Age
        • New Devices
        • Ping Status Issues
        • SNMP Status Issues
        • Software Inventory
      • Event reports
        • All EventClasses (All Event Classes)
        • All EventMappings (All Event Mappings)
        • All Heartbeats
      • Performance reports
        • Availability Report
        • CPU Utilization
        • Filesystem Util Report
        • Interface Utilization
        • Memory Utilization
        • Threshold Summary
      • Graph reports
        • Creating a graph report
        • Working with graph reports
      • Multi-Graph reports
        • Creating a multi-graph report
        • Adding collections
        • Adding graph definitions
          • Adding data points
        • Adding graph groups
          • Re-sequencing graph group order
      • Creating a custom device report
      • Scheduling reports
    • Chapter 14. ZenPacks
      • Displaying the list of installed ZenPacks
        • Displaying installed ZenPacks in the browser interface
        • Displaying installed ZenPacks in the CLI
      • ZenPack information resources
      • Preparing to install or upgrade a ZenPack
      • Installing or upgrading a ZenPack
      • Removing a ZenPack
      • Creating a ZenPack
    • Chapter 15. General administration and settings
      • Events settings
        • Changing events database connection information
        • Changing event maintenance settings
      • Rebuilding the events index
      • Working with the job manager
        • Viewing the job manager
        • Stopping and deleting jobs
        • Configuring jobs
        • Running the zenjobs daemon
    • Using the Appliance Administration menu
      • Configure Network and DNS
        • Editing a connection to configure static IPv4 addressing
        • Edit a connection (Docker virtual bridge)
          • CIDR prefix lengths for common subnet masks
        • Activate a connection
        • Setting the system hostname
      • Configure IPv6 Network CIDR
      • Configure Timezone
      • Change Root Password
      • Change ccuser Password
      • Update System
      • Change SSL settings
      • Root Shell
      • Reboot / Poweroff System
    • SNMP device preparation
      • Net-SNMP
      • SNMP v3 support
        • Advanced Encryption Standard
      • Community information
      • System contact information
      • Extra information
    • Syslog device preparation
      • Forwarding syslog messages from UNIX/Linux devices
      • Forwarding syslog messages from a Cisco IOS router
        • Other Cisco syslog configurations
      • Forwarding syslog messages from a Cisco CatOS switch
      • Forwarding syslog messages using syslog-ng
    • TALES expressions
      • Examples
      • TALES device attributes
      • TALES event attributes
    • Monitoring large file systems
      • Procedure
    • Glossary
      • aggregation pools
      • bandwidth utilization
      • component
      • data point
      • data source
      • device
      • device class
      • discovery
      • event
      • event class
      • event rules
      • graph
      • headroom
      • managed resource
      • model
      • monitoring template
      • notification
      • organizer
      • out of balance
      • resource component
      • service definition
      • service profile
      • service template
      • threshold
      • trigger

    Basic event fields

    To enter the event management system, an event must contain values for the device, severity, and summary fields. Zenoss Core rejects events that are missing any of these fields.

    Basic event fields are as follows:

    • Summary
    • Device
    • Component
    • Severity
    • Event Class Key
    • Event Class
    • Collector
    • Device field
    • Status field
    • Severity field
    • Summary and message fields
    Event management
    Device field