Ok so I seem to have figured this out. I am going to attempt to post a complete answer here hoping that it helps someone out. The docs are not the clearest on this. References I used for the configuration are and First you need to setup the $OPENNMSHOME/etc/syslogd-configuration.xml to have the following: uei.opennms.org/foo1/foo2/foo3 The ueiList element was my first problem. This is where you actually map the syslog message to a custom uei. The uei can be customized to create any unique identifier you wish to have.
My second problem was with mapping the custom uei to have properties, such as an alert level. This is accomplished through the $OPENNMSHOME/etc/eventconf.xml file. I inserted the following code right below the tag to configure properties for my new custom uei. 00-custom.conf uei.opennms.org/foo1/foo2/foo3 Event Label Here An event description here Here is the Log:%parmall% Critical With these in place syslog messages should come in with desired properties. NOTE: In my scenario I am using non-standard syslog messages which is why I have to use the parser='org.opennms.netmgt.syslogd.CustomSyslogParser' setting in my syslogd-confguration.xml file. If you are using Syslog-NG or a better formatted syslog there are other options. To help with troubleshooting you can go to $OPENNMSHOME/etc or $OPENNMSHOME/bin and run the following: opennms -v status this should show you every running process for NMS and their status.
NOTE: After changing a config file you must run service opennms restart (debian systems) to reload the new configuration. If you get the JVM error or 'couldn't connect to local host' error it is most likely because you broke one of these two configs. Even adding an extra space at the top of the xml file will create this problem. Use care when editing the files and I highly recommend creating backups. Just what I saw immediately, there is a typo in the parser attribute 'CustonSyslogParser' vs. Just to make sure you don't have another problem here:) Otherwise, there are two components which come into play:.
Opennms Opennms-cvs Opennms/opennms 33ad29 Add Al 75h
An event definition which is the result the Syslog message is mapped into an OpenNMS Event. The Syslog parsing rule which identifies the Syslog message and maps it to the given OpenNMS event definition You should have a look at the Postfix Syslog implementation which comes with OpenNMS.
For example, in the file $OPENNMSHOME/etc/syslog/Postfix.syslog.xml you will find a rule which looks at the incoming Syslog messages and will pick every Syslog message which contains 'disabling TLS support' and will create a event with the OpenNMS Unique Event Identifier (UEI) uei.opennms.org/vendor/postfix/syslog/postfix/TLSDisabled. The event with the UEI uei.opennms.org/vendor/postfix/syslog/postfix/TLSDisabled is defined with its severity in $OPENNMS.
There are a number of reasons why e-mails can't be sent. In Step 4 you state that you have configured a custom nodeDown event (which I assume is different than the default nodeDown event).
Verify that your custom notice is also enabled. Your next step will be to edit /opt/opennms/etc/log4j2.xml and scroll to the bottom.
Opennms Opennms-cvs Opennms/opennms 33ad29 Add A Room
Set the log level for 'notifd' to DEBUG. Then repeat your test and my guess is you will see an error in the log with connecting to GMail. Correct that and you should be good to go.