Jon,
Sorry, have been swamped w/ the job - So assuming your syslog is coming is as like this log (the HL200302 is the device that sent the syslog - zenoss added this) - You will probably want to verify by turning on debug:
2013-07-25 09:04:13,247 DEBUG zen.Syslog: HL200302 firewall,info denied by firewall input: in:ether1 out:(none), src-mac 00:01:5c:50:b2:41, proto UDP, 96.120.28.193:67->255.255.255.255:68, len 328
You can add the 4th and 5th lines to your SyslogProcessing.py in the same spot:
# generic mark
r"^(?P<summary>-- (?P<eventClassKey>MARK) --)",
# Jon's Parser
r"^(?:.*)(?P<component>firewall)(?:,)(?P<summary>.*)(?:,\slen\s\d)",
# Cisco UCS
The event that is sent up looks like this:
2013-07-25 09:04:13,252 DEBUG zen.zensyslog: Queued event (total of 1) {'rcvtime': 1374761053.251883, 'firstTime': 1374761053.238079, 'severity': 2, 'facility': 5, 'eventClassKey': u'firewall', 'component': 'firewall', 'agent': 'zensyslog', 'summary': 'info denied by firewall input: in:ether1 out:(none), src-mac 00:01:5c:50:b2:41, proto UDP, 96.120.28.193:67->255.255.255.255:68', 'priority': 6, 'manager': 'x1appxxx', 'eventGroup': 'syslog', 'originalTime': 'Jul 25 09:04:13', 'device': 'hl200302', 'lastTime': 1374761053.238079, 'ipAddress': '1.1.1.1', 'monitor': 'localhost'}
Attaching the event console snapshot.
I am not sure this is exactly what you were asking for? firewall as component and the rest the summary?
--Rob