SNMP trap configuration

Started by cserzs, April 19, 2014, 12:53:18 AM

Previous topic - Next topic

cserzs

Hi,

I would like to configure an SNMP trap processing in NetXMS system. The raw trap content received by NetXMS system please see below:

2014.04.18 21:26:36   172.20.31.6   NetXMSObjectName   .1.3.6.1.4.1.23986.1.4.1   .1.3.6.1.4.1.23986.2.1.1.0 == 'DeviceName'; .1.3.6.1.4.1.23986.1.2.3.1.9.200083 == '1'; .1.3.6.1.4.1.23986.1.3.4.1.1.2368 == '200083'; .1.3.6.1.4.1.23986.1.3.4.1.2.2368 == '2368'; .1.3.6.1.4.1.23986.1.3.4.1.3.2368 == 'Signal Level 1'; .1.3.6.1.4.1.23986.1.3.4.1.5.2368 == '2014-04-18T19:26:35'; .1.3.6.1.4.1.23986.1.3.4.1.6.2368 == '3'; .1.3.6.1.4.1.23986.1.3.4.1.8.2368 == 'ALARM on Channel [1] : Signal Level 1  [OFF]'

The source device what generates the above trap event uses a common OID (.1.3.6.1.4.1.23986.1.4.1) for Begin of Alarm event notification and for End of Alarm event notification as well.

The Status of Alarm Event (begin[2] or end[1]) is coded in the 1.3.6.1.4.1.23986.1.2.3.1.9.200083 varbind.

The severity of Alarm event (info[1], warning[2], critical[3]) is coded in the .1.3.6.1.4.1.23986.1.3.4.1.6.2368 varbind.

My question is: Is it possible to configure a such event processing in NetXMS system what works as the follows?

When arrives a trap message with Begin of Alarm status content then it generates an NetXMS Alert Event with severity decoded from trap varbind.

When arrives a trap message with End of Alarm status content then it results the automatic NetXMS Alert Event termination.

Thank you in advance and best regards,
cserzs

Victor Kirhenshtein

Hi!

I would suggest the following scheme:

Create events (of course you can name them any way you want):

TRAP_RAW (normal severity)
TRAP_INFO (normal severity)
TRAP_WARNING (warning severity)
TRAP_CRITICAL (critical severity)
TRAP_CLOSE (normal severity)

Create SNMP trap mapping for trap .1.3.6.1.4.1.23986.1.4.1 with the following varbind mapping:
#2 - .1.3.6.1.4.1.23986.1.2.3.1.9.200083
#3 - .1.3.6.1.4.1.23986.1.3.4.1.6.2368
#4 - .1.3.6.1.4.1.23986.1.3.4.1.8.2368  (this is needed if you want to pass message as parameter to event)

Create server action that will call the following NXSL script from library:


if ($event->parameters[2] == 2)
{
   switch($event->parameters[3])
   {
      case 3:
         evt = "TRAP_CRITICAL";
         break;
      case 2:
         evt = "TRAP_WARNING";
         break;
      default:
         evt = "TRAP_INFO";
         break;
   }
   PostEvent($node, evt, null, $event->parameters[4]);  // pass message as first parameter to generated event
}
else
{
   PostEvent($node, "TRAP_CLOSE");
}


Then create the following rules in event processing policy:

1.

event is TRAP_RAW

action: call script and stop processing

2.

event is TRAP_INFO, TRAP_WARNING, or TRAP_CRITICAL

action: create alarm with some key

3.

event is TRAP_CLOSE

action: terminate alarm with key used in rule #2

Please note that message extracted from trap will be available as %1 in message template for generated events and alarms.

Best regards,
Victor

cserzs

Hi,

Thank you very much for your very detailed support. It works perfect.  :)

Regards,
cserzs