Text only | Text with Images

NetXMS Support Forum

English Support => General Support => Topic started by: Largon on December 04, 2019, 12:47:50 PM

Title: Additional interface details from node for syslog parser events
Post by: Largon on December 04, 2019, 12:47:50 PM
Hello NetXMS Community,

we are using syslog parser for Cisco port security violation.

In the cisco syslog message is only mac adress and interface information for syslog parser (int info is equal to interface description in netxms).

Example:   
10:45:06: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address "aaaa.bbbb.cccc" on port GigabitEthernet0/21.

Is there any way to get the interface description (interface alias in netxms) in addition to the mac address and the port?

I have no idea to wich place i should use scripting to match "interface description" with "interface alias" for the event.

Do you have any ideas?

best regards
Title: Re: Additional interface details from node for syslog parser events
Post by: Tatjana Dubrovica on December 05, 2019, 12:39:45 AM
Recently trap processing script was created. It has node $node, $trap as a string and $varbinds as SNMP_VarBind, event that is about to be generated is accessible via $event global variable.
You can iterate over $node->children, find macAddr and get description. And using method addParameter add one more parameter to event.

Documentation: https://www.netxms.org/documentation/nxsl-3.2/
Some NXSL example available on wiki
Title: Re: Additional interface details from node for syslog parser events
Post by: Largon on December 09, 2019, 11:47:42 AM
Thank you for the quick reply. I understand that it´s possible to find a solution for our use case via "Script library" (get the infos via foreach iteration and add information direct to the event).

Unfortunately, we have no experience with application script programming. I have tried the following solution via "Script library" with no success (in the event i would use %<additionalInfo> as parameter):

// only for Cisco_IF_Disabled events
if (($event->name != "Cisco_IF_Disabled"))
   return true;
   
// get interface index from description
ifindex = GetInterfaceObject($node, $3);
if (ifindex == null)
   return true;

// get alias (description for cisco port)
alias = ifindex->alias;
if (alias == null)
   return true;

// get peer node (node connected to this interface) object
peer = ifindex->peerNode;
if (peer == null)
   return true;

// set event's named parameter   
SetEventParameter($event, "additionalInfo", "Port Description: " alias);
return true;


I think we should involve commercial support for a working solution.
Title: Re: Additional interface details from node for syslog parser events
Post by: Tatjana Dubrovica on December 11, 2019, 12:33:16 PM
Hi,

You can send request to [email protected]
Text only | Text with Images