NetXMS Support Forum

Hello,
first of all thank you for this software. Now I want to monitor using SNMP some Alcatel 9500 MXC CT radio equipmets.NetXMS is installed on a Win XP machine. As long as I don't have the MIB files for this equipment I did the folowing things:
- create a critical alarm event "ALARMA ECHIPAMENTE"
-Create a SNMP trap with trap OID .1.3.6.1.4.1.2509.8.21.3.1 with trap parameter binding by object ID.1.3.6.1.4.1.2509.8.21.2.2.1.7 and asign with alarm event "ALARMA ECHIPAMENTE"
- because on this way I catched not only the alarms on the equipment but every message about it(like emission power increase - which is not an alarm - is just a message that tells that the equipment changed the state) I used sys log praser to send the text contained in the message to the alarm browser - so no I can see in alarm browser the message and from there reading this message I can understand if it is a real critical alarm or just a  message that tells you that the equipment changed the state. This is not what I looking for but for the moment it works. I was looking for something that tells me when is a real alarm and when not but  as long as I always get the  same OID I supose that is not possible. Please confirm or advice if I can solve this in another way (I don't know maybe with sys log parser or some external programs that looks in message content).
Now another problem that I have with the previous working mode is that if an alarm appears after another alarm the second alarm goes in alarm browser over the first one so I can not know abaout the first one even the source is different(for example one alarm is comming from the equipment A and it is alarm. Until I acknowledge this alarm another alarm is comming from equipment B and this let say is just an false critical alarm because it tells the equipment changed the state, but it goes over the first one and I just missed the real critical alarm). So how can solve this?
If you need any aditional informations log files or anything else just let me know,
Thank you in advance,
And best regards,
Calin

Hi!

1. Looks like you need to create filtering script to perform additional filtering when creating alarms from traps. If you can tell me how important traps can be distinguished from non-important (probably different message text or error code, etc.), I can help with filtering script creation.

2. Most likely you have incorrectly configured alarm key. Ensure that it includes unique node ID (macro %i), or make it empty to disable alarm duplication checking at all.

Best regards,
Victor

Hello Victor,

1)important traps contain in message text this string "ALARMA" and all others doesn't contain. I don't know which is the error code in SNMP trap or if it is different for different alarms but I can program the radio equipment to put that string in SNMP traps that I'm interested, so we can look for that.
2) If I'm not using an alarm key then I'm flooded with alarms because it seems that all SNMP traps that are coming from equipments are coming with same trap OID .1.3.6.1.4.1.2509.8.21.3.1, so now i'm using macro %i as alarm key and right now it logs alrms from diferent equipments but for the same equipment not (for example I get an important alarm from equipment A and after that I get a non-important alarm from the same equipment A and this last alarm is logged over the first one and I lose the important one). Anyway after I have the filtering script I think that I can use an empty alarm key because then I can filter the alrms using that filter.

Many thakns for your prompt answer,
Best regards
Calin

Hi!

In that case filtering script could be very simple - you just need to filter out all events which does not contain string ALARMA in text message. Assuming that you have extracted message into event parameter number 2, you need the following filtering script:


return $2 like "*ALARMA*";


or, using regular expressions


return $2 match ".*ALARMA.*";


Best regards,
Victor

Hi Victor,
I added in Event Processing Policy Editor in script field both
return $3(because this is the parameter used in sys log praser to send the text contained in the SNMP trap) like "ALARMA"
and
return $3 match "ALARMA"
but it doesn't works. Is it something that maybe I missed? For example you put some strange characters in syntax form 1 before and after string ALARMA and the same characters plus point sign in syntax form 2. Are  these necessary?
Thank you,
Best regards,
Calin

Hi Victor,
I think that the strange character is the asterisk character that means everything, but I still don't understand the point sign before and after asterisk in syntax form 2.I tried also the sintax 
return $3 like "*ALARMA*"
But still doesn't work.
Thanks,
Looking forward for your help

Hi!

Yes, * character means "everything" - you need this if your message contains string ALARMA and not equals to it. About syntax - did you enter script exactly as I write it, with semicolon at the end? Otherwise it will fail with syntax error.

Best regards,
Victor

First time I missed semicolon but I had no error. I tried also with semicolon, had no error but is not filtering.
I also tried someting like:
sub main()
{
if ( $3 match "ALARMA")
return true
else
return false
}
but still no result.
It is correct the place where I put the script?(Event processing policy editor - Script)
I don't have any idea now. What else can I try?
Thanks,
Calin

Could you please send me screenshots of your trap configuration, event configuration, rule in event processing policy, and record in SNMP trap log?

Best regards,
Victor

Victor,
attached you can find the screen shots that you asked.
One question please, as long as  I was not able to execute comands or scripts from Actions section in your program could be there any connection with the present situation ?  I tried a simple command like "cmd.exe /C "mplay32"" and even it seems that is fine is not working.I tried to put the same command in a bat file and add that bat file in actions and still not working even if everything is fine (I read all your post on the forum regarding this subject and follow the recomandations). Anyway doesn't matter, I was just asking if can be any connection between the present situation and that situation as long as your program should execute/interpret some syntax/command.
Thanks,
Best regards,
Calin

trap config, event policy processor config and syslog parser config

SNMP trap log

SNMP trap log 2

Hi!

As I can see from your config, you extract only one varbind from SNMP trap - with OID .1.3.6.1.4.1.2509.8.21.2.2.1.7. Value of this varbind will become event's parameter number 2, as you can see from column "No." in trap configuration's "Parameter buindings" list. But, in your event configuration and event processing policy you refer to parameter number 3 (by using macro %3 and variable $3 in script), which will always be empty string, because you don't extract anything else from trap. If you change $3 in your script to $2, it should start working.

Also, why you are using syslog parser? Do you receive anything via syslog as well?

Best regards,
Victor

Quote from: calin.sarac on January 08, 2011, 09:44:48 AM
One question please, as long as  I was not able to execute comands or scripts from Actions section in your program could be there any connection with the present situation ?  I tried a simple command like "cmd.exe /C "mplay32"" and even it seems that is fine is not working.I tried to put the same command in a bat file and add that bat file in actions and still not working even if everything is fine (I read all your post on the forum regarding this subject and follow the recomandations).

If you are running NetXMS server as a Windows service, you will not see any GUI for the programs started by the server. If you really wish to see GUI program started by the server, you should turn on "Allow service to interact with desktop" in NetXMS Core service properties. For simple tests, I recommend you to start simple program or bat file which writes something to some file, and check content of that file.

Best regards,
Victor