Author Topic: Additional interface details from node for syslog parser events  (Read 435 times)

Largon

  • Newbie
  • *
  • Posts: 4
    • View Profile
Additional interface details from node for syslog parser events
« on: December 04, 2019, 12:47:50 pm »
Hello NetXMS Community,

we are using syslog parser for Cisco port security violation.

In the cisco syslog message is only mac adress and interface information for syslog parser (int info is equal to interface description in netxms).

Example:   
10:45:06: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address "aaaa.bbbb.cccc" on port GigabitEthernet0/21.

Is there any way to get the interface description (interface alias in netxms) in addition to the mac address and the port?

I have no idea to wich place i should use scripting to match "interface description" with "interface alias" for the event.

Do you have any ideas?

best regards

Tatjana Dubrovica

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 268
    • View Profile
Re: Additional interface details from node for syslog parser events
« Reply #1 on: December 05, 2019, 12:39:45 am »
Recently trap processing script was created. It has node $node, $trap as a string and $varbinds as SNMP_VarBind, event that is about to be generated is accessible via $event global variable.
You can iterate over $node->children, find macAddr and get description. And using method addParameter add one more parameter to event.

Documentation: https://www.netxms.org/documentation/nxsl-3.2/
Some NXSL example available on wiki

Largon

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Additional interface details from node for syslog parser events
« Reply #2 on: December 09, 2019, 11:47:42 am »
Thank you for the quick reply. I understand that it´s possible to find a solution for our use case via "Script library" (get the infos via foreach iteration and add information direct to the event).

Unfortunately, we have no experience with application script programming. I have tried the following solution via "Script library" with no success (in the event i would use %<additionalInfo> as parameter):

// only for Cisco_IF_Disabled events
if (($event->name != "Cisco_IF_Disabled"))
   return true;
   
// get interface index from description
ifindex = GetInterfaceObject($node, $3);
if (ifindex == null)
   return true;

// get alias (description for cisco port)
alias = ifindex->alias;
if (alias == null)
   return true;

// get peer node (node connected to this interface) object
peer = ifindex->peerNode;
if (peer == null)
   return true;

// set event's named parameter   
SetEventParameter($event, "additionalInfo", "Port Description: " alias);
return true;


I think we should involve commercial support for a working solution.

Tatjana Dubrovica

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 268
    • View Profile
Re: Additional interface details from node for syslog parser events
« Reply #3 on: December 11, 2019, 12:33:16 pm »
Hi,

You can send request to info@radensolutions.com