Hi,
I would like to configure an SNMP trap processing in NetXMS system. The raw trap content received by NetXMS system please see below:
2014.04.18 21:26:36 172.20.31.6 NetXMSObjectName .1.3.6.1.4.1.23986.1.4.1 .1.3.6.1.4.1.23986.2.1.1.0 == 'DeviceName'; .1.3.6.1.4.1.23986.1.2.3.1.9.200083 == '1'; .1.3.6.1.4.1.23986.1.3.4.1.1.2368 == '200083'; .1.3.6.1.4.1.23986.1.3.4.1.2.2368 == '2368'; .1.3.6.1.4.1.23986.1.3.4.1.3.2368 == 'Signal Level 1'; .1.3.6.1.4.1.23986.1.3.4.1.5.2368 == '2014-04-18T19:26:35'; .1.3.6.1.4.1.23986.1.3.4.1.6.2368 == '3'; .1.3.6.1.4.1.23986.1.3.4.1.8.2368 == 'ALARM on Channel [1] : Signal Level 1 [OFF]'
The source device what generates the above trap event uses a common OID (.1.3.6.1.4.1.23986.1.4.1) for Begin of Alarm event notification and for End of Alarm event notification as well.
The Status of Alarm Event (begin[2] or end[1]) is coded in the 1.3.6.1.4.1.23986.1.2.3.1.9.200083 varbind.
The severity of Alarm event (info[1], warning[2], critical[3]) is coded in the .1.3.6.1.4.1.23986.1.3.4.1.6.2368 varbind.
My question is: Is it possible to configure a such event processing in NetXMS system what works as the follows?
When arrives a trap message with Begin of Alarm status content then it generates an NetXMS Alert Event with severity decoded from trap varbind.
When arrives a trap message with End of Alarm status content then it results the automatic NetXMS Alert Event termination.
Thank you in advance and best regards,
cserzs
Hi!
I would suggest the following scheme:
Create events (of course you can name them any way you want):
TRAP_RAW (normal severity)
TRAP_INFO (normal severity)
TRAP_WARNING (warning severity)
TRAP_CRITICAL (critical severity)
TRAP_CLOSE (normal severity)
Create SNMP trap mapping for trap .1.3.6.1.4.1.23986.1.4.1 with the following varbind mapping:
#2 - .1.3.6.1.4.1.23986.1.2.3.1.9.200083
#3 - .1.3.6.1.4.1.23986.1.3.4.1.6.2368
#4 - .1.3.6.1.4.1.23986.1.3.4.1.8.2368 (this is needed if you want to pass message as parameter to event)
Create server action that will call the following NXSL script from library:
if ($event->parameters[2] == 2)
{
switch($event->parameters[3])
{
case 3:
evt = "TRAP_CRITICAL";
break;
case 2:
evt = "TRAP_WARNING";
break;
default:
evt = "TRAP_INFO";
break;
}
PostEvent($node, evt, null, $event->parameters[4]); // pass message as first parameter to generated event
}
else
{
PostEvent($node, "TRAP_CLOSE");
}
Then create the following rules in event processing policy:
1.
event is TRAP_RAW
action: call script and stop processing
2.
event is TRAP_INFO, TRAP_WARNING, or TRAP_CRITICAL
action: create alarm with some key
3.
event is TRAP_CLOSE
action: terminate alarm with key used in rule #2
Please note that message extracted from trap will be available as %1 in message template for generated events and alarms.
Best regards,
Victor
Hi,
Thank you very much for your very detailed support. It works perfect. :)
Regards,
cserzs