Additional interface details from node for syslog parser events

Started by Largon, December 04, 2019, 12:47:50 PM

Previous topic - Next topic

Largon

Hello NetXMS Community,

we are using syslog parser for Cisco port security violation.

In the cisco syslog message is only mac adress and interface information for syslog parser (int info is equal to interface description in netxms).

Example:   
10:45:06: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address "aaaa.bbbb.cccc" on port GigabitEthernet0/21.

Is there any way to get the interface description (interface alias in netxms) in addition to the mac address and the port?

I have no idea to wich place i should use scripting to match "interface description" with "interface alias" for the event.

Do you have any ideas?

best regards

Tatjana Dubrovica

Recently trap processing script was created. It has node $node, $trap as a string and $varbinds as SNMP_VarBind, event that is about to be generated is accessible via $event global variable.
You can iterate over $node->children, find macAddr and get description. And using method addParameter add one more parameter to event.

Documentation: https://www.netxms.org/documentation/nxsl-3.2/
Some NXSL example available on wiki

Largon

Thank you for the quick reply. I understand that it´s possible to find a solution for our use case via "Script library" (get the infos via foreach iteration and add information direct to the event).

Unfortunately, we have no experience with application script programming. I have tried the following solution via "Script library" with no success (in the event i would use %<additionalInfo> as parameter):

// only for Cisco_IF_Disabled events
if (($event->name != "Cisco_IF_Disabled"))
   return true;
   
// get interface index from description
ifindex = GetInterfaceObject($node, $3);
if (ifindex == null)
   return true;

// get alias (description for cisco port)
alias = ifindex->alias;
if (alias == null)
   return true;

// get peer node (node connected to this interface) object
peer = ifindex->peerNode;
if (peer == null)
   return true;

// set event's named parameter   
SetEventParameter($event, "additionalInfo", "Port Description: " alias);
return true;


I think we should involve commercial support for a working solution.

Tatjana Dubrovica