NetXMS Support Forum

I have compiled some new Cisco MIBs for Cisco ASA firewall in the Netxms. Also configured Cisco ASA FW to send syslog traps to NetXMS. But when I am checking in the SNMP Trap monitor the TRAP OIDs and Varbinds are showing numeric OIDs instead of text OID.

Please help me to know if there is any way NetXMS SNMP Trap Monitor can convert the numeric Trap OID like .1.3.6.1.4.1.9.9.41.2.0.1 into clogMessageGenerated.

Syslog trap OID: .1.3.6.1.4.1.9.9.41.2.0.1 = clogMessageGenerated

With thanks,
Vishal Babrekar

I have configured the Cisco ASA firewall to send Syslog messages over the SNMP traps to NetXMS.

In NetXMS I receive the trap correctly as per below,
21.02.2013 18:28:16 10.10.10.1 CISCO-ASA-FW-01 .1.3.6.1.4.1.9.9.41.2.0.1 .1.3.6.1.4.1.9.9.41.1.2.3.1.2.0 == '20'; .1.3.6.1.4.1.9.9.41.1.2.3.1.3.0 == '2'; .1.3.6.1.4.1.9.9.41.1.2.3.1.4.0 == 'Syslog Trap'; .1.3.6.1.4.1.9.9.41.1.2.3.1.5.0 == '<161>Feb 21 2013 21:05:30 APDC3W12-NFWL02 : %ASA-1-104001: (Secondary) Switching to ACTIVE - HELLO not heard from mate.'; .1.3.6.1.4.1.9.9.41.1.2.3.1.6.0 == '4089190800'

For this trap I created a SNMP Trap Mapping with Trap OID as .1.3.6.1.4.1.9.9.41.2.0.1 and the parameter OID as varbind .1.3.6.1.4.1.9.9.41.1.2.3.1.5.0. And also created an Event ASA_FAILOVER for this trap mapping by using %2 which gives me the value of same varbind .1.3.6.1.4.1.9.9.41.1.2.3.1.5.0.

Now in the events I get the message "<161>Feb 21 2013 21:05:30 APDC3W12-NFWL02 : %ASA-1-104001: (Secondary) Switching to ACTIVE - HELLO not heard from mate." But this happens with any other Syslog message being sent by Cisco ASA FW. Because we are using the varbind .1.3.6.1.4.1.9.9.41.1.2.3.1.5.0 which hold the Syslog message string from the SNMP Trap.

So is there any way so that NetXMS will only trigger the event ASA_FAILOVER when the varbind value is having the string "Switching to ACTIVE"

Thanks in advance.

Vishal Babrekar

I am trying to integrate NetXMS with CA Unicenter in order to generate automated tickets.

For this I am using a utility from CA called "cawto". With this utility I can send an event to the CA NSM server with the alert message as generated by NetXMS. Based on the received event, CA NSM then creates ticket in CA Unicenter. I am using below command as an Action in NetXMS to send the events to NSM.


//opt//CA//SharedComponents//ccs//bin//cawto -n waqnsm91 NETXMS - ALERT - %n - %a - %m


Where waqnsm91 is my CA NSM server.

Condition 1:This works perfectly and I can see an event in CA NSM when the contents of message variable %m is in plane text or without any special characters like below,
%m = Node down.

Condition 2: But the command execution fails if the contents of message variable %m is having some characters like " or () or / .

Ex.
%m = Interface "Ethernet100/1/47 (Temp Laptop Connections)" changed state to DOWN (IP Addr: 0.0.0.0/0.0.0.0, IfIndex: 526584704)

In this case, since the message contains the IfName and IfAlias it comes with a slash / and the bracket () which causes the execution to fail.

To verify this I am executing a parallel action as below,


echo HOST - %n - %a - %m >> //home//vishalb//netxms.log


Please help me to get this fixed if anyone also faced this issue.

Thanks in Advance.

Vishal Babrekar