Right, firstly, I have SNMP trap handling working via the perl script located on the wiki.
I've amended it a bit, but otherwise it will send each SNMP trap, against identified hosts, as they occur.
At present, I have a set of triggers defined like this (note, I use regular expressions to simplify triggers):
({Template_SNMP_traps:snmptraps.regexp(@snmp_trap_ down_redundant_event)}=1) &({Template_SNMP_traps:snmptraps.nodata(180)}=0 )
So, in short, a trap is received, then after 180 seconds (3 minutes) the trigger is reset (PROBLEM > OK). This means that even though a problem may still exist, it's status is set as OK; this isn't ideal, but seems to be the usual method.
Otherwise, the behaviour (as I understand it) will mean the problem status will remain indefinitely if snmptraps.nodata isn't set.
What I would like to have is a flow as follows:
TRAP > PROBLEM > TRAP > OK.
In other words, for traps where both a problem trap and an ok trap are sent, I'd like the "ok" trap to act exactly as an agent alert would be, in that a PROBLEM is closed by a subsequent OK.
For example: VMware can send a trap if something generates an Alarm, then a second trap when the Alarm ceases. Typically this is done by setting a string like OldStatus.0: Green, NewStatus.0 Red; this is then reverse when the alarm silences.
I'd like, as in above, to have the first trap cause a trigger to go into PROBLEM, and the second to set it back to OK.
Has anyone managed to figure out how to do this? Is it actually possible?
I get the impression this isn't currently possible.. suggestions?
I've amended it a bit, but otherwise it will send each SNMP trap, against identified hosts, as they occur.
At present, I have a set of triggers defined like this (note, I use regular expressions to simplify triggers):
({Template_SNMP_traps:snmptraps.regexp(@snmp_trap_ down_redundant_event)}=1) &({Template_SNMP_traps:snmptraps.nodata(180)}=0 )
So, in short, a trap is received, then after 180 seconds (3 minutes) the trigger is reset (PROBLEM > OK). This means that even though a problem may still exist, it's status is set as OK; this isn't ideal, but seems to be the usual method.
Otherwise, the behaviour (as I understand it) will mean the problem status will remain indefinitely if snmptraps.nodata isn't set.
What I would like to have is a flow as follows:
TRAP > PROBLEM > TRAP > OK.
In other words, for traps where both a problem trap and an ok trap are sent, I'd like the "ok" trap to act exactly as an agent alert would be, in that a PROBLEM is closed by a subsequent OK.
For example: VMware can send a trap if something generates an Alarm, then a second trap when the Alarm ceases. Typically this is done by setting a string like OldStatus.0: Green, NewStatus.0 Red; this is then reverse when the alarm silences.
I'd like, as in above, to have the first trap cause a trigger to go into PROBLEM, and the second to set it back to OK.
Has anyone managed to figure out how to do this? Is it actually possible?
I get the impression this isn't currently possible.. suggestions?
Comment