Greetings,
I am battling with trying to make a trigger for checking the CARP interface status on an OpenBSD firewall. I have created a discovery rule which gets me the statuses nicely (MASTER, BACKUP, INIT) for every CARP interface which there are around 60 in total. I also wrote a simple logic check which checks whether there is any split-brain happening with the interfaces:
(({device0:rabe.carp.vhid.status[200].regexp(MASTER)} and {device1:rabe.carp.vhid.status[200].regexp(BACKUP)}) or ({device0:rabe.carp.vhid.status[200].regexp(BACKUP)} and {device1:rabe.carp.vhid.status[200].regexp(MASTER)}))=0
For reference, I modified this plugin to work with OpenBSD as it doesn't quite work as expected out of the box (as it's meant for FreeBSD):
The issue with that written logic check is that it's static and I would need to create a separate trigger for every interface (60 in total), not ok.
Approach 1:
If I were to create a trigger prototype for the same check, I end up with this:
(({device0:rabe.carp.vhid.status[{#CARP_VHID}].regexp(MASTER)} and {device1:rabe.carp.vhid.status[{#CARP_VHID}].regexp(BACKUP)}) or ({device0:rabe.carp.vhid.status[{#CARP_VHID}].regexp(BACKUP)} and {device1:rabe.carp.vhid.status[{#CARP_VHID}].regexp(MASTER)}))=0
Error:
Approach 2:
Another method which would make sense in this situation, would be to have a single trigger event which would check EVERY CARP interface on a device for its status and if one interface differs from the others, an alert would be generated.
{device0:rabe.carp.vhid.status[{#CARP_VHID}].regexp(MASTER)}=0
This does not work: Incorrect item key "rabe.carp.vhid.status[{#CARP_VHID}]" provided for trigger expression on...
Also I cannot simply wildcard it:
{device0:rabe.carp.vhid.status[*].regexp(MASTER)}=0
Nor even use 0-299 for an example in the key. Error remains the same.
Does anyone have any ideas regarding how to approach this situation?
Regards,
Kalle
I am battling with trying to make a trigger for checking the CARP interface status on an OpenBSD firewall. I have created a discovery rule which gets me the statuses nicely (MASTER, BACKUP, INIT) for every CARP interface which there are around 60 in total. I also wrote a simple logic check which checks whether there is any split-brain happening with the interfaces:
(({device0:rabe.carp.vhid.status[200].regexp(MASTER)} and {device1:rabe.carp.vhid.status[200].regexp(BACKUP)}) or ({device0:rabe.carp.vhid.status[200].regexp(BACKUP)} and {device1:rabe.carp.vhid.status[200].regexp(MASTER)}))=0
For reference, I modified this plugin to work with OpenBSD as it doesn't quite work as expected out of the box (as it's meant for FreeBSD):
The issue with that written logic check is that it's static and I would need to create a separate trigger for every interface (60 in total), not ok.
Approach 1:
If I were to create a trigger prototype for the same check, I end up with this:
(({device0:rabe.carp.vhid.status[{#CARP_VHID}].regexp(MASTER)} and {device1:rabe.carp.vhid.status[{#CARP_VHID}].regexp(BACKUP)}) or ({device0:rabe.carp.vhid.status[{#CARP_VHID}].regexp(BACKUP)} and {device1:rabe.carp.vhid.status[{#CARP_VHID}].regexp(MASTER)}))=0
Error:
- Trigger prototype "Test" contains item prototypes from multiple discovery rules.
Approach 2:
Another method which would make sense in this situation, would be to have a single trigger event which would check EVERY CARP interface on a device for its status and if one interface differs from the others, an alert would be generated.
{device0:rabe.carp.vhid.status[{#CARP_VHID}].regexp(MASTER)}=0
This does not work: Incorrect item key "rabe.carp.vhid.status[{#CARP_VHID}]" provided for trigger expression on...
Also I cannot simply wildcard it:
{device0:rabe.carp.vhid.status[*].regexp(MASTER)}=0
Nor even use 0-299 for an example in the key. Error remains the same.
Does anyone have any ideas regarding how to approach this situation?
Regards,
Kalle
Comment