Ad Widget

Collapse

Auto close SNMP trigger

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Linuxjohnny
    Junior Member
    • Nov 2018
    • 14
    #1

    Auto close SNMP trigger

    Hi,

    I try to work with SNMP Traps.
    So i can receive SNMP Traps but now i want to close a problem if there is a recovery trap but i have no idea how to do this

    For now i did create some items to sort the SNMP Traps for example:

    Name: SNMP Trap: Internet Link down
    Key: snmptrap["path-monitor-failure"]
    Name: SNMP Trap: Internet Link up
    Key: snmptrap["path-monitor-recovery"]
    Then i did create a trigger:
    Name: Palo Alto Firewall Internet Link Down
    Problem Expression: {CL04 Template Receive SNMP Trap Palo Alto:snmptrap["path-monitor-failure"].regexp(.*)}=1
    Recovery Expression: {CL04 Template Receive SNMP Trap Palo Alto:snmptrap["path-monitor-recovery"].regexp(.*)}=1
    But i think i'm on the wrong way!

    Now my question is, how to auto close a trigger when the recovery snmp trap is received?

    Many thanks for your help !

    Regards,
    Kevin

    Fail SNMP Trap

    11:06:48 2018/12/07 PDU INFO:
    receivedfrom UDP: [10.2.128.9]:35229->[10.2.176.247]:162
    errorstatus 0
    version 1
    requestid 1922816940
    errorindex 0
    notificationtype TRAP
    community public
    transactionid 40508
    messageid 0
    VARBINDS:
    DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (424163633) 49 days, 2:13:56.33
    SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: SNMPv2-SMI::enterprises.25461.2.1.3.2.0.1551
    SNMPv2-SMI::enterprises.25461.2.1.3.1.2 type=4 value=STRING: "2018/12/07 11:06:48"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.3 type=4 value=STRING: "010401003313"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.4 type=4 value=STRING: "SYSTEM"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.5 type=4 value=STRING: "routing"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.7 type=4 value=""
    SNMPv2-SMI::enterprises.25461.2.1.3.1.8 type=70 value=Counter64: 981535
    SNMPv2-SMI::enterprises.25461.2.1.3.1.9 type=4 value=STRING: "0x0"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.12 type=4 value=STRING: "C4FWSM03-01"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.300 type=4 value=STRING: "path-monitor-failure"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.301 type=4 value=STRING: "default"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.302 type=4 value=STRING: "general"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.303 type=2 value=INTEGER: 5
    SNMPv2-SMI::enterprises.25461.2.1.3.1.304 type=4 value=STRING: "Path monitoring failed for static route destination 0.0.0.0/0 with next hop 212.117.121.81. Route removed."
    Recovery SNMP Trap

    11:04:30 2018/12/07 PDU INFO:
    notificationtype TRAP
    errorindex 0
    requestid 1922816939
    version 1
    receivedfrom UDP: [10.2.128.9]:48859->[10.2.176.247]:162
    errorstatus 0
    messageid 0
    community public
    transactionid 40484
    VARBINDS:
    DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (424149843) 49 days, 2:11:38.43
    SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: SNMPv2-SMI::enterprises.25461.2.1.3.2.0.1552
    SNMPv2-SMI::enterprises.25461.2.1.3.1.2 type=4 value=STRING: "2018/12/07 11:04:30"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.3 type=4 value=STRING: "010401003313"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.4 type=4 value=STRING: "SYSTEM"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.5 type=4 value=STRING: "routing"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.7 type=4 value=""
    SNMPv2-SMI::enterprises.25461.2.1.3.1.8 type=70 value=Counter64: 981528
    SNMPv2-SMI::enterprises.25461.2.1.3.1.9 type=4 value=STRING: "0x0"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.12 type=4 value=STRING: "C4FWSM03-01"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.300 type=4 value=STRING: "path-monitor-recovery"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.301 type=4 value=STRING: "default"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.302 type=4 value=STRING: "general"
    SNMPv2-SMI::enterprises.25461.2.1.3.1.303 type=2 value=INTEGER: 5
    SNMPv2-SMI::enterprises.25461.2.1.3.1.304 type=4 value=STRING: "Path monitoring for static route destination 0.0.0.0/0 with next hop 212.117.121.81 recovered. Route restored."
    Last edited by Linuxjohnny; 07-12-2018, 15:24.
    Tags: None
    • Linwood
      Senior Member
      • Dec 2013
      • 398
      #2
      I'm not completely sure how you have the item set up, but you want the trap item (not trigger) set up so it catches (and only catches) the trap and the recovery both. Then check the item in the trigger to see whether the most recent value is the failure (alert). You can use the recovery expression as done, I think, or just let it recover implicitly because the true state that triggers becomes false when it contains the "recovery" instead of "failure".

      Maybe I should be asking "what doesn't work about what you are doing"? Are you not receiving the clear, or is the trigger staying active even if the item shows "recovery"?

        Comment

        • Linuxjohnny
          Junior Member
          • Nov 2018
          • 14
          #3
          Hi,

          Thank you for your reply!

          Ok now i've created a item which catches both events (fail and recovery)

          snmptrap[("path-monitor-failure")|("path-monitor-recovery")]
          And a trigger Problem expression:
          {CL04 Template Receive SNMP Trap Palo Alto:snmptrap[("path-monitor-failure")|("path-monitor-recovery")].regexp(""path-monitor-failure"")}=1
          Recovery expression:
          {CL04 Template Receive SNMP Trap Palo Alto:snmptrap[("path-monitor-failure")|("path-monitor-recovery")].regexp(""path-monitor-recovery"")}=1
          An a Tag for matching because we have 4 links...

          Tag: NextHop Value: {{ITEM.VALUE}.regsub("(with next hop)(.*)(( recovered|\. Route removed))", "\2")}

          All this works now perfectly

          But
          In the Name of the Trigger i also use the regsub from the Tag: Internet Link {{ITEM.VALUE}.regsub("(with next hop)(.*)(( recovered|\. Route removed))", "\2")} Down

          Do you know is there a solution to use the Tag Value in the name?
          And is there a way to Change the value from the ip address to human readable name? Like 1.1.1.1 = "inet Access Main"

          I did a try within the item to replace the ip with a readable name but then the whole snmp trap was replaced with this value...

            Comment

            Previous template Next
            Working...