Ad Widget

**Uturn** · 25-03-2015, 12:25

I reply to my own post for better overview.

I'm trying a few combinations right now and have one basic question. If i create a trigger with two items

- one gets updated (interface up/down)
- one gets only one message

Is this trigger recalculated if only one of the items gets an update? If so, i wonder why this trigger doesn't work

({TRIGGER.VALUE}=0 and {SWITCH.snmptrap[intrusion.item].str(ALERT,10)}=1)
or
({TRIGGER.VALUE}=1 and {SWITCH.ifOperStatus[{#SNMPVALUE}].last()}><1))

If i understand correctly, this means...if the trigger status is OK and ALERT has been found, set trigger to PROBLEM. If the trigger is on status PROBLEM and as long as the status is not 1 stay in status PROBLEM.

**Uturn** · 26-03-2015, 15:50

At least it would be nice to know when exactly a trigger gets called, run whatever.

According to the example in the wiki (snmptraps)

{Template SNMP traps:snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltagePro blem|OverloadCondition)"].str("LineVoltageProblem")}=1
&
{Template SNMP traps:snmptrap["cpqRackPowerSubsystem(NotRedundant|LineVoltagePro blem|OverloadCondition)"].nodata(5m)}=0

the following should work...but it doesn't

{SWITCH.snmptrap[intrusion.item].str(ALERT,10)}=1
and
{SWITCH.snmptrap[intrusion.item].nodata(60)}=0

means...if "ALERT" found, set to PROBLEM...if i understand correctly 30 seconds later, the trigger gets called again and should switch back to OK only if there were no new entries found within 60 seconds for item "snmptrap[intrusion.item]".

This is fundamental, so this should be clarified

**Uturn** · 27-03-2015, 12:20

Trigger: combination of different items (snmptrap) - Solved

It's working now as expected...and much easier than you think. UPDATE, see below

({TRIGGER.VALUE}=0 and {SWITCH:snmptrap[intrusion.item].diff()}=1)
or
({TRIGGER.VALUE}=1 and {SWITCH:snmptrap[ifOperStatus.item].str(linkDown,#1)}=1)

That means...

If trigger status OK(0) and the new "intrusion.item" value differs from the last (which is always the case because of the timestamp) set trigger status = PROBLEM(1)

OR (and thats important...stay in status PROBLEM)

if trigger status PROBLEM(1) and last value of "ifOperStatus.item" contains still the string "linkDown".

So if i clear the intrusion flag and re-enable the port an update of the item "ifOperStatus" happens, the trigger gets recalculated and the string "linkDown" cannot be found anymore, so trigger status changes to OK(0)

UPDATE
Unfortunately it didn't work...at least, not always.

It works correctly when the switch alerts because of port-security, but the intrusion trigger also fires when the interface goes up/down. Everytime the port turns on/off the "intrusion trigger" gets recalculated and now the functions diff, change, abschange behave weird. I assumed, when an item didn't receive an update or new entry, diff, change, abschange always return 0. But that's not the case. If there were no updates, they always return 1 = values are different. Long story short, i'm happy with the following expression now. If i find a better solution, i'll drop a note here

({TRIGGER.VALUE}=0 and {SWITCH:snmptrap[intrusion.item].count(5,"ALERT","like")}=1)
or
({TRIGGER.VALUE}=1 and {SWITCH:snmptrap[ifOperStatus.item].str(linkDown,#1)}=1)

**Sapiens** · 04-08-2021, 09:44

Dear Uturn,

I am very glad to find your post since I want to get notifications when there is an intrusion detection on my HP Switches (like below image from the switch logs).

However I am a newbie on Zabbix and I did not manage to add your scripts in a trigger.

Do you have any more guidance on that?

Any answer you provide is appreciated .

Thanking you in advance

Ad Widget

Trigger: combination of different items (snmptrap)

Trigger: combination of different items (snmptrap)

Comment

Comment

Comment

Comment