Ad Widget

Collapse

Regex HELP- extract data from snmp trap to TAG's

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • tfineberg
    Junior Member
    • Sep 2021
    • 7
    #1

    Regex HELP- extract data from snmp trap to TAG's

    I am running Zabbix 5.4.4 and receiving a Zabbix trap and would like to add some info from the trap data to a tag on the trigger.
    The trigger fires off fine but the regex that looks for the string in the item data does not work. It keeps giving me back the complete item data in full in the tag

    Here is a link to the data and a working regex https://regex101.com/r/dCpLnq/1
    In the trigger tag I have put

    Name = XXXXX
    Value = {{ITEM.VALUE}.iregsub("35043.1.1.1201.5.1.2.0 type=4 value=STRING: (\n*.*)"gm, \1)}

    I have tried a bunch of different ways but none work
    {{ITEM.VALUE}.iregsub("35043.1.1.1201.5.1.2.0 type=4 value=STRING: (\n*.*)"gm, \1)}
    {{ITEM.VALUE}.iregsub(35043.1.1.1201.5.1.2.0 type=4 value=STRING: (\n*.*) , \1)}
    {{ITEM.VALUE}.iregsub(35043.1.1.1201.5.1.2.0 type=4 value=STRING: (\n*.*) , \0)}
    {{ITEM.VALUE}.iregsub("35043.1.1.1201.5.1.2.0 type=4 value=STRING: (\n*.*)" , "\1")}
    {{ITEM.VALUE}.iregsub("35043.1.1.1201.5.1.2.0 type=4 value=STRING: (\n*.*)", \1)}
    {ITEM.VALUE}.iregsub(35043.1.1.1201.5.1.2.0 type=4 value=STRING: (\n*.*), \1)



    The issue is the Tag value gets set at (the full snmptrap string)

    DMS NAME: {13:48:47 2021/08/31 PDU INFO:
    requestid 863955185
    errorstatus 0
    errorindex 0
    messageid 0
    receivedfrom UDP: [172.16.1.2]:58447->[10.100.0.13]:162


    And not

    "SOLiD DMS-1200"

    Any help would be much appreciated
    Tags: None
    • tflolo
      Junior Member
      • Feb 2022
      • 5
      #2
      Hey,
      I'm also struggeling with some snmp traps parsing, I have come past the tag part of it. I wanted to tag the equipment that generated the trap so i used this:

      Code:
      {{ITEM.VALUE}.iregsub("SNMPv2-SMI::enterprises\.35642\.1\.2\.2\.1\.1\.2\s=\s(\".*\")", "\1")}
      To extract DAB PA 1 from:

      Code:
      20220207.085428 UDP: [127.0.0.1]:47048->[172.16.238.2]:1162
DISMAN-EVENT-MIB::sysUpTimeInstance = 315569
SNMPv2-MIB::snmpTrapOID.0 = SNMPv2-SMI::enterprises.35642.1.2.0.2
SNMPv2-MIB::sysName.0 = New system
SNMPv2-SMI::enterprises.35642.1.2.2.1.1.6 = 146
SNMPv2-SMI::enterprises.35642.1.2.2.1.1.5 = 3700
SNMPv2-SMI::enterprises.35642.1.2.2.1.1.2 = "DAB PA 1"
SNMPv2-SMI::enterprises.35642.1.2.2.1.1.4 = -200
SNMPv2-SMI::enterprises.35642.1.2.0.0.1.0 = 10
SNMPv2-SMI::enterprises.35642.1.2.2.1.1.3 = 1260
SNMPv2-MIB::snmpTrapEnterprise.0 = SNMPv2-SMI::enterprises.35642
      The tag is on the trigger.

      When I watch the problems view my trigger is tagged with paName: "DAB PA 1"

      Hope it helps, I find zabbix quite hard to grasp, I'm not too familiar with it but maybe there are some tools that can help with writing expressions for triggers etc.


        Comment

        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4807
          #3
          Trying with your example, this is what worked for me to extract that "SOLiD DMS-1200" out of the trap into tag value... The final push seemed to be "\s+" there, until I kept 2 spaces, it was not working.

          {{ITEM.VALUE}.iregsub("35043\.1\.1\.1201\.5\.1\.2\ .0 type=4\s+value=STRING: "(.*?)"", "\1")}

          I was using 4.4... But as Long as I see, syntax for this is same in 5.4...
          Last edited by cyber; 08-02-2022, 11:41.

            Comment

            Previous template Next
            Working...