Ad Widget

Collapse

How to filter SNMP Traps

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • rpittom
    Junior Member
    • Sep 2015
    • 5
    #1

    How to filter SNMP Traps

    I'm not sure how to word this correctly but we have an SNMP Trap coming in from a central server which has many nodes. The message looks like this -

    HTML Code:
    13:04:50 2015/12/01 ZBXTRAP 10.78.12.115
PDU INFO:
  notificationtype               TRAP
  version                        0
  receivedfrom                   UDP: [10.78.12.115]:61937->[10.78.12.6]
  errorstatus                    0
  messageid                      0
  community                      public
  transactionid                  820394
  errorindex                     0
  requestid                      0
VARBINDS:
  DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (13061229) 1 day, 12:16:52.29
  SNMPv2-MIB::snmpTrapOID.0      type=6  value=OID: SNMPv2-SMI::enterprises.1214.0.1
  SNMPv2-SMI::enterprises.1214.1.3 type=2  value=INTEGER: 1
  SNMPv2-SMI::enterprises.1214.1.4 type=2  value=INTEGER: 1
  SNMPv2-SMI::enterprises.1214.1.5 type=4  value=STRING: "values for testing"
  SNMPv2-SMI::enterprises.1214.1.6 type=2  value=INTEGER: 18541685
  SNMPv2-SMI::enterprises.1214.1.7 type=4  value=STRING: "test_zbxJCA-Critical"
  SNMPv2-SMI::enterprises.1214.1.8 type=2  value=INTEGER: 11
  SNMPv2-SMI::enterprises.1214.1.9 type=2  value=INTEGER: 3
  SNMPv2-SMI::enterprises.1214.1.10 type=4  value=STRING: "group"
  SNMPv2-SMI::enterprises.1214.1.11 type=4  value=STRING: "svc_acct_dev"
  SNMPv2-SMI::enterprises.1214.1.12 type=4  value=STRING: "servername"
  SNMPv2-SMI::enterprises.1214.1.13 type=4  value=STRING: "servername.domain.com"
  SNMP-COMMUNITY-MIB::snmpTrapAddress.0 type=64 value=IpAddress: 10.78.12.115
  SNMP-COMMUNITY-MIB::snmpTrapCommunity.0 type=4  value=STRING: "public"
  SNMPv2-MIB::snmpTrapEnterprise.0 type=6  value=OID: SNMPv2-SMI::enterprises.1214
    What we want to be able to do is depending on what the value in 1214.1.12 or 1214.1.13 have the action come from that server NOT from the origination of the trap which is another server entirely.

    Right now we have an item which is checking for the following -
    HTML Code:
    snmptrap[1214.1.4 type=2  value=INTEGER: 1$]
    and that calls a trigger which is setup like this -
    HTML Code:
    {Template_App_AppName_SNMP:snmptrap[1214.1.4 type=2  value=INTEGER: 1$].diff(0)}=1 and {Template_App_AppName_SNMP:snmptrap[1214.1.4 type=2  value=INTEGER: 1$].nodata(60)}=0
    The trigger name is currently -
    HTML Code:
    {HOST.NAME}: Tidal trap (Critical)
    Unfortunately HOST.NAME refers to the source of the message where-as we want it to be the value in 1214.1.12/13
    Tags: None
    • Raziel
      Junior Member
      • Apr 2017
      • 1
      #2
      I know this is an old thread, but if you didn't figure it out already, you can solve your problem with Macro Functions.

        Comment

        Previous template Next
        Working...