Ad Widget

**markfree** · 24-02-2023, 14:30

I've changed some things.

Considering the SNMP trap value:

Code:

SNMPv2-SMI::enterprises.1729.100.1.10.12.0 type=4 value=STRING: "service:server is DOWN"

The template trigger expressions are:

Event name: Service is down - {{ITEM.VALUE}.iregsub("value=STRING: "(.*):server is DOWN"",\1)}
Problem: find(/System SnmpV2/snmptrap["\.1729\.104\.0\.4"],#1,"regexp",":server is DOWN"")=1
Recovery: find(/System SnmpV2/snmptrap["\.1729\.104\.0\.3"],#1,"regexp",":server is UP"")=1

I've added a tag in the trigger witch resolves to the service name.

Name: Service
Value: {{ITEM.VALUE}.iregsub("value=STRING: "(.*):server is DOWN"",\1)}

The trigger is now considering the "tag for matching" OK event.

PROBLEM event generation mode: Multiple
OK event closes: All problems if tag values match
Tag for matching: Service

Now, whenever a Down trap is received, the event is fired and I can see the alarm with the correct service name and Service tag value.

Still, when an UP trap is received for the same service, the event is not resolved.

What could be the issue?

**markosa** · 25-04-2023, 07:18

Perhaps it's because of using "#1" in find, I think it means "use most recent value" which is for ....0.4 as DOWN and ...0.3 as UP, same time. I've strugled with same issue, even when not using "#1" in find but instead using time value(1 or 2s), it's quite random when you get ack for trigger and when you won't.

**cyber** · 25-04-2023, 10:38

Originally posted by markfree

Now, whenever a Down trap is received, the event is fired and I can see the alarm with the correct service name and Service tag value.

Still, when an UP trap is received for the same service, the event is not resolved.

What could be the issue?

You are using 2 items here... item1 (/System SnmpV2/snmptrap["\.1729\.104\.0\.4") for generating a problem and item2 (/System SnmpV2/snmptrap["\.1729\.104\.0\.3") as additional condition, that has to be true, when trigger expression has turned false... Do you see your issue? Your initial item1 based expression is not turning False ever.... you only get those similar "server is DOWN" values there... look into item history. Your recovery expression will not even be considered...

Expression

Logical expression used to define the conditions of a problem.
A problem is created after all the conditions included in the expression are met, i.e. the expression evaluates to TRUE. The problem will be resolved as soon as the expression evaluates to FALSE, unless additional recovery conditions are specified in Recovery expression.

Recovery expression

Logical expression (optional) defining additional conditions that have to be met before the problem is resolved, after the original problem expression has already been evaluated as FALSE.
Recovery expression is useful for trigger hysteresis. It is not possible to resolve a problem by recovery expression alone if the problem expression is still TRUE.
This field is only available if 'Recovery expression' is selected for OK event generation.

**markfree** · 27-04-2023, 01:54

Oh, I see what you mean.
I guess that the "after the original problem expression has already been evaluated as FALSE" condition is the limiting factor in my scenario.

Fortunately, the monitored system has another similar trap for the same behavior. So, I had to change the item logic to make it work.

Thank you.

Ad Widget

Capture and distinguish value in trigger

Capture and distinguish value in trigger

Comment

Comment

Comment

Comment