Ad Widget

Collapse

Multiple regex strings to trigger name

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Martin Law
    Junior Member
    • Feb 2021
    • 15
    #1

    Multiple regex strings to trigger name

    Hi,

    i need some help with regex en regsub within zabbix. I'd like to take multiple strings (from multiple varbinds) and use them in a single trigger name.
    So total trigger name:
    "AP Connection Lost: Tielt-Jeugd 03 - Jeugd3 1eV grote zaal - 172.24.102.151"

    i have the following SNMP trap:

    Code:
    10:40:31 2023/04/07 PDU INFO:
  transactionid                  45025468
  requestid                      253388664
  receivedfrom                   UDP: [REDACTED]:40077->[REDACTED]:162
  messageid                      0
  notificationtype               TRAP
  errorstatus                    0
  community                      xxxxxxxxxxxxxxx
  errorindex                     0
  version                        1
VARBINDS:
  iso.3.6.1.2.1.1.3.0            type=67 value=Timeticks: (145642000) 16 days, 20:33:40.00
  iso.3.6.1.6.3.1.1.4.1.0        type=6  value=OID: iso.3.6.1.4.1.25053.2.10.1.23
  iso.3.6.1.4.1.25053.2.10.2.13.0 type=4  value=STRING: "Major"
  iso.3.6.1.4.1.25053.2.10.2.14.0 type=4  value=STRING: "apConnectionLost"
  iso.3.6.1.4.1.25053.2.10.2.25.0 type=4  value=STRING: "Tielt-Jeugd 03"
  iso.3.6.1.4.1.25053.2.10.2.23.0 type=4  value=STRING: "C8:08:73:07:F4:B0"
  iso.3.6.1.4.1.25053.2.10.2.26.0 type=4  value=STRING: "172.24.102.151"
  iso.3.6.1.4.1.25053.2.10.2.27.0 type=4  value=""
  iso.3.6.1.4.1.25053.2.10.2.29.0 type=4  value=STRING: "Jeugd3 1eV grote zaal"
  iso.3.6.1.4.1.25053.2.10.2.28.0 type=4  value=""
  iso.3.6.1.4.1.25053.2.10.2.30.0 type=4  value=STRING: "Tielt-6.1"
  iso.3.6.1.4.1.25053.2.10.2.10.0 type=4  value=STRING: "303"
  iso.3.6.1.4.1.25053.2.10.2.35.0 type=4  value=""​
    I'd like to get info from multiple lines into a trigger but i'm struggling to make it work. I'm very new to regex and i've tried some online testers with no luck.
    The values of 25.0, 26.0 and 29.0 should be in the trigger so that we have an idea of wich access point is lost. All i can come up with is the entire textblock in the triggername, wich offcourse is not very nice on the eye .

    It doesn't help that i cannot test the syntax within zabbix. The tools i tried online dont work for me (regex101 and regextester.com), not even with other regex that we allready use in zabbix that work.

    I have this trigger name at the moment "AP Connection Lost (Test trap Ruckus) - {{ITEM.VALUE}.regsub("iso.3.6.1.4.1.25053.2.10.2.2 5.0 type=4 value=STRING:"\s \1)}" but that just displays the entire trap block as displayed above.

    Any help is greatly appreciated.
    Tags: None
    • markfree
      Senior Member
      • Apr 2019
      • 868
      #2
      I think you are going in the right path.
      By using Macro Functions, you can extract data from your item.

      In your example, it seems there's a misplaced quote and a comma. You could try something like this:
      Code:
      {{ITEM.VALUE}.regsub("25053.2.10.2.25.0 type=4 value=STRING: \"(.*)\"", \1)}
      You will need to repeat the Macro Function a couple of times to extract the required data.

      Also, RegexR seems to be working fine for this example.

      The Preprocessing test could also help to test items' regex.

        Comment

        • Martin Law
          Junior Member
          • Feb 2021
          • 15
          #3
          Originally posted by markfree
          I think you are going in the right path.
          By using Macro Functions, you can extract data from your item.

          In your example, it seems there's a misplaced quote and a comma. You could try something like this:
          Code:
          {{ITEM.VALUE}.regsub("25053.2.10.2.25.0 type=4 value=STRING: \"(.*)\"", \1)}
          You will need to repeat the Macro Function a couple of times to extract the required data.

          Also, RegexR seems to be working fine for this example.

          The Preprocessing test could also help to test items' regex.
          Hi markfree, thanks for the reply, RegExr works indeed to test the syntax. It seems allso that i needed backslashes before the . characters.
          However, i think it must be something i'm doing wrong in zabbix. I've gotten the regex working on RegExr for 1 line, but when i put that in zabbix it still displays the entire item value with the regsub code behind it (see screenshots)

          I've tried so many different options, I'm lost here...
          Is this a bug in zabbix or am i doing something wrong?

          Click image for larger version Name: regexr.png Views: 1496 Size: 146.8 KB ID: 462785

          Click image for larger version Name: 2023-04-11 17_22_08-Window.png Views: 1500 Size: 28.0 KB ID: 462786

          Click image for larger version Name: 2023-04-11 17_23_06-Window.png Views: 1517 Size: 30.5 KB ID: 462787
          Attached Files

            Comment

            • markfree
              Senior Member
              • Apr 2019
              • 868
              #4
              Looking at your screenshots, again, you seem to be missing some quotes as well as the Regsub output.
              ​Check the Regsub function syntax on the Macro Functions documentation.

                Comment

                • Martin Law
                  Junior Member
                  • Feb 2021
                  • 15
                  #5
                  Originally posted by markfree
                  Looking at your screenshots, again, you seem to be missing some quotes as well as the Regsub output.
                  ​Check the Regsub function syntax on the Macro Functions documentation.
                  Hi, you are correct. I was missing that in the screenshot. I've fixed that but then the result is empty. I've added \0 wich should be the matched text according to the documentation, so it seems that there is no match, but the expression is valid on RegExr.
                  To test i allso added \2 and \3 in the case zabbix had different capturegroups but hose are allso empty.

                  Click image for larger version Name: 2023-04-12 09_10_34-Window.png Views: 1493 Size: 38.0 KB ID: 462820

                  Click image for larger version Name: 2023-04-12 09_05_45-Window.png Views: 1485 Size: 13.3 KB ID: 462821

                    Comment

                    • markfree
                      Senior Member
                      • Apr 2019
                      • 868
                      #6
                      Based on your first trap example and considering that you need some values inbetween double quotes on multiple lines, you may need to use the "regsub" function multiple times.

                      If your trap does not change its content spacing, the previous expression with fixed spacing and dots will probably work out.

                      See if this works:
                      Code:
                      AP Connection Lost: {{ITEM.VALUE}.regsub("25053\.2\.10\.2\.25\.0 type=4\s+value=STRING: \"(.*)\"", \1)} - {{ITEM.VALUE}.regsub("25053\.2\.10\.2\.29\.0 type=4\s+value=STRING: \"(.*)\"", \1)} - {{ITEM.VALUE}.regsub("25053\.2\.10\.2\.26\.0 type=4\s+value=STRING: \"(.*)\"", \1)}
                      Note that the only changing value is the line OID number.

                        Comment

                        • Martin Law
                          Junior Member
                          • Feb 2021
                          • 15
                          #7
                          Hi Mark,

                          Thanks for you r reply's and your efforts, but it still does not work.
                          i've tried countless combonations and ways to get this working with working examples from Regexr, and literally only 1 out of 40+ worked.

                          The one that worked (somewhat) catches all strings between double quotes, and creates a seperate group for each match. This works in zabbix, but only for the first capture group.
                          {{ITEM.VALUE}.regsub(""([^"]+)"", \0 \1 \2 \3)}

                          Regexr test: 3 matches

                          Click image for larger version Name: 2023-04-18regexr.png Views: 1451 Size: 50.3 KB ID: 463157

                          Zabbix testvalue trigger result: Only 1 match instead of 3

                          Click image for larger version Name: 2023-04-18 zabtrig.png Views: 1458 Size: 7.1 KB ID: 463159

                          Value in zabbix for reference
                          Click image for larger version Name: 2023-04-18 testval.png Views: 1466 Size: 17.6 KB ID: 463158


                          I can only conclude that zabbix does not support the global mode or uses another syntax or whatever, because this makes no sense to me.
                          ALL of 40+ other did not work and gave a no match result. And i know that there are no syntax errors in them because then it displays the full text as posted before instead of a no match(empty trigger name).

                          Since its no use for me to only be able to use the first capture group i'm about to give up on this and will probably send the traps to something like this (https://github.com/phpipam/php-snmptraps) to recieve the traps and resend them with a custom script with zabbix sender or something not sure yet if its worth the effort. i might just leave the entire trap in the trigger name depending on what my manager decides, but the amount of hours spent on this is not really worth the trouble to be honest.

                          Again thanks for you efforts to help me.

                          Attached Files

                            Comment

                            • markfree
                              Senior Member
                              • Apr 2019
                              • 868
                              #8
                              Indeed, Macro Functions do not support multiline matching.

                              Testing with Regexr, to match Zabbix "regsub" function, you should switch to PCRE engine and turn off the global flag (/g). This way, only the first match will be found.

                              Because of this, you may need to use the "regsub" function multiple times as I mentioned previously.

                                Comment

                                • metcris
                                  Junior Member
                                  • Jun 2023
                                  • 1
                                  #9
                                  Hello!

                                  try this...

                                  Greetings!​


                                  Click image for larger version Name: regex.jpg Views: 1432 Size: 185.6 KB ID: 465647

                                    Comment

                                    • GarrettCO
                                      Member
                                      • Jan 2024
                                      • 44
                                      #10
                                      This is a very similar issue that I am going to have with multi line SNMP traps. Right now just trying to get the trap to show as a problem with a simple test. But this is good to know and see.

                                      I assume the following code needed to be in the Express Name field

                                      Code:
                                      AP Connection Lost: {{ITEM.VALUE}.regsub("25053\.2\.10\.2\.25\.0 type=4\s+value=STRING: \"(.*)\"", \1)} - {{ITEM.VALUE}.regsub("25053\.2\.10\.2\.29\.0 type=4\s+value=STRING: \"(.*)\"", \1)} - {{ITEM.VALUE}.regsub("25053\.2\.10\.2\.26\.0 type=4\s+value=STRING: \"(.*)\"", \1)}​

                                        Comment

                                        Previous template Next
                                        Working...