SNMP traps - prototype items
Hi.
hope someone can help me out with this.
we are running a quite big wireless network with around 5000 cisco APs and ill like to catch those AP that goes down one way or another ( some are looping by hardware/software error )
the traps come from a server running Cisco Prime infrastructure, where our WLC are sign in and sends all its alert to.
from the Prime i setup snmp trap to one of our zabbix proxy server, that are run the snmptrapd service and dump the info to a tmp file and using zabbix_trap_receiver.pl for getting the info into zabbix.. all that is working as it should (i think because i can see the trap under last data).
my problem is to get prototype items to create items per. AP and clear them if zabbix received another trap on the same AP with a clear message (when AP is getting online again)
first lets start with a trap with AP down keep in mind that all traps comes from the same host:
in this trap i want to create a trigger on one thing and that is marked with green, every AP that comes in with applicationCategoryData=AP_DISASSOCIATED is down and should be created an items/trigger named what text is marked with red, in this case it named "APe4d3.f11e.84XX". the reason for items creations is that if the AP comes up again it will clear the critical trigger and the AP only restarted= no problem.
snmptrap clear:
-------
if the AP comes up again Prime is sending a new snmptrap that should clear the critical trigger that have been created, i dont have a trap on the AP above.
so i want to clear the trap where the AP is down with this one trap, and i want to catch on applicationCategoryData=LWAPP_AP_IF_UP because the AP see the marked with green.
for grouping the trigger to an already existing item i look for the AP name - as in this case are marked with red 012-09-07-094T39UK-AP16.
i tried to make some items key under prototype items in a template but without any luck - now im stuck and need some help, maybe im doing it completely wrong :/
here is a regular expression on the item key - but i already now know it doesn't catch the snmptrap sends a clear
snmptrap["(applicationCategoryData(AP_DISASSOCIATED|LWAPP_A P_IF_UP))(description=AP[[:space:]])*{#SNMPVALUE}"]
i did try to only create a item on the template with this item key and that works for both up and down:
snmptrap["(applicationCategoryData=(AP_DISASSOCIATED|LWAPP_ AP_IF_UP))"]
need more information let me know and ill dig it out
best regards
Martin Nicolaisen
hope someone can help me out with this.
we are running a quite big wireless network with around 5000 cisco APs and ill like to catch those AP that goes down one way or another ( some are looping by hardware/software error )
the traps come from a server running Cisco Prime infrastructure, where our WLC are sign in and sends all its alert to.
from the Prime i setup snmp trap to one of our zabbix proxy server, that are run the snmptrapd service and dump the info to a tmp file and using zabbix_trap_receiver.pl for getting the info into zabbix.. all that is working as it should (i think because i can see the trap under last data).
my problem is to get prototype items to create items per. AP and clear them if zabbix received another trap on the same AP with a clear message (when AP is getting online again)
first lets start with a trap with AP down keep in mind that all traps comes from the same host:
Code:
14:50:35 2016/10/24 ZBXTRAP 10.cc.cc.206
PDU INFO:
notificationtype TRAP
version 1
receivedfrom UDP: [10.cc.cc.206]:14953->[10.cc.cc.100]:162
errorstatus 0
messageid 0
community XXXXXX
transactionid 341008
errorindex 0
requestid 794732325
VARBINDS:
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (164890549) 19 days, 2:01:45.49
SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: SNMPv2-SMI::enterprises.9.9.712.0.1
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.2.0 type=4 value=Hex-STRING: 07 E0 0A 03 0F 20 30 02 2B 00 00
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.3.0 type=4 value=Hex-STRING: 07 E0 0A 18 0C 33 25 07 2B 00 00
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.4.0 type=4 value=STRING: "UnifiedAp!84:78:ac:b8:88:XX"
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.5.0 type=2 value=INTEGER: 2
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.6.0 type=4 value=STRING: "AP disassociated from controller"
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.7.0 type=2 value=INTEGER: 1
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.8.0 type=4 value=Hex-STRING: 0A F7 F8 0D
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.9.0 type=4 value=STRING: "APe4d3.f11e.84XX,84:78:ac:b8:88:XX"
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.10.0 type=4 value=STRING: "AP 'APe4d3.f11e.84e2' disassociated from Controller '10.cc.cc.13'."
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.11.0 type=2 value=INTEGER: 3
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.12.0 type=4 value=STRING: "reportingEntityAddress=10.cc.cc.13, causingAlarmId=0, notificationState=0, srcObjectClassId=-1906840627, displayName=APe4d3.f11e.84XX,84:78:ac:b8:88:XX, authEntityClass=-1906840627, description=AP '[COLOR="red"]APe4d3.f11e.84XX[/COLOR]' disassociated from Controller '10.cc.cc.13'., srcObjectBusinessKey=8e57ebcd[84:78:ac:b8:88:XX], eventCount=1, source=UnifiedAp!84:78:ac:b8:88:XX, instanceId=12517370387, instanceVersion=0, mayBeAutoCleared=false, alarmCreationTime=03 Oct 2016 13:32:48 UTC, sourceMacAddress=84:78:ac:b8:88:XX, srcObjectId=3072075, [COLOR="green"]applicationCategoryData=AP_DISASSOCIATED[/COLOR], generatedBy=Controller, authEntityId=3072075, notificationDeliveryMechanism=SNMP_TRAP, severity=3, isDeviceMaster=false, eventType=AP_DISASSOCIATED, previousSeverity=CLEARED, lastModifiedTimestamp=24 Oct 2016 12:51:37 UTC, alarmDisplayable=true, applicationSpecificAlarmID=UnifiedAp!84:78:ac:b8:88:XX, instanceUuid=a0c2fa34-6969-45d0-928c-290c7dac5c58, isAcknowledged=false, subclassName=WiredWirelessAlarm, category=AP(1), transientNameValue={}"
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.14.0 type=4 value=""
snmptrap clear:
-------
if the AP comes up again Prime is sending a new snmptrap that should clear the critical trigger that have been created, i dont have a trap on the AP above.
Code:
12:04:23 2016/10/14 PDU INFO:
notificationtype TRAP
version 1
receivedfrom UDP: [10.cc.cc.206]:14953->[10.cc.cc.100]:162
errorstatus 0
messageid 0
community XXXXX
transactionid 67887
errorindex 0
requestid 408097136
VARBINDS:
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (77491749) 8 days, 23:15:17.49
SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: SNMPv2-SMI::enterprises.9.9.712.0.1
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.2.0 type=4 value=Hex-STRING: 07 E0 09 12 16 22 06 03 2B 00 00
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.3.0 type=4 value=Hex-STRING: 07 E0 0A 0E 0A 05 09 04 2B 00 00
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.4.0 type=4 value=STRING: "OperStatus_LradIf!04:da:d2:4f:8e:XX!1"
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.5.0 type=2 value=INTEGER: 2
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.6.0 type=4 value=STRING: "Radio administratively up and operationally down"
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.7.0 type=2 value=INTEGER: 1
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.8.0 type=4 value=Hex-STRING: 0A F7 F8 08
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.9.0 type=4 value=STRING: "AP 012-09-07-094T39UK-AP16, Interface 802.11a/n"
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.10.0 type=4 value=STRING: "'802.11a/n' interface of AP '012-09-07-094T39UK-AP16' associated to controller '202-DCO-WiSM2-04 (10.cc.cc.8)' is up."
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.11.0 type=2 value=INTEGER: 1
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.12.0 type=4 value=STRING: "reportingEntityAddress=10.cc.cc.8, causingAlarmId=0, notificationState=0, srcObjectClassId=-473649372, displayName=AP 012-09-07-094T39UK-AP16, Interface 802.11a/n, authEntityClass=-1906840627, description='802.11a/n' interface of AP '[COLOR="red"]012-09-07-094T39UK-AP16[/COLOR]' associated to controller '202-DCO-WiSM2-04 (10.cc.cc.8)' is up., srcObjectBusinessKey=e3c4af24[04:da:d2:4f:8e:XX,1], eventCount=1, source=LradIf!04:da:d2:4f:8e:XX!1, instanceId=12092515281, instanceVersion=0, mayBeAutoCleared=false, alarmCreationTime=18 Sep 2016 20:34:06 UTC, sourceMacAddress=04:da:d2:4f:8e:XX, srcObjectId=10801223586, [COLOR="green"]applicationCategoryData=LWAPP_AP_IF_UP[/COLOR], generatedBy=Controller, authEntityId=11203400579, notificationDeliveryMechanism=SNMP_TRAP, severity=1, isDeviceMaster=false, eventType=RADIO_ADMIN_UP_OPER_DOWN, previousSeverity=CRITICAL, lastModifiedTimestamp=14 Oct 2016 10:05:09 UTC, alarmDisplayable=true, applicationSpecificAlarmID=OperStatus_LradIf!04:da:d2:4f:8e:XX!1, instanceUuid=a59d9c05-1b60-4634-9872-f5f39e7652d9, isAcknowledged=false, subclassName=WiredWirelessAlarm, category=AP(1), transientNameValue={}"
SNMPv2-SMI::enterprises.9.9.712.1.1.2.1.14.0 type=4 value=""
for grouping the trigger to an already existing item i look for the AP name - as in this case are marked with red 012-09-07-094T39UK-AP16.
i tried to make some items key under prototype items in a template but without any luck - now im stuck and need some help, maybe im doing it completely wrong :/
here is a regular expression on the item key - but i already now know it doesn't catch the snmptrap sends a clear
snmptrap["(applicationCategoryData(AP_DISASSOCIATED|LWAPP_A P_IF_UP))(description=AP[[:space:]])*{#SNMPVALUE}"]
i did try to only create a item on the template with this item key and that works for both up and down:
snmptrap["(applicationCategoryData=(AP_DISASSOCIATED|LWAPP_ AP_IF_UP))"]
need more information let me know and ill dig it out
best regards
Martin Nicolaisen
Comment