When an SNMP trap comes in, I have a macro set up to replace the varbind index information with more descriptive text before it is sent to create an incident ticket. However, it appears unable to use a regular repression within a macro and it has to be a specific string. The intent is in this example 193.183.4.1.3.5.1.4.70, the digit "70" will be any digit, and want the replace function to skip that digit in preprocessing. Using the macro in a REGULAR EXPRESSION preprocessing step works fine to produce indicated output, but using the macro as a REPLACE does not recognize the regex parameter.
MACRO
{$ALERTNAME} = "SNMPv2-SMI::enterprises.193.183.4.1.3.5.1.4.(.*) type=4 value=STRING: (.*)"
REPLACE {$ALERTNAME} = "ERICSSON ALERT"
SNMP TRAP
RAW TRAP - IN
PREPROCESSED REPLACE - OUT
Based on documentation, it appears REPLACE only accepts specific string. Just reaching out to see if there is a known wildcard expression that would work.
MACRO
{$ALERTNAME} = "SNMPv2-SMI::enterprises.193.183.4.1.3.5.1.4.(.*) type=4 value=STRING: (.*)"
REPLACE {$ALERTNAME} = "ERICSSON ALERT"
SNMP TRAP
RAW TRAP - IN
VARBINDS:
DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=5844482
SNMPv2-SMI::enterprises.193.183.4.1.3.5.1.4.70 type=4 value=STRING: "vDicos, Diameter Link Failure"
SNMPv2-SMI::enterprises.193.183.4.1.3.5.1.4.70 type=4 value=STRING: "vDicos, Diameter Link Failure"
PREPROCESSED REPLACE - OUT
VARBINDS:
DISMAN-EVENT-MIB-sysUpTimeInstance type=67 value=5844482
ERICSSON ALERT = "vDicos, Diameter Link Failure"
DISMAN-EVENT-MIB-sysUpTimeInstance type=67 value=5844482
ERICSSON ALERT = "vDicos, Diameter Link Failure"
Based on documentation, it appears REPLACE only accepts specific string. Just reaching out to see if there is a known wildcard expression that would work.
Comment