Hi nikl15, did you get anywhere with this? I'm in a similar boat where I want to make sure I issue the right trigger based on Varbinds, and struggling " a little" with the concept of how to do it!

I worked with this things. All depends to what extend you want to parse it.

Tools that can be used for working with such are: macros (mainly ITEM.VALUE to get data from actual item) paired with macro functions (to extract only specific values of specific varbinds), tags (to store extracted values and use it in different places), trigger event correlation (to close specific instances of trigger based on matching tags)

Overall it highly depends on how much effort you want to put, what are the end requirement and how sophisticated you want to make the triggers. Some common ideas and general direction of implementation:

If you want to differentiate severities based on varbind:
add the following to trigger expression
assign warning severity.
Create a copy of trigger, in find function change Minor to next level of severity, change Zabbix severity to average. Repeat as many times as needed.

If you want to distinguish between ports based on varbind:
Add a tag to trigger with something like (not exact syntax):
Name: Port
Value: {{ITEM.VALUE}.regsub("Port=([0-9]+), \1)
Add same macro function to trigger name to be able to distinguish between alert instances
OK event generation: recovery expression
Recovery expression: figure out which varbind responsible for indication of resolved issue and write expression that fits based on that
PROBLEM event generation mode: multiple (be sure to ensure that trigger will not create a spam of alerts)
OK event closes: All problems if tag values match
Tag for matching: specify tag created above (Port)

Matching trap to host based on varbind inside of Zabbix is likely impossible (I did not find a way to do it in Zbx v5-6) but it is possible before trap enters Zabbix. If you setup snmp trap handling from scratch, you know traps don't enter Zabbix directly but pass through trap handler (in my case we were using perl script). By doing a bit of creative coding in that script you can replace value of host that is logged into trap log file from actual source IP trap arrived to value of one of varbinds. Then Zabbix will be matching that varbind IP value to host present in Zabbix (so you would need to have all hosts that device can report in varbind to be created in Zabbix or traps would be ignored).

if you need more details - write more detailed info what you want to achieve and samples of incoming data. Maybe me or some one else would be able (and willing?) to help at that time. Overall it's not that complicated once you did it once or trice, but first time might be a bit overwhelming... depends how much and to what extent you worked with Zabbix prior.

Regexing will be your biggest friend.. All the matching in items and triggers and regsubbing the values out for event names and tags etc...

Thank you very much ISiroshtan and cyber - That's exactly where I was beginning to head to.

It's an interesting concept of trying to seperate traps by varbind in the original regex, or using triggers based on the contents of the entire trap: for example, we're looking at a single trap that as a varbind includes a "success" or "failure" state.
I was considering creating individual items as a "Item.Success" and a "Item.Failed" binary states, making it simplier on the database/graphing, or creating a trigger for "trap contains success/failure".

I've certainly realised that there is a lot in the "generic, inbuilt" templates for many devices that are just that, and the time to develop them further is going to be "huge", but i may suggest a modification to the trap wiki to support an example of doing these.. as well as talk internally to see if the business time i spend on creating complex templates can be donated back to the wider Zabbix community through releasing them back to the web...

It's also highlighted that i've got a couple of mib lookup problems .. sigh.