We have a zabbix that has a snmp listener and receives traps, these same ones go through /etc/zabbix/zabbix_trap_receiver.pl and stores its output in /var/log/zabbix_traps.tmp. A host was created to be able to read these traps and a corresponding trigger. The trigger has a TAG to analyze the alarm ID and I established if it is a problem or a recovery. At the time that a new state is provoked, either a problem or an OK, it triggers the execution of a script to which they are passed the received alarm data is sent via SNMP to a TeMIP server (zabbix works as "forwarder").
Carrying out different tests, we see that having more than one problem alarm simultaneously (for example 3), they arrive correctly to snmptrap (log in /var/log/zabbix_traps.tmp) and then the script is executed with the data of the corresponding alerts. Until here the circuit works correctly. The problem lies when the OKs are established. When solving those 3 "problems" of the detailed example, We verify that the traps arrive correctly to the snmptrap (/var/log/zabbix_traps.tmp), but when the return of the zabbix is established so that the script with the resolutions is then executed and sent to the Temip server, we find the following:
When we send 2 alarms simultaneously or more, the tag that is configured in the trigger, only resolves to "OK" the last event and not the ones that precede it. We believe that this may have to do with the definition of the tagID.
See the capture latest-data.png
you can see that it solves correctly because the clear is the recovery expression
See the capture problems-resolved.png
See the capture trigger.png
This is the output of the action log, after it is resolved and run the script
See the capture action-log.png
Here you can see how the last event is with status ok, but the previous one with problem, when it should have been
result with ok.
TAG_ID to resolve multiple trouble events with OK
{{ITEM.LASTVALUE}.regsub("(?<=enterprises.4100.1.1 type=2 value=INTEGER: )[\w+.-]+", \0)}
Could the problem be here?
We appreciate your cooperation in guiding us to solve this problem.
Thank you.
Carrying out different tests, we see that having more than one problem alarm simultaneously (for example 3), they arrive correctly to snmptrap (log in /var/log/zabbix_traps.tmp) and then the script is executed with the data of the corresponding alerts. Until here the circuit works correctly. The problem lies when the OKs are established. When solving those 3 "problems" of the detailed example, We verify that the traps arrive correctly to the snmptrap (/var/log/zabbix_traps.tmp), but when the return of the zabbix is established so that the script with the resolutions is then executed and sent to the Temip server, we find the following:
When we send 2 alarms simultaneously or more, the tag that is configured in the trigger, only resolves to "OK" the last event and not the ones that precede it. We believe that this may have to do with the definition of the tagID.
See the capture latest-data.png
you can see that it solves correctly because the clear is the recovery expression
See the capture problems-resolved.png
See the capture trigger.png
This is the output of the action log, after it is resolved and run the script
See the capture action-log.png
Here you can see how the last event is with status ok, but the previous one with problem, when it should have been
result with ok.
TAG_ID to resolve multiple trouble events with OK
{{ITEM.LASTVALUE}.regsub("(?<=enterprises.4100.1.1 type=2 value=INTEGER: )[\w+.-]+", \0)}
Could the problem be here?
We appreciate your cooperation in guiding us to solve this problem.
Thank you.
Attached Files