|
|
| Subject: | Avamar Transform not matching severity |
| Author: | Dale Lashley |
| Posted: | 2016-11-18 10:43 |
#Avamar MIB Transform mib = re.search("snmp trap 1.3.6.1.4.1.15597.1.1.1.1.1", evt.summary) if mib: #Break down MIB to select only relevant portions for alerts time = getattr(evt,'1.3.6.1.4.1.15597.1.1.1.2.2') #Time of event classification = getattr(evt,'1.3.6.1.4.1.15597.1.1.1.2.3') #Class of event message = getattr(evt,'1.3.6.1.4.1.15597.1.1.1.2.5') #Message of event severity = getattr(evt,'1.3.6.1.4.1.15597.1.1.1.2.1') #Avamar error event number component = getattr(evt,'1.3.6.1.4.1.15597.1.1.1.2.4') #Component of event critical = [1,4602,22310,22629,22704,22716,30974,50001,50005,50006,50007,50011,50012,50014,50015,50034,50194] #Critical Alert Numbers error = [4603,22354,30010,30900,30901,30929,30931,30951,30958,30960,30968,30998,30999] #Error Alert Numbers warning = [4004,4202,4302,4700,4710,4720,4730,4740,4750,4760,4770,4773,4776,4779,4783,4789,22408,22409,22415, 22416,22605,22609,22614,22630,22631,22632,22635,22644,22646,22801,30975] #Warning Alert Numbers information = [54,56,4200,4201,4300,4301,4600,4601,21005,21006,21010,22207,22208,22209,22210,22211,22212,22213, 22214,22215,22216,22217,22218,22219,22220,22221,22237,22243,22301,22305,22308,22309,22312,22315, 22316,22317,22318,22319,22320,22321,22322,22323,22324,22325,22326,22327,22328,22329,22330,22331, 22332,22333,22334,22335,22336,22337,22338,22339,22340,22341,22342,22343,22344,22345,22346,22347, 22348,22349,22351,22352,22353,22355,22371,22372,22373,22382,22405,22406,22441,22512,22513,22519, 22520,22523,22527,22529,22533,22534,22535,22553,22555,22556,22608,22610,22612,22615,22624,22626, 22637,22639,22641,22800,22802,22803,22901,22902,22903,22916,22918,23025,23100,23101,23102,23103, 23104,23105,23106,23107,24002,24004,24005,24008,24010,30934,30935,30936,30937,30938,30939,30952, 30953,30954,30955,30956,30957,30967,30969,31015,31019,31072,31073,31074,31076,31078,31081,31082, 31084,31085,31087,31089,31090,31092,31093,31095,50193,50195,55000,55002,55004,55006,55010,55012, 55014,55016,55018,55020] #Information Alert Numbers if severity in critical: newSeverity = 5 #Set Zenoss Critical elif severity in error: newSeverity = 4 #Set Zenoss Error elif severity in warning: newSeverity = 3 #Set Zenoss Warning elif severity in information: newSeverity = 2 #Set Zenoss Informational evt.summary = "Avamar Alert" #Set summary to a readable conversion evt.message = time+' '+message #Set message as the correct OID from trap evt.severity = newSeverity #Set severity to match source evt.component = component+' '+classification #Set type as component
What this transform does is read the avamar event codes as it sends traps and produces and alert based off those numbers as set in the transform. However its not working it does not match the number even though it will produce it.| Subject: | The problem is that ALL event |
| Author: | Jane Curry |
| Posted: | 2016-11-18 11:00 |
The problem is that ALL event attributes are actually strings - even if they "look" like numbers. If you change your line:
severity = getattr(evt,'1.3.6.1.4.1.15597.1.1.1.2.1') #Avamar error event number
to
severity = int(getattr(evt,'1.3.6.1.4.1.15597.1.1.1.2.1')) #Avamar error event number
That should then allow it to match with your lists of severity numbers.
Cheers,
Jane
Email: jane.curry@skills-1st.co.uk Web: https://www.skills-1st.co.uk
| < |
Previous Device status of "UP" is inaccurate |
Next Integrate Zenoss 5 with Grafana 4 |
> |