|
|
| Subject: | Zenoss 4.2.5 return one event for multiple snmp trap |
| Author: | [Not Specified] |
| Posted: | 2015-11-09 07:59 |
Hi all,
I have setup a Zenoss server 4.2.5 with latest patch to receive the SNMP trap on CentOS 6. The idea is to accept the interface up/down from network equipment and notify the administrator. Due to our network device will send the multiple SNMP trap to Zenoss at the same time, I found Zenoss usually merge those TRAP as one event. Here is the example.
Nov 9 22:51:17.186 2015 firewall mib2d[1234]: %DAEMON-4-SNMP_TRAP_LINK_DOWN: ifIndex 5678, ifAdminStatus down(2), ifOperStatus down(2), ifName xyz.10001
Nov 9 22:51:17.187 2015 firewall mib2d[1234]: %DAEMON-4-SNMP_TRAP_LINK_DOWN: ifIndex 5678, ifAdminStatus down(2), ifOperStatus down(2), ifName xyz.10001
Nov 9 22:51:36.781 2015 firewall mib2d[1234]: %DAEMON-4-SNMP_TRAP_LINK_DOWN: ifIndex 123, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/1
From the Zenoss event, I found the following event detail.
ifIndex 5678
ifIndex.5678 5678
ifIndex.123 123
ifName xyz.10001
ifName.5678 xyz.10001
ifName.123 ge-0/0/1
As my primary goal is to filter the event which only includes blank or xyz type interface. So I write an event transform to examine any value start with "ifIndex" and then display the relevant information in the notification content.
However, what I am struggling is the value of details._map.keys does not return " ifIndex.123" & " ifName.123". I Tried to get all value with the below command in event transform.
for d in evt.details._map.keys():
evt.message = evt.message + " @ " + d
It would be appreciate that someone could advise how to further list all variable in SNMP TRAP message, any further debug I could perform for troubleshooting Thanks.
Jacky
| Subject: | Read another thread and |
| Author: | [Not Specified] |
| Posted: | 2015-11-09 09:35 |
Read another thread and notice it could be separated by the even transform, anybody could guide me for that Many thanks.
http://community.zenoss.org/message/73671#73671
Rgds,
Jacky
| Subject: | Pull my Zenoss Event |
| Author: | Jane Curry |
| Posted: | 2015-11-10 14:51 |
Pull my Zenoss Event Management paper from http://www.skills-1st.co.uk/papers/jane/zenoss4-events/ . There are some discussions in that about getting the trap varbinds to use in transforms.
Cheers,
Jane
Email: jane.curry@skills-1st.co.uk Web: https://www.skills-1st.co.uk
| Subject: | Hi Jane, |
| Author: | [Not Specified] |
| Posted: | 2015-11-11 08:32 |
Hi Jane,
Thanks and I read section 9.6. However, when I create the event transform with the following statement. It seems cannot read all of the ifName or IfIndex detail or value.
forattrinevt.details._map.keys():
evt.message = evt.message + " @ " + attr
For example, there are three ifName and IfIndex in the event. It only returns one record of ifName and IfIndex from the evt.details._map.keys():
For my case, it is not necessary separate the event to different evid, however, I need to examine all ifIndex in the event. Do you have any idea about this. Million thanks.
Rgds,
Jacky
| Subject: | Hi Jacky, |
| Author: | Jane Curry |
| Posted: | 2015-11-15 12:21 |
Hi Jacky,
I started with the /Net/Link event class, copied the mapping transform from snmp_linkDown. I created a new class, /Net/Link/taplow-11 with a taplow-11 mapping with a rule for my test device saying device.id == 'taplow-11.skills-1st.co.uk' . Make sure the eventClassKey is still snmp_linkDown and set the sequence number so the test mapping has precedence over the original one. Then copy the transform from the original mapping to your test one.
I then added to the end of the transform to add all the event details attributes and values to evt.message (used message as summary only has 255 chars before it truncates.
if_index_str = getattr(evt.details, "ifIndex", None)
if if_index_str is not None and device is not None:
if_index = int(if_index_str)
for interface in device.os.interfaces():
if interface.ifindex == if_index:
evt.component = interface.id
for attr in evt.details._map.keys():
if attr.startswith('if'):
try:
evt.myFieldValue = 'attr is ' + attr + ' value is ' + evt.details.get(attr)
except:
evt.myFieldValue = 'except clause ' + join(list(evt.details.getAll(attr)))
continue
evt.message = evt.message + " " + evt.myFieldValue
break
Sorry - I know the whitespace is all screwed-up / non-existent. Really don't know how to preserve whitespace in this forum tool.
So the extra stuff starts at "for attr in evt.details._map.keys():"
It's not pretty or elegant but my evt.message has:
snmp trap snmp_linkDown attr is ifAdminStatus value is 1 attr is ifOperStatus.3 value is 2 attr is ifIndex.3 value is 3 attr is ifOperStatus value is 2 attr is ifIndex value is 3 attr is ifAdminStatus.3 value is 1
Does that help
Cheers,
Jane
Email: jane.curry@skills-1st.co.uk Web: https://www.skills-1st.co.uk
| < |
Previous Zennos 4.2.5 Notifications on process start |
Next 4.2.5 SMTP Username and Password cannot be removed |
> |