Re: Sitescope Template SNMP (333 Views)
Reply
Advisor
preyes
Posts: 29
Registered: ‎10-05-2012
Message 1 of 7 (390 Views)

Sitescope Template SNMP

Using SNMP template in Sitescope SNMP Trap Alerting,  how can I specify the type of the OID (string, ip_address, integer, octet-string,octet-hex)

 

[OID: .1.3.6.1.4.1.11937.1.46.10]<value>
[OID: .1.3.6.1.4.1.11937.1.42.1.3.1]<value2>
[OID: .1.3.6.1.4.1.11937.1.42.1.3.2]<value3>

 

 

 

Please use plain text.
HP Expert
jmmirchev
Posts: 454
Registered: ‎09-14-2012
Message 2 of 7 (378 Views)

Re: Sitescope Template SNMP

Hi ,

 

 Why wloud you need to specfy the type ?

Check if the following article would help : http://support.openview.hp.com/selfsolve/document/KM173476 .

 

Yordan


Yordan Mirchev
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
Please use plain text.
Advisor
preyes
Posts: 29
Registered: ‎10-05-2012
Message 3 of 7 (370 Views)

Re: Sitescope Template SNMP

I am sending the trap and the receiver is expecting it to be in asn_ipaddress format

 

From sitescope the ip address I am passing (.1.3.6.1.4.1.11937.1.46.10 ) is received as an octetstring

 

.1.3.6.1.4.1.11937.1.46.10 (asn_octetstring)

rcdtest01

.1.3.6.1.4.1.11937.1.42.1.3.1 (asn_octetstring)

DEV/4/FAN_FAILED

.1.3.6.1.4.1.11937.1.42.1.3.2 (asn_octetstring)

test fan down

cia.snmpoid (String)

.1.3.6.1.4.1.11937.0.1

cia.address (String)

45.32.65.135

cia.originaladdress (String)

45.32.65.135

 

 

Where as if I do a manual SNMP trap using the following its received correctly as I expected.

 

/usr/bin/snmptrap -v 2c -c public mgmt.server.name:162 '' .1.3.6.1.4.1.11937.0.1 .1.3.6.1.4.1.11937.1.42.1.3.1 s "DEV/4/FAN_FAILED" .1.3.6.1.4.1.11937.1.42.1.3.2 s "testing " .1.3.6.1.4.1.11937.1.46.10 a 45.33.2.2

 

 

.1.3.6.1.4.1.11937.1.42.1.3.1 (asn_octetstring)

DEV/4/FAN_FAILED

.1.3.6.1.4.1.11937.1.42.1.3.2 (asn_octetstring)

testing

.1.3.6.1.4.1.11937.1.46.10 (asn_ipaddress)

45.33.2.2

cia.snmpoid (String)

.1.3.6.1.4.1.11937.0.1

cia.address (String)

45.32.92.56

cia.originaladdress (String)

45.32.92.56

 

 

 

 

Please use plain text.
HP Expert
kenneth.gonzalez
Posts: 1,522
Registered: ‎04-28-2011
Message 4 of 7 (365 Views)

Re: Sitescope Template SNMP

Hi,

What would be the source of <value>? i.e. what is the monitor type that fires the alert?
Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
Please use plain text.
Advisor
preyes
Posts: 29
Registered: ‎10-05-2012
Message 5 of 7 (357 Views)

Re: Sitescope Template SNMP

[ Edited ]

My bad. It seems there was'nt any issue with the SNMP template. the issue was with the Custom Log File Monitor Data processing Script not assigning the correct value I intend to send.

 

Is there any DPS example available that allows me to read a log file and update/enrich the Match Value

 

e.g.

 

Jan  17 15:22:00 sgacsw17001 <189>38: Jan  2 15:55:15.788 UTC: %CDP-4-DUPLEX_MISMATCH: Message

 

Match value labels: value,value2,value3

Using content match expression

 

/\w+\s*\d+\s*\d+:\d+:\d+\s(\S*).*: \w+.*\.\d+\s.*: %(.*):\s(.*)/

 

 

 Parentheses counted from left                            matching text
(\S*)                                                                                  sgacsw17001 (value)
(.*)                                                                                     CDP-4-DUPLEX_MISMATCH (value2)
(.*)                                                                                     Message (value3)

 

 

Now I am following this https://hpln.hp.com:443/system/files/custom_log_monitor_script.txt . The intent is to enrich (value) "sgacsw17001" and convert it into an IP Address format (I can do the conversion now inside the DPS)

 

e.g. (just hardcoding the ip for now)

 

 myContext.getScriptResult().setValue("value" , "25.132.128.3");

 

 

BUT the original content of "value" doesnt gets updated when it get's passed to the Alerting mechanism( I am using SNMP Trap).

 

Please use plain text.
HP Expert
kenneth.gonzalez
Posts: 1,522
Registered: ‎04-28-2011
Message 6 of 7 (348 Views)

Re: Sitescope Template SNMP

Hi,

I'm not sure if this is possible with regular text templates. Have you tried to create one in xml like SiteScopeEvent.xml? I see for each item there's a "type" attribute.
Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
Please use plain text.
Advisor
preyes
Posts: 29
Registered: ‎10-05-2012
Message 7 of 7 (333 Views)

Re: Sitescope Template SNMP

Breaking things down. I found this

 

using Custom Log File Monitor, Run alerts: is set to For each log entry matched, Match value labels: value,value2,value3, without any code in DPS , and using SNMP Trap alerting (with SNMP Template), having the following lines on my log file

 

Jan  17 15:22:00 25.132.128.3 <189>38: Jan  2 15:55:15.788 UTC: %CDP-4-DUPLEX_MISMATCH: Message

Jan  17 15:22:00 25.132.128.3 <189>38: Jan  2 15:55:15.788 UTC: %CDP-4-DUPLEX_MISMATCH: Message1

 

 

 

I can see in the alert logs that Sitescope is concatenating the values when it triggers the alerting.

 

 

09:27:56 03/07/2014 alert  

alert-type: SNMPTrap  

alert-name: SNMP Trap to Syslog  

alert-message:  [OID: .1.3.6.1.4.1.11937.1.46.10]25.132.128.3

[OID: .1.3.6.1.4.1.11937.1.42.1.3.1]CDP-4-DUPLEX_MISMATCH

[OID: .1.3.6.1.4.1.11937.1.42.1.3.2]Message  

alert-monitor: Syslog Custom  

alert-group: (TST)  

alert-id: 201221012  

alert-monitor-id: SiteScope/200982463/60:105  

action-name: SNMP Trap

SNMP Trap (Type: SNMPTrap, ID: 201221012)

 

09:27:56 03/07/2014 alert  

alert-type: SNMPTrap  

alert-name: SNMP Trap to Syslog  

alert-message:  [OID: .1.3.6.1.4.1.11937.1.46.10]25.132.128.3, 25.132.128.3

[OID: .1.3.6.1.4.1.11937.1.42.1.3.1]CDP-4-DUPLEX_MISMATCH, CDP-4-DUPLEX_MISMATCH

[OID: .1.3.6.1.4.1.11937.1.42.1.3.2]Message, Message1  

alert-monitor: Syslog Custom  

alert-group: (TST)  

alert-id: 201221012  

alert-monitor-id: SiteScope/200982463/60:105  

action-name: SNMP Trap

SNMP Trap (Type: SNMPTrap, ID: 201221012)

 

Anyway to prevent this from happening.

 

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation