Trap rules - using trap varbinds within rules

Version 1

    I've known for some time about the ability to use the various Solarwinds ${value} variables to enrich my snmp trap email alerts.

    These are all listed within the ${Message} variable, but some times it helps to break them down using a quick copy'pasta template, such as this:

     

    1.  ${vbName1} ${vbData1}

    2.  ${vbName2} ${vbData2}

    3.  ${vbName3} ${vbData3}

    4.  ${vbName4} ${vbData4}

    5.  ${vbName5} ${vbData5}

    6.  ${vbName6} ${vbData6}

    7.  ${vbName7} ${vbData7}

    8.  ${vbName8} ${vbData8}

    9.  ${vbName9} ${vbData9}

    10. ${vbName10} ${vbData10}

    <--snip -- add more as required, some traps have 25+ varbinds-->

     

    These allow to pull data such as port descriptions, or any other value from within the trap/MIB to enrich your alerting.

    But I wanted to use these values to set trap rules. Well a lot of searching and a lot of testing, some duff results from using eventTextX or eventVarX, which although mentioned on Thack,

    I could not get them to work.

     

    You'll need to have Database Manager up and connected to your NPM database.

    And the Trap Viewer, with an example of the trap(s) you want to create/modify its rule for.

     

    First find the value you'd like to find, in my example I'm trying to find the string "CDS01 Main"

    Here's the traps varbinds and my string highlighted in red:

     

    'Trap Details' in Trap Viewer (AKA Trap VarBinds)

    sysUpTime=49 days 1 hour 34 minutes 7.40 seconds

    snmpTrapOID=MixedSignals:programaudiosilencenotify

    sentrynameip.1=sentry201 (000.000.000.000)

    programnumber.1=10

    programname.1=CDS01 Main

    portnumber.1=78

    multicastip.1=000.000.000.000

    multicastport.1=00

    sourcespecificmulticastip.1=*

    unicastport.1=

    tsid.1=10

    pidnumber.1=4097

    bitmap.1=31

    lengthoftime.1=30000

    date.1=May 29, 2014 03:37:19 PM BST

    clearreason.1=0

    cleardate.1=

    setflag.1=1

    alertlogid.1=952804

    portname.1=CDS01 Main TX

    alertreasons.1=

    rfchannel.1=

    rffrequency.1=

    reporturl.1=http://000.000.000.000/?page=program_detail&bl=1&range_type=range&start=1401372439&stop=1401376039&port=78&tsid=10&program=10&_z=0

     

    So now if we search for that string in the NPM Database:

     

    SELECT OIDValue, OIDName, OID, TrapID

    FROM [dbo].[TrapVarbinds]

    WHERE OIDName Like '%CDS01%'

    ORDER BY OID

     

     

    This finds:

    OIDValueOIDNameOID TrapID
    CDS01 Mainprogramname.11 1.3.6.1.4.1.24931.9.1.1.33.159515610
    CDS01 STBYprogramname.21 1.3.6.1.4.1.24931.9.1.1.33.259515610

     

    This ties in nicely with the trap varbinds we can see in the trap viewer where we found programname.1 = CDS01 Main

     

    We can check this back the other way to be sure it's unique:

     

    SELECT DISTINCT OIDValue

    FROM [dbo].[TrapVarbinds]

    WHERE OID LIKE '1.3.6.1.4.1.24931.9.1.1.33.1'

     

    OIDValue
    CDS01 Main
    CDS01 STBY
    DBS01

     

    So we can now use the following trap rule conditions to filter the traps by varbind values.

    In the Trap Rules, add a new AND condition:

     

    <OID> contains <OIDValue of choice>

     

    Or from my example:

    AND Traps received where any of the following are true:

    1.3.6.1.4.1.24931.9.1.1.33.1 contains CDS01

     

    Now my traps can be filtered by the TrapVarBinds.

     

    I hope this helps someone else enrich their SNMP alerting.

     

    Yaquaholic