This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Trap rules - using trap varbinds within rules

I've known for some time about the ability to use the various Solarwinds ${value} variables to enrich my snmp trap email alerts.

These are all listed within the ${Message} variable, but some times it helps to break them down using a quick copy'pasta template, such as this:

1.  ${vbName1} ${vbData1}

2.  ${vbName2} ${vbData2}

3.  ${vbName3} ${vbData3}

4.  ${vbName4} ${vbData4}

5.  ${vbName5} ${vbData5}

6.  ${vbName6} ${vbData6}

7.  ${vbName7} ${vbData7}

8.  ${vbName8} ${vbData8}

9.  ${vbName9} ${vbData9}

10. ${vbName10} ${vbData10}

<--snip -- add more as required, some traps have 25+ varbinds-->

These allow to pull data such as port descriptions, or any other value from within the trap/MIB to enrich your alerting.

But I wanted to use these values to set trap rules. Well a lot of searching and a lot of testing, some duff results from using eventTextX or eventVarX, which although mentioned on Thack,

I could not get them to work.

You'll need to have Database Manager up and connected to your NPM database.

And the Trap Viewer, with an example of the trap(s) you want to create/modify its rule for.

First find the value you'd like to find, in my example I'm trying to find the string "CDS01 Main"

Here's the traps varbinds and my string highlighted in red:

'Trap Details' in Trap Viewer (AKA Trap VarBinds)

sysUpTime=49 days 1 hour 34 minutes 7.40 seconds

snmpTrapOID=MixedSignals:programaudiosilencenotify

sentrynameip.1=sentry201 (000.000.000.000)

programnumber.1=10

programname.1=CDS01 Main

portnumber.1=78

multicastip.1=000.000.000.000

multicastport.1=00

sourcespecificmulticastip.1=*

unicastport.1=

tsid.1=10

pidnumber.1=4097

bitmap.1=31

lengthoftime.1=30000

date.1=May 29, 2014 03:37:19 PM BST

clearreason.1=0

cleardate.1=

setflag.1=1

alertlogid.1=952804

portname.1=CDS01 Main TX

alertreasons.1=

rfchannel.1=

rffrequency.1=

reporturl.1=000.000.000.000/

So now if we search for that string in the NPM Database:

SELECT OIDValue, OIDName, OID, TrapID

FROM [dbo].[TrapVarbinds]

WHERE OIDName Like '%CDS01%'

ORDER BY OID

This finds:

OIDValueOIDNameOID TrapID
CDS01 Mainprogramname.11 1.3.6.1.4.1.24931.9.1.1.33.159515610
CDS01 STBYprogramname.21 1.3.6.1.4.1.24931.9.1.1.33.259515610

This ties in nicely with the trap varbinds we can see in the trap viewer where we found programname.1 = CDS01 Main

We can check this back the other way to be sure it's unique:

SELECT DISTINCT OIDValue

FROM [dbo].[TrapVarbinds]

WHERE OID LIKE '1.3.6.1.4.1.24931.9.1.1.33.1'

OIDValue
CDS01 Main
CDS01 STBY
DBS01

So we can now use the following trap rule conditions to filter the traps by varbind values.

In the Trap Rules, add a new AND condition:

<OID> contains <OIDValue of choice>

Or from my example:

AND Traps received where any of the following are true:

1.3.6.1.4.1.24931.9.1.1.33.1 contains CDS01

Now my traps can be filtered by the TrapVarBinds.

I hope this helps someone else enrich their SNMP alerting.

Yaquaholic