I've known for some time about the ability to use the various Solarwinds ${value} variables to enrich my snmp trap email alerts.
These are all listed within the ${Message} variable, but some times it helps to break them down using a quick copy'pasta template, such as this:
1. ${vbName1} ${vbData1}
2. ${vbName2} ${vbData2}
3. ${vbName3} ${vbData3}
4. ${vbName4} ${vbData4}
5. ${vbName5} ${vbData5}
6. ${vbName6} ${vbData6}
7. ${vbName7} ${vbData7}
8. ${vbName8} ${vbData8}
9. ${vbName9} ${vbData9}
10. ${vbName10} ${vbData10}
<--snip -- add more as required, some traps have 25+ varbinds-->
These allow to pull data such as port descriptions, or any other value from within the trap/MIB to enrich your alerting.
But I wanted to use these values to set trap rules. Well a lot of searching and a lot of testing, some duff results from using eventTextX or eventVarX, which although mentioned on Thack,
I could not get them to work.
You'll need to have Database Manager up and connected to your NPM database.
And the Trap Viewer, with an example of the trap(s) you want to create/modify its rule for.
First find the value you'd like to find, in my example I'm trying to find the string "CDS01 Main"
Here's the traps varbinds and my string highlighted in red:
'Trap Details' in Trap Viewer (AKA Trap VarBinds) | sysUpTime=49 days 1 hour 34 minutes 7.40 seconds snmpTrapOID=MixedSignals:programaudiosilencenotify sentrynameip.1=sentry201 (000.000.000.000) programnumber.1=10 programname.1=CDS01 Main portnumber.1=78 multicastip.1=000.000.000.000 multicastport.1=00 sourcespecificmulticastip.1=* unicastport.1= tsid.1=10 pidnumber.1=4097 bitmap.1=31 lengthoftime.1=30000 date.1=May 29, 2014 03:37:19 PM BST clearreason.1=0 cleardate.1= setflag.1=1 alertlogid.1=952804 portname.1=CDS01 Main TX alertreasons.1= rfchannel.1= rffrequency.1= reporturl.1=000.000.000.000/ |
---|
So now if we search for that string in the NPM Database:
SELECT OIDValue, OIDName, OID, TrapID
FROM [dbo].[TrapVarbinds]
WHERE OIDName Like '%CDS01%'
ORDER BY OID
This finds:
OIDValue | OIDName | OID | TrapID |
---|---|---|---|
CDS01 Main | programname.1 | 1 1.3.6.1.4.1.24931.9.1.1.33.1 | 59515610 |
CDS01 STBY | programname.2 | 1 1.3.6.1.4.1.24931.9.1.1.33.2 | 59515610 |
This ties in nicely with the trap varbinds we can see in the trap viewer where we found programname.1 = CDS01 Main
We can check this back the other way to be sure it's unique:
SELECT DISTINCT OIDValue
FROM [dbo].[TrapVarbinds]
WHERE OID LIKE '1.3.6.1.4.1.24931.9.1.1.33.1'
OIDValue |
---|
CDS01 Main |
CDS01 STBY |
DBS01 |
So we can now use the following trap rule conditions to filter the traps by varbind values.
In the Trap Rules, add a new AND condition:
<OID> contains <OIDValue of choice>
Or from my example:
AND Traps received where any of the following are true:
1.3.6.1.4.1.24931.9.1.1.33.1 contains CDS01
Now my traps can be filtered by the TrapVarBinds.
I hope this helps someone else enrich their SNMP alerting.
Yaquaholic