cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Extract of Log / Trap Messages (VarBinds) to Trigger Orion Alerts

Extract of Log / Trap Messages (VarBinds) to Trigger Orion Alerts

We need to be able to extract VarBinds from traps and alert on them (or regex patterns in syslogs).

For Example, BGP Peer down OID 1.1.1.1.1.1.1

Peer address is in varbind 1.1.1.1.1.2.1

Local address is in varbind 1.1.1.1.1.2.2

 

The problem is that you cannot have 2 instances/alerts of the same Log Anayser rule hit. So if "RouterA" has Peer1 go down, it triggers this. 

5 hours later if "RouterA" has "Peer2" go down, it triggers this again (with a different VarBind). Same LA rule, Same Orion Alert, so nothing re-triggers as Orion thinks its already active. 

Similarly, Orion can only display the ENTIRE trap message using the $(loganalyster.Macro). Thats no good, as we get 5 lines of garbage when all I want to view is the single varbind thats important to me - the peer address. 

Until Varbinds can be individually alerted on, and extracted into the orion message, the Alerting functionality of LA is useless for us. 

1 Comment
Level 16

98 percent of our alerting is generated from external systems sending messages into our main console via SNMP or Syslog. The legacy syslog and SNMP engine was working fine but it is scheduled to be retired in some future version so we moved all of that functionality off to a different product.