• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 38 subscribers
  • Views 591 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SNMP trap to NPM alert

jbrunke

OK, I've poured over the threads available here at thwack that explain different methods to trigger and alert and clear that alert when corresponding trap comes in.  I have an example that is slightly different from others I've seen here, I'd like to get some help with.

Scenario - another monitoring tool (HP BSM) sends a trap as an action when an alert condition is raised:

11/29/2016 8:08:20 AM    10.10.10.10     pwbsmdps02     public     SNMPv2-SMI:enterprises.5233.4.0.1     snmpTrapEnterprise = SNMPv2-SMI:e​nterprises.5​233.4

experimental.1057.1.0 = 10.10.10.10

sysUpTime = 226 days 5 hours 16 minutes 34.05 seconds

snmpTrapOID = SNMPv2-SMI:e​nterprises.5​233.4.0.1

enterprises.5233.4.10 = Business Transactio​n Flow:LMS;t​ransaction:L​MS_003_Aut​h;

enterprises.5233.4.9 = d4aec8817e​c54e330fcc​047bac0890​ea

enterprises.5233.4.8 = N/A

enterprises.5233.4.7 = Response time for 2 out of 3 transactio​ns was greater than 8.00 seconds.;

enterprises.5233.4.6 = For Business Transactio​n Flow "LMS", transactio​n "LMS_003_A​uth". Response time for 2 out of 3 transactio​ns greater than 8.00 seconds.;

enterprises.5233.4.5 = Major

enterprises.5233.4.4 = 33dcb5b068​c72fdb8779​050b29df5c​2c

enterprises.5233.4.3 = Regular Alert

enterprises.5233.4.2 = ITO: LMS Performanc​e Alerts

enterprises.5233.4.1 = LMS

It also will send a corresponding clear trap when the alert clears:

1/29/2016 8:29:38 AM    10.10.10.10     pwbsmdps02     public     SNMPv2-SMI:enterprises.5233.4.0.1     snmpTrapEnterprise = SNMPv2-SMI:e​nterprises.5​233.4

experimental.1057.1.0 = 10.10.10.10

sysUpTime = 226 days 5 hours 16 minutes 34.05 seconds

snmpTrapOID = SNMPv2-SMI:e​nterprises.5​233.4.0.1

enterprises.5233.4.10 = Business Transactio​n Flow:LMS;t​ransaction:L​MS_003_Aut​h;

enterprises.5233.4.9 = d4aec8817e​c54e330fcc​047bac0890​ea

enterprises.5233.4.8 = N/A

enterprises.5233.4.7 = Response time for 1 out of 3 transactio​ns was greater than 8.00 seconds.;

enterprises.5233.4.6 = For Business Transactio​n Flow "LMS", transactio​n "LMS_003_A​uth". Response time for 2 out of 3 transactio​ns greater than 8.00 seconds.;

enterprises.5233.4.5 = Informatio​nal

enterprises.5233.4.4 = 33dcb5b068​c72fdb8779​050b29df5c​2c

enterprises.5233.4.3 = Follow Up Alert

enterprises.5233.4.2 = ITO: LMS Performanc​e Alerts

enterprises.5233.4.1 = LMS

The traps always come from the same IP/Hostname: 10.10.10.10/pwbsmdps02

So in following other examples here, I created two rules in the trap viewer:

BSM Alert:

pastedImage_1.png

pastedImage_2.png

BSM Clear:

pastedImage_3.png

pastedImage_4.png

Note: ${vbData4} contains the unique alert identifier, which is why I chose it to correlate the events.  I verified in the Trap Viewer that new traps are colored properly.

Next, I created an new Alert in NPM:

Trigger:

pastedImage_5.png

Reset:

pastedImage_6.png

Now here is where I am stuck...  I would like to pull this varbind from the specific trap and put it into the Message displayed when this alert is triggered:

enterprises.5233.4.6 = For Business Transactio​n Flow "LMS", transactio​n "LMS_003_A​uth". Response time for 2 out of 3 transactio​ns greater than 8.00 seconds.;

Is this even possible?!

  • 0

    You'll need to define a custom sql properly to pull the varbind;

    Personally I'd copy the varbind you're interested to into the TAGS on the snmp trap receiver.

    then use a custom SQL variable into the message being logged.

    pastedImage_0.png

    (untested)

    ${SQL:Select top 1 TAG FROM [dbo].[TRAPS] Where nodeid=${NodeID} and colorcode=255 order by datetime desc }
  • 0 in reply to RichardLetts

    Thanks Richard.  OK I followed your example but got a bit crazier emoticons_cool.png

    ${SQL:SELECT top 1 b.oidvalue from traps a  

    INNER JOIN trapvarbinds b

    ON a.trapid = b.trapid

    where a.nodeid = ${NodeID}

    and colorcode=255

    AND b.oidname = 'enterprises.5233.4.6'

    order by datetime desc }

    I've got it setup and am waiting for some traps...  I'll let you know how it goes... 

    Man I really wish they would improve this part of the product soon.  Really frustrating to be able to receive traps but not be able to easily create alerts from them...

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.