This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Windows Trap Viewer and Web Traps tab flawed

solarwinds badly needs to do a rewrite of their trap handling within the Web interface and within the Windows Trap Viewer application. Please log a bug based on this.

I have done a lot of regular expression work and Orion's implementation of trap handling and applying regex against those traps is very painful.

Let me illustrate what I mean. There are three different ways to get the Trap Details content of a given SNMP Trap:

1. Making a generic trap which writes all traps from a host to a file and reading the file. This actually contains the content which the system will match against.

In my case my trap written file contained (without the "s) a line with "Security-Manager-Alarm-Trap:= -7713". Note only a single space after the = and a : character.

2. Using the Traps Web. Unfortunately this neither allows edit trap rules nor allows you to develop patterns. The information displayed by this tab is NOT what was received and is totally useless for pattern matching.

In my case my trap was reported as having a line with (without the "s) "Security-Manager-Alarm-Trap = -7713". Note the spaces on either side of the = and lack of :.

3. Using the Trap Viewer to display and then copy the trap details to a notepad++ (or similar.) Unfortunately what is copied is again NOT what was received or

In my case my trap was reported as having a line with (without the "s) "Security-Manager-Alarm-Trap=-7713". Note the lack of spaces or  :.

You would expect them all to be the same. Unfortunately only method 1 gets to trap content which you can actually match against properly.

Seriously what is the point of having a trap viewer if it does not display the actual trap details which you are trying to craft a matching rule against!?

The trap viewer also badly needs a Search Traps Field which can take a Trap Rule Trap Details pattern with or without Regex selected and allow the user to see what it would match against.

Given the trap viewer is basically a rule editor at this point. Eliminating it and putting the functionality (including the bug fixes/suggestions above) in the web portal might make more sense.

I have a trap details pattern, with Regex off, which actual matches. It is defined as (minus the "s): "*Security-Manager-Alarm-Trap:= -7713*"

It is unclear from both the documentation and the various interfaces whether Regex multi-line is turned on for a Trap Details Pattern.

I'm still trying to figure out why nothing I'm coming up with in terms of Regex Trap Detail patterns matches. Here is an example: ".*Security-Manager-Alarm-Trap:=\w*\-(7713|7544).*". The trap is enabled and at the top of the list but does not get triggered. Suggestions?