SNMP Trap Variable Bindings
We added a feature back in Orion NPM 10, however, over time I have gotten this questions from folks and seen posts on thwack come up asking if you could do this in Orion and if so, how?
Background on the problem people are trying to solve:
An SNMP Trap sent from a device is a general blob of data with some standard data followed by vendor defined information called variable bindings; see the example below for how this looks.
These traps have additional information sent with them called variable bindings. These extra variables contain information relating to the trap and ya’ll don’t want to have to visually parse each trap manually. What you have asked for is some sort of variable notation allows the capability to format and display these variable bindings as needed.
With this ability you can format an email notification with the separate variable bindings. So instead of receiving an email with the block of text below in the example, you can get only the specific information you care about.
An example of of our community members posted on thwack was this.
What I want is the "apSvcTrapEventText" line with just "Service:test State:suspended" in the email. How do I format the email text to get it?
When creating the email notification template in Orion, you can do something like this below, where ${vbdata3} equals the value associated with the third listed trap variable.
${DateTime}
${Caption} - ${vbdata3}
Example:
03/08/2011 08:20 : ARROWPOINT-SVCEXT-MIB:apSvcTransitionTrap SNMP TrapReceived Time:3/8/2011 8:20:32 AM
Source:192.168.49.174(192.168.49.174)
Community:marcnet
Variable Bindings
sysUpTime:= 2 days 13 hours 35 minutes 55.25 seconds (22175525)
snmpTrapOID:= ARROWPOINT-SVCEXT-MIB:apSvcTransitionTrap (1.3.6.1.4.1.9.9.368.1.15.1.0.1)
apSvcTrapEventText:= Service Transition - Service:test State:suspended
Let’s walk through an example of this in the product.
- On the Orion server, open the SNMP Trap Viewer
- As you can see I have a specific trap, but I don’t want all the information included within it, I just want SysUpTime
- Create a new trap rule in the SNMP Trap Viewer and define your filters to narrow down to the specific trap you are interested in. In this example, I did it by IP Address.
- On the Alert Actions tab, select add a new alert action. I chose log to a file, but this would work with the others as well, including email
- In the dialog “Message to Log File” I entered in three variable.
- Date/Time Stamp
- Name of the first trap variable
- Value of the first trap variable
- In my text file I chose to log to, there is an entry for each trap I have received that matched this rule. As you can see, instead of getting the entire trap message, I only get the value as defined by my variables in step #5 above.
That’s it, pretty straight forward.