I've got an SNMP trap monitor set up so I can be notified when critical hardware issues occur. I want this monitor to implicitly capture any event sent to it and then filter out the noise that I don't care about (e.g. battery charge cycle starting, learn cycle starting in 4 days, etc.). I've got a mix of Dell and HP servers that send messages.
My monitor is set up to accept messages from any IP, the public community, any type, and Enterprise OID of 1.3.6.1.*
The problem I'm having is with filtering out the noise. When I enable variable binding I can do a prefix match of 1.3.6.1.4.1.674 (used by Dell servers) with a numeric type but if I use anything other than "==" to evaluate the result filtering isn't working. For example, if I choose "!=" and a value of 2180 (which is "The controller battery Learn cycle will start in 4 days.") the message is still accepted. I suspect this has to do with the fact that there are other numeric variables in the trap message which pass. For example:
1.3.6.1.4.1.674.10893.1.20.200.1.0: TYPE[2] NUMERIC 2180
1.3.6.1.4.1.674.10893.1.20.200.2.0: TYPE[4] TEXT "The controller battery Learn cycle will start in 4 days."
1.3.6.1.4.1.674.10893.1.20.200.3.0: TYPE[4] TEXT "Controller 0"
1.3.6.1.4.1.674.10893.1.20.200.4.0: TYPE[4] TEXT "Battery 0"
1.3.6.1.4.1.674.10893.1.20.200.5.0: TYPE[4] TEXT "1.3.6.1.4.1.674.10893.1.20.130.15.1.1.1"
1.3.6.1.4.1.674.10893.1.20.200.6.0: TYPE[4] TEXT "\\0\\0"
1.3.6.1.4.1.674.10893.1.20.200.7.0: TYPE[2] NUMERIC 3
1.3.6.1.4.1.674.10893.1.20.200.8.0: TYPE[2] NUMERIC 3
I could set up variable binding on the prefix "1.3.6.1.4.1.674.10893.1.20.200.1" but that limits me to one specific set of Dell messages and forces me to set up multiple trap monitors for each prefix I care about. This defeats the purpose of having a generic monitor that I can filter out what I don't care and still receive everything else.
FWIW I had this working perfectly in IPMv9 using the prefix "1.3.6.1.4.1.674".
Any help on how to get this working correctly in IPMv10 is appreciated.
