Hi all, Environment: SCOM 2012 R2 UR9
Have been using Kelvin's excellent blog post about SNMP traps https://blogs.technet.microsoft.com/kevinholman/2015/02/03/snmp-trap-monitoring-with-scom-2012-r2/ I am currently trying to write a management pack for NetBackup 8 as one currently does not exist. I have managed to get the Traps in SCOM but now need to look at correlation. Below I have an example of a drive down(ACTIVE) and up(CLEAR). Semantics aside I would like to know if it is possible to correlate SNMP traps using a varbind and some of the text to match a CLEAR to ACTIVE in this case. I also want to do this with JOB failure/success messages. It would be nice to strip out text from the varbind e.g. 1207889 Clear Drive IBM.ULT3580-TD5.002 Down {remove the 1207889 from the SNMP variable) Has anyone does this kind of thing before and an example would be useful as I am a novice at XML and mgt writing/creating. Thanks. ## Drive Up Tarp varbind1 : .1.3.6.1.2.1.1.3.0 Timeticks 182867471 varbind2 : .1.3.6.1.6.3.1.1.4.1.0 Oid .1.3.6.1.4.1.1302.3.12.10.2.0.1 varbind3 : .1.3.6.1.4.1.1302.3.12.10.1.1 Octets public varbind4 : .1.3.6.1.4.1.1302.3.12.10.1.2 Octets 1207889 Clear Drive IBM.ULT3580-TD5.002 Down varbind5 : .1.3.6.1.4.1.1302.3.12.10.1.3 Octets Alert Raised on: 03 May 2017 15:08 Tree Type : Server Tree Name : ALL MASTER SERVERS Nodes : OPSCENTER_SVR Media Server: MEDIA_SVR Drive Name: IBM.ULT3580-TD5.002 Drive Number: 4 Robot Number: 0 Alert Policy: POLICY_NAME Device Path: {8,0,4,0} OpsCenter Server: OPSCENTER_SVR Comment: varbind6 : .1.3.6.1.4.1.1302.3.12.10.1.4 Octets POLICY_NAME varbind7 : .1.3.6.1.4.1.1302.3.12.10.1.5 Octets varbind8 : .1.3.6.1.4.1.1302.3.12.10.1.6 Octets varbind9 : .1.3.6.1.4.1.1302.3.12.10.1.7 Octets OPSCENTER_SVR varbind10 : .1.3.6.1.4.1.1302.3.12.10.1.8 Octets OPSCENTER_SVR _FQDN varbind11 : .1.3.6.1.4.1.1302.3.12.10.1.9 Octets varbind12 : .1.3.6.1.4.1.1302.3.12.10.1.10 Octets varbind13 : .1.3.6.1.4.1.1302.3.12.10.1.11 Octets Informational varbind14 : .1.3.6.1.4.1.1302.3.12.10.1.12 Octets Wed May 03 15:08:38 BST 2017 ## Drive Down Trap Object Identifier Syntax Value .1.3.6.1.2.1.1.3.0 Timeticks 182824024 .1.3.6.1.6.3.1.1.4.1.0 Oid .1.3.6.1.4.1.1302.3.12.10.2.0.1 .1.3.6.1.4.1.1302.3.12.10.1.1 Octets public .1.3.6.1.4.1.1302.3.12.10.1.2 Octets 1207889 Active Drive IBM.ULT3580-TD5.002 Down .1.3.6.1.4.1.1302.3.12.10.1.3 Octets Alert Raised on: 03 May 2017 15:08 Tree Type : Server Tree Name : ALL MASTER SERVERS Nodes : OPSCENTER_SVR Media Server: MEDIA_SVR Drive Name: IBM.ULT3580-TD5.002 Drive Number: 4 Robot Number: 0 Alert Policy: POLICY_NAME Device Path: {8,0,4,0} OpsCenter Server: OPSCENTER_SVR Comment: .1.3.6.1.4.1.1302.3.12.10.1.4 Octets POLICY_NAME .1.3.6.1.4.1.1302.3.12.10.1.5 Octets .1.3.6.1.4.1.1302.3.12.10.1.6 Octets .1.3.6.1.4.1.1302.3.12.10.1.7 Octets OPSCENTER_SVR .1.3.6.1.4.1.1302.3.12.10.1.8 Octets OPSCENTER_SVR _FQDN .1.3.6.1.4.1.1302.3.12.10.1.9 Octets .1.3.6.1.4.1.1302.3.12.10.1.10 Octets .1.3.6.1.4.1.1302.3.12.10.1.11 Octets Critical .1.3.6.1.4.1.1302.3.12.10.1.12 Octets Wed May 03 15:08:38 BST 2017 Peter Hakesley | Monitoring & Automation Technical Lead Engineer, Data Centre Services t: +44(0)845 155 6556 ext: 4006 e: [email protected] | w: www.scc.com<http://www.scc.com/> a: SCC, CV1, Cole Valley, 20 Westwood Avenue, Tyseley, Birmingham B11 3RZ
