Sven,
We really need more documentation on this, but here is a very dense
guide to using Zenoss to process traps.
Enterprise 9789 is registered to Astaro AG, so perhaps you can ask them
for a MIB. It is not necessary, but it would be nicer to see
"spamFilterDetectsVirus" instead of ".1.3.6.1.4.1.9789.1.2.3".
The trap comes in and is probably classified as an "/Unknown" event
type. That is, Zenoss does not know what you want to do with this event.
First, select the checkbox next to the event, select a category next to
the Map button at the bottom of the page. Each category does different
things to the event: changing it's severity, moving it to the history
table, etc. For now, select "/App" and press the Map button.
This will take you to the edit screen for a new "Mapper". These are the
rules used to map this event to the "/App" category. This rule, since
it matches the Trap by a very specific OID, is all you need.
But we can do better.
In the "transform" section of the mapper, you can put some code to
modify the summary. For example, lets say you want to set the summary
string to "spam Filter Detects Virus". You would put this in the
transform edit area:
evt.summary = "spam Filter Detects Virus"
But we can do better.
A trap has a header with some standard (and mostly useless)
information. But then it has a sequence of attribute/values You can
see these values as event details if you click on the last column of the
event.
You have indicated you want the value for the OID
".1.3.6.1.4.1.9789.1500.2.5" as the summary. If you had the MIB loaded,
you could do this:
evt.summary = evt.spamFilterDetectsVirus
But... we have the OID and the data is still in there. We just need to
use the slightly more cryptic:
evt.summary = getattr(evt, ".1.3.6.1.4.9789.1500.2.5", "Unexpected
missing OID")
The "device" object for the event has been made available, too:
evt.summary = getattr(evt, ".1.3.6.1.4.9789.1500.2.5", "Unexpected
missing OID") + " from device " + device.getId()
Granted, this requires some python knowledge, but it does provide a lot
of power for manipulating events.
-Eric
Schuran, Sven wrote:
Hi,
Thanks for that.
I got this trap:
2006-07-19 10:30:36 DEBUG zen.ZenTrap: Got trap Message(version=Version(0),
community=Community('public'),
pdu=Pdus(trap=TrapPdu(enterprise=Enterprise('.1.3.6.1.4.1.3.1.1'),
agent_addr=AgentAddr(internet=IpAddress('xxx.xx.x.x')),
generic_trap=GenericTrap(6), specific_trap=SpecificTrap(1),
time_stamp=TimeStamp(74811850),
variable_bindings=VarBindList(VarBind(name=ObjectName('.1.3.6.1.4.1.9789.1500.2.5'),
value=ObjectSyntax(simple=SimpleSyntax(string=OctetString('[xxxxx.xxxxx.xx][WARN][005]'))))))))
from ('xxx.xx.x.x', 50712)
Zenoss is generating this event: snmp trap 1.3.6.1.4.1.3.1.1.0.1 from xxxxxxx.xxxxx.xxxxx
But I need Information from:
variable_bindings=VarBindList(VarBind(name=ObjectName('.1.3.6.1.4.1.9789.1500.2.5'), value=ObjectSyntax(simple=SimpleSyntax(string=OctetString('[xxxxx.xxxxx.xx][WARN][005]'))))))))
Is there something wrong?
There are no MIBS available for this OID's:.1.3.6.1.4.1.9789.
Thanks Sven
-----Ursprüngliche Nachricht-----
Von: Eric Newton [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 18. Juli 2006 23:51
An: General discussion of using zenoss system
Betreff: Re: AW: [zenoss-users] SNMP Trap debugging
Sven,
Patch attached. Patch it in, and then run zentrap like this:
$ zentrap start -v 10
Lots and lots of debug.
-Eric
Schuran, Sven wrote:
Eric,
I am able to add it, but I am not really comfortable in python, just a small
hint please.
Sven
-----Ursprüngliche Nachricht-----
Von: Eric Newton [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 18. Juli 2006 19:29
An: General discussion of using zenoss system
Betreff: Re: [zenoss-users] SNMP Trap debugging
If you are comfortable in python, you can add a log message to
$ZENHOME/Products/ZenEvents/zentrap.py, in handleTrap, at or around line 81.
-Eric
Schuran, Sven wrote:
Hi,
I am receving traps right now, but I am not sure I they are correct.
May be zenoss does something wrong with them, or the sending system
sned wrong OID's.
How to trace every trap to a log file, to have a look at it.
Thanks Sven
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
