Table of Contents |
---|
Overview
opEvents provides the ability for the user to set event properties as events are received. For example, if a user wanted to set a specific priority for an event it can be done here. This article will provide a methodology for adding SNMP trap parsing to EventParserRules. EventParserRules.nmis is found in the /usr/local/omk/conf directory. Read the notes at the top of this file as they are very informative as to what is possible in regard to the parser rules.
Evaluate The Traps To Be Processed
Create a list of SNMP traps that are required be processed by opEvents.
Correlate Events Into Stateful Pairs
For this discussion we will assume that the concept of 'state' is desirable. If there is a down event, there should be a corresponding up event. It is possible that several down events could share a single up or clearing event.
State
opEvents tracks state based on a tuple of three event properties.
...
Code Block |
---|
51 => { IF => qr/IF-MIB::linkDown/, THEN => ["set.event(Interface Down)", "set.stateful(Interface)", "set.state(down)", "set.priority(3)" ], }, |
Create Parser Rules
opEvents will process the trap log file as specified on opCommon.nmis. When parsing the traps the following properties should be extracted.
...
The install version of EventParserRules.nmis has a traplog section that will extract the date, host, trap and details fields for most situations. This article will focus on situations where customers want customization for the remaining fields.
Set the Element
Review all the SNMP traps to determine which OID best describes what will become the element property. Write a regular expression that matches this.
...
Notice the regular expression will catch an number of digits following the '=' character. This rule 'captures' the element. In this way we can dynamically assign event properties based on a regular expression.
Set Other Properties
Generally the other properties that we wish to set can be done with one rule. Consider the following trap received by opEvents.
...