...
cd /usr/local/omk/conf/parser_plugins/
vim snmpTrap.pm
package snmpTrap;
our $VERSION="0.0.1";
use strict;
# arguments: the line (currently being parsed),
# and reference to the live event properties
# returns: (status-or-error)
#
# zero or undef: parsing for this event is aborted,
# and no event is created.
# 1: indicates success, event is created and changed event
# properties are incorporated.
# any other value: treated as error message, changed event
# properties are NOT incorporated but event parsing continues.
sub parse_enrich
{
my ($line, $event) = @_;
my $ditch = 0;
$event->{"details"} = $line;
my @halves = split("#012", $line);
my @OIDs = split('#011', $halves[1]);
#my @OIDs = split('#011', $halves[1]);
my ($ipaddress) = $halves[0] =~ /UDP:\s+\[(\d+\.\d+\.\d+\.\d+)\]/;
my ($date) = $halves[0] =~ /(\d{4}-\d\d-\d\d \d\d:\d\d:\d\d)/;
$event->{"ipaddress"} = $ipaddress;
$event->{"host"} = $ipaddress;
$event->{"date"} = $date;
foreach my $i (@OIDs) {
my @parseOID = split('=', $i);
## OID
my $varname = $parseOID[0];
$varname =~ s/\s+$//;
my @oidValue = split(/\s+/, $parseOID[1],3);
## OID value
my $rest = $oidValue[2];
$rest =~ s/\s+$//;
# trapoid: sets the event name
if ($varname eq "SNMPv2-MIB::snmpTrapOID.0")
{
$event->{event} = $rest;
# no next, keep the trapoid as it came in - fixme or copy as 'trap' and next?
}
# ...other /parsing/ rules go here, may end with next; if varname => rest is
# not desirable in the event
if ( $event->{event} eq "IF-MIB::linkDown" ) {
$event->{event} = "Interface Down";
$event->{stateful} = "Interface";
$event->{state} = "down";
$event->{priority} = 3;
}
elsif ( $event->{event} eq "IF-MIB::linkUp" ) {
$event->{event} = "Interface Up";
$event->{stateful} = "Interface";
$event->{state} = "up";
$event->{priority} = 2;
}
elsif ($varname =~ /IF-MIB::ifIndex\.\d+/ )
{
$event->{element} = $rest;
}
elsif ($varname =~ /IF-MIB::ifDescr\.\d+/ )
{
$event->{element} = $rest;
}
elsif ($varname eq "OSPF-MIB::ospfNbrState")
{
$event->{stateful} = "OSPF Neighbor";
if ( $rest eq "down" ) {
$event->{event} = "OSPF Neighbor Down";
$event->{state} = "down";
$event->{priority} = 4;
}
elsif ( $rest eq "up" ) {
$event->{event} = "OSPF Neighbor Up";
$event->{state} = "up";
$event->{priority} = 2;
}
}
elsif ($varname eq "OSPF-MIB::ospfNbrIpAddr" )
{
$event->{element} = $rest;
}
elsif ( $event->{event} =~ /BGP4-MIB::bgpBackwardTransition|BGP4-MIB::bgpTraps.0.2/ ) {
$event->{event} = "BGP Neighbor Down";
$event->{stateful} = "BGP Neighbor";
$event->{state} = "down";
$event->{priority} = 4;
}
elsif ( $event->{event} =~ /BGP4-MIB::bgpEstablished|BGP4-MIB::bgpTraps.0.1/ ) {
$event->{event} = "BGP Neighbor Up";
$event->{stateful} = "BGP Neighbor";
$event->{state} = "up";
$event->{priority} = 2;
}
elsif ($varname =~ /BGP4-MIB::bgpPeerState\.(\d+\.\d+\.\d+\.\d+)/ )
{
$event->{element} = $1;
}
# nobody shortcircuited us? then save the right hand side under whatever varname is now
$event->{$varname} = $rest;
}
if ( $event->{details} =~ /CISCO-CONFIG-MAN-MIB::ciscoConfigManEvent .+ ccmHistoryEventConfigDestination\.\d+=running/ )
{
$event->{event} = "Node Configuration Change";
}
# return 1; # happy, go on, use my changes
# return 0; # ignore this event
# return "i have a problem"; # error, do not use my changes
if ( $ditch == '1' ) {
return 0;
}
else {
return 1;
}
}
1;