opEvents provides the ability for the user adminstrator to set customise an event properties as events are received. 's properties from a variety of inputs. For example, if a user wanted to set a specific priority for an event it can be done hereduring the input parsing stages. This article will provide a methodology for adding SNMP trap parsing to EventParserRules. creating events from SNMP traps, via a generic extensible parser with
The generic parser rules are defined in
EventParserRules.nmis which is found in the configuration directory
/usr/local/omk/conf directory. Read Please read the notes at the top of this file first as they are very informative as to what is possible in regard to the parser rules.
For this discussion we will assume that the concept of 'state' is desirable. i.e. If there is a "down" event, there should be a corresponding "up" event. , and opEvents should keep track of the state and ignore duplicate inputs. (It is possible that several "down" events could share a single "up" or clearing event.)
opEvents tracks state based on a tuple of three event properties.
opEvents will process the trap log file as specified on opCommon.nmis. When parsing the traps, at least the following properties should be extracted.:
The install shipped version of of
EventParserRules.nmis has a traplog section that will extract the date, host, trap and details fields for most situations.
This article will focus focuses on situations where customers want customization for the remaining fields.
Notice the regular expression will catch an number of digits following the '=' character. This rule 'captures' the element. In this way we can dynamically assign event properties based on a regular expression.
Set Other Properties
Generally the other properties that we wish to set can be done with one rule. Consider the following trap received by opEvents.