You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Overview

opEvents provides the ability for the user to set event properties as events are received.  For example, if a user wanted to set a specific priority for an event it can be done here.  This article will provide a methodology for adding SNMP trap parsing to EventParserRules.  EventParserRules.nmis is found in the /usr/local/omk/conf directory.

Define The Traps that Will Be Processed

The customer should provide a list of SNMP traps that they require be processed by opEvents. 

Correlate Events Into Stateful Pairs

For this discussion we will assume that the concept of 'state' is important to the customer.  If there is a down event, there should be a corresponding up event.  It is possible that several down events could share a single up or clearing event.

State

opEvents tracks state based on a tuple of three event properties.

  • node
  • element
  • stateful

This is a critical concept.  The node property will always be the same for any given node.  The element property will be somewhat dynamic, usually a regular expression will parse and 'capture' it.  The most comment element example would be an interface; gig0/0 versus gig0/1.  The stateful property is necessary because the same element may have different events; consider an interface down event versus an OSPF event on the same element (gig0/0).

If any of these three event properties are not set state will not function well. 

Consider a case where the element property is not set; thus being null.  In this case if a 'port down' for gig0/0 was received a 'port up' for gig0/1 would clear the g0/0 'port down' event.  Without the element being set opEvents cannot differentiate between interfaces.

 

Example parser for the element property.

                                53 => {
                                        IF => qr/IF-MIB::ifIndex\.\d+=(\d+)/,
                                        THEN => ["capture(element)"],
                                },

Example parser for the stateful property

                                51 => {
                                        IF => qr/IF-MIB::linkDown/,
                                        THEN => ["set.event(Interface Down)", "set.stateful(Interface)",
                                                                         "set.state(down)", "set.priority(3)" ],
                                },

 

Create Parser Rules

opEvents will process the trap log file as specified on opCommon.nmis.  When parsing the traps the following properties should be extracted.

  • date
  • host
  • trap
  • details
  • event
  • element
  • stateful
  • state
  • priority

The install version of EventParserRules.nmis has a traplog section that will extract the date, host, trap and details fields for most situations.  This article will focus on situations where customers want customization for the remaining fields.

Set the Element

Review all the SNMP traps to determine which OID best describes what will become the element property.  Write a regular expression that matches this.

 

 

  • No labels