Hi Chaps,
I've spent the whole day trying to figure this out and I'm hoping that reaching out might point me in the right direction. Currently running 4.2.3 which we recently upgraded to and somewhere along the line SNMP Trap transformations got broken for switch LinkUp and LinkDown traps.
An example of a trap seen in zentrap.log
04:47:45,740 DEBUG zen.zentrap: Received packet from 192.168.1.1 at port 1024
2013-07-18 04:47:45,740 DEBUG zen.zentrap: SNMPv1 trap, Addr: ('192.168.1.1', 1024) PDU Agent Addr: <pynetsnmp.netsnmp.c_ubyte_Array_4 object at 0x1a7174d0>
2013-07-18 04:47:45,741 DEBUG zen.zentrap: snmp trap snmp_linkDown
04:47:45,741 DEBUG zen.zentrap: Queued event (total of 1) {'rcvtime': 1374119265.741365, 'firstTime': 1374119265.740683, 'eventClassKey': 'snmp_linkDown', 'oid': '1.3.6.1.4.1.43.1.16.4.3.8.0', 'component': '', 'community': 'public', 'ifOperStatus.4227689': 2, 'device': '192.168.1.1', 'manager': 'zenoss-web01', 'eventGroup': 'trap', 'ifAdminStatus': 1, 'ifIndex': 4227689, 'ifAdminStatus.4227689': 1, 'monitor': 'localhost', 'severity': 3, 'ifIndex.4227689': 4227689, 'summary': 'snmp trap snmp_linkDown', 'agent': 'zentrap', 'lastTime': 1374119265.740683, 'ifOperStatus': 2}
I've looked at what must be every post going to find out how it looks up the interface name "iface.description" I'm not fussed about getting the confimrgured discription eg "Router WAN Port" I want "Ethernet1/0/1"
The device is already in zenoss and the interfaces mapped and showing up wonderfully using SNMP Walking its just these damm traps.
If I change one of the fields such as summary to list the variables then this is what I get:
iface.description - starts to list all the interface names for my device - this is what I want but only for the interface thats gone up or down
descr - is currently blank
device - is "<Device at nameofmydevice>"
evt.device - is nameofmydevice
evt.component - is currently blank and is what we need to set
so device is looked up correctly using the IP of the incoming trap.
The current transform I have that I have in Events>Net>Link>snmp_linkDown from another post is:
index = getattr(evt, 'ifIndex', 0)
descr = getattr(evt ,'ifDescr', index)
if descr != index:
evt.component = descr
else:
if device == None:
evt.component = index
else:
found = 0
for obj in device.os.interfaces.objectItems():
if obj[1].ifindex == index:
evt.component = obj[1].id
found = 1
if found == 0:
evt.component = index
if evt.component.startswith('Gigabit'):
evt.severity = 3
if evt.component.startswith('Ten'):
evt.severity = 4
if evt.component.startswith('Cascade'):
evt.severity = 4
and when I look at the event is see the componet is "4227689" from my trap "ifIndex.4227689': 4227689" from the trap in zentrap.log shown above.
I currently have the active interface monitoring setup using the OperationalStatus value but really need to get traps working for some of the alerts we want to generate.
I've generalised the data but if more information is required to form a guess as to what is going wrong or what I need to do then please let me know,
Thanks
Mark