DX NetOps

  • 1.  How do I get variables from a string message in a SNMP trap?

    Posted Jul 12, 2018 05:21 AM

    Hello,

    I'm trying to parse a string message contained in a SNMP trap to extract some variables.

    I know that I have to use a regexp. When I add it to my EventDisp file, I can see my regexp in the event config but it looks like it doesn't even interpret it.

    The message is organized as follows:

    Health check 'dns.1.1.2.2' changed from: Unknown, to: Check failed, and has become sick. Status: DNS lookup failed.

    I only want to get the "dns.1.1.2.2" and "Check failed".

     

    In the CA Spectrum documentation, there is an example:

     

     

    So I tried to copy and adapt that code to check if my pattern was correct. But when I send the trap to test it, there is not any additional event created.

     

    I'm not sure I understood well everything about the language used to process events.

     

    For the moment, my code looks like this:

    0x05610002 E 50 P " \
    SetVariable({V pattern},S \".*'(.*)'.*:.*:(Check failed|DNS failed|Unknown|OK with errors|OK for some ips|OK but failing|OK on alt server|OK),.*.\"}, \
    If(Regexp(GetEventVariable({U 1}),{V pattern}), \
    CreateEventWithVariables({C CURRENT_MODEL},{H 0x5e10021a}, \ ForEach(GetRegexpList(\
    GetEventVariable({U 1}),{V pattern}),{Variable X}, \
    {Variable retVal},GetEventVariableList(), \
    Prog2(Assign({V retVal},SetEventVariable({V retVal},{V counter},{Variable X})), \ Assign({V counter},Add({V counter},{U 1}))))), \
    CreateEventWithVariables({C CURRENT_MODEL},{H 0x5e10021b}, GetEventVariableList()))))"

     

    As you can see, I didn't modify the code, I only changed the pattern and the generated event codes. So even if my pattern is wrong, I should have an event telling me that there is a mistake... But nothing happens...

     

    Does anyone know what I did wrong?

     

    Thanks in advance.



  • 2.  Re: How do I get variables from a string message in a SNMP trap?

    Posted Jul 13, 2018 01:51 PM

    If you are using the example from the docs as an template, you are missing information in your procedure.

     

    You have the following:

     

    SetVariable({V pattern},S \".*'(.*)'.*:.*:(Check failed|DNS failed|Unknown|OK with errors|OK for some ips|OK but failing|OK on alt server|OK),.*.\"}, \

     

    Using the example from the docs,shouldn't it read something like the following:

     

    SetVariable({V pattern},{S \"(.*):(Check failed|DNS failed|Unknown|OK with errors|OK for some ips|OK but failing|OK on alt server|OK)\"}, \ SetVariable({V counter},{U 500}, \

     

    Joe



  • 3.  Re: How do I get variables from a string message in a SNMP trap?

    Posted Jul 16, 2018 05:53 AM

    Thanks for your answer, you're right, I should have spotted this earlier...

     

    But even after correcting this line, I don't get any other event generated when I receive the trap... The problem must come from somwhere else...

     

    Do you have any other idea?



  • 4.  Re: How do I get variables from a string message in a SNMP trap?

    Posted Jul 16, 2018 10:50 AM

    Since your event procedure is checking the value of varbind 1, what is the exact value of varbind 1 in the trap?

     

    Joe



  • 5.  Re: How do I get variables from a string message in a SNMP trap?

    Posted Jul 17, 2018 03:09 AM

    The event from the trap looks like this:

    The message I'm trying to parse is the deviceHealthCheckMessage (the only variable in the trap).

    I'm trying to get the values "dns.1.1.2.2" and "Check failed" to use them to process alarms...



  • 6.  Re: How do I get variables from a string message in a SNMP trap?
    Best Answer

    Posted Jul 18, 2018 01:01 PM

    I got the Event Procedure to work using the following based on the value of deviceHealthCheckMessage from above:

     

    0xfff00002 E 0

    0xfff00001 E 0 P " \
    SetVariable({V pattern},{S \"(.*): (Check failed|DNS failed|Unknown|OK with errors|OK for some ips|OK but failing|OK on alt server|OK)\"}, \ SetVariable({V counter},{U 500}, \
    If(Regexp(GetEventVariable({U 1}),{V pattern}), \
    CreateEventWithVariables({C CURRENT_MODEL},{H 0xfff00002}, \ ForEach(GetRegexpList(\
    GetEventVariable({U 1}),{V pattern}),{Variable X}, \
    {Variable retVal},GetEventVariableList(), \
    Prog2(Assign({V retVal},SetEventVariable({V retVal},{V counter},{Variable X})), \ Assign({V counter},Add({V counter},{U 1}))))), \
    CreateEventWithVariables({C CURRENT_MODEL},{H 0xfff00002}, GetEventVariableList()))))"

     

    One thing I did notice was it looked like there is a space between "to:" and "Check failed". This space has to be accounted for in the SetVariable statement between the ";" and the "("

     

    The resulting 0xfff00002 event looks like the following:

     



  • 7.  Re: How do I get variables from a string message in a SNMP trap?

    Posted Jul 19, 2018 08:27 AM

    Hi,

     

    I juste tried your solution and it worked very well!   I managed to get the variables I wanted in the second event.

     

    Thank you very much for your help.

     

    Best regards.



  • 8.  Re: How do I get variables from a string message in a SNMP trap?

    Posted Jul 19, 2018 10:21 AM

    Outstanding! I am glad I was able to assist.

     

    Joe



  • 9.  Re: How do I get variables from a string message in a SNMP trap?

    Posted Oct 10, 2018 10:03 AM

    Hi,

    I have basically the same problem, or I just imagine so

     

    My event configuration in /opt/ca/Spectrum/custom/Events/EventDisp:

    0x67700338 E 0
    P " \
    SetVariable({V pattern},{S \"(?<=reason: )(.*)(?=] At)|(?<=event )(.*)(?= occurred)|(?<=tenant )(.*)(?= as)|(?<= as )(.*)\"}, \ SetVariable({V counter},{U 500}, \
    If(Regexp(GetEventVariable({U 1}),{V pattern}), \
    CreateEventWithVariables({C CURRENT_MODEL},{H 0x67700383}, \ ForEach(GetRegexpList(\
    GetEventVariable({U 1}),{V pattern}),{Variable X}, \
    {Variable retVal},GetEventVariableList(), \
    Prog2(Assign({V retVal},SetEventVariable({V retVal},{V counter},{Variable X})), \ Assign({V counter},Add({V counter},{U 1}))))), \
    CreateEventWithVariables({C CURRENT_MODEL},{H 0x67700383}, GetEventVariableList()))))"

     

    Event 0x67700338 looks like this:

    A "loadbalancerSystemAlert" event has occurred, from Host_Device device, named loadbalancer1.testdomain.net.

    This is a generic system alert

    loadbalancerSystemAlertInfoDesc = [accounts-api-server-pool-8080-tcp: reason: VIP-EVENTS-MEDIUM] At 2018-10-10 13:24:20+00:00 event POOL_DOWN occurred on object accounts-api-server-pool-8080-tcp in tenant API-TN as Pool is DOWN.

     

    I have followed documentation and this discussion, but no luck. Event 0x67700338 keeps coming but parsed event do not appear. 

     

    I have suspected that my regexp not working, but it seems to be OK, I have checked it like this:

    [spectrum@spectrum-server ~]$ cat test_test.txt
    loadbalancerSystemAlertInfoDesc = [accounts-api-server-pool-8080-tcp: reason: VIP-EVENTS-MEDIUM] At 2018-10-10 13:24:20+00:00 event POOL_DOWN occurred on object accounts-api-server-pool-8080-tcp in tenant API-TN as Pool is DOWN.
    [spectrum@spectrum-server ~]$
    [spectrum@spectrum-server ~]$ cat test_test.txt | grep -oP "(?<=reason: )(.*)(?=] At)|(?<=event )(.*)(?= occurred)|(?<=object )(.*)(?= in)|(?<=tenant )(.*)(?= as)|(?<= as )(.*)"
    VIP-EVENTS-MEDIUM
    POOL_DOWN
    accounts-api-server-pool-8080-tcp
    API-TN
    Pool is DOWN.

     

    Another question, do I have to configure varbinds on new event 0x67700383 in advance?