DX NetOps

 View Only
Expand all | Collapse all

how to parse a massive message -received into DX NetOps Spectrum- from Rsyslog-DX NetOps Spectrum integration contained only into one OID=Varbind.

  • 1.  how to parse a massive message -received into DX NetOps Spectrum- from Rsyslog-DX NetOps Spectrum integration contained only into one OID=Varbind.

    Posted 28 days ago
      |   view attached
    Hello!
     
    Today, I'll share with you how to parse a massive message -received into DX NetOps Spectrum- from Rsyslog-DX NetOps Spectrum integration contained only into one OID=Varbind.
     
    Well, the challenge is big but not bigger than our enthusiasm and ability.
     
    So, let's put hands on!
     
    First, let's check the message received:
     
     TS:2020-01-01T00:00:00.432123-06:00SFP=21:1 Src: 192.168.15.4 Tag= Msg: 2020-01-01 00:00:00Z 10.71.40.100 #016#016#010! FAULT WARNING 2020-01-01 00:00:00-06:00#016#010 ALARM NAME :The fiber is damaged or the OLT cannot receive #016#010 expected optical signals from the ONT(LOSi/LOBi)#016#0120 PARAMETERS :FrameID: 0, SlotID: 3, PortID: 14, ONT ID: 56, Equipment ID: #016#010 IH9356I
     
    In this point, we need analize the information and make a decision about what data is useful for us.
     
    Well, in this case we'll consider useful the next data for us:
     
    Src: 192.168.15.4 <representing the IP Address of the OLT>
     
    ALARM NAME :The fiber is damaged or the OLT cannot receive #016#010 expected optical signals from the ONT(LOSi/LOBi)#016#0120 <representing the alarm name by itself>
     
    PortID: 14, ONT ID: 56, Equipment ID: #016#010 IH9356I <representing the source HW of the alarm>
     
    So, once time that we have selected the data that it'll be useful for our monitoring we must insert the next code into the file EventDisp located in the path $SPECTRUM/custom/Events:
     
    0x116002f R CA.EventCondition, "(regexp({v 17}, {S \"Msg:\"}))" , "0xfff065a0 -:-"
     
    0xfff065a0 P "SetVariable({V pattern},{S \"TS.*SFP.*Src: (.*) Tag(.*)Msg:(.*)ALARM NAME :(.*)PARAMETERS :FrameID: (.*), SlotID: (.*), PortID: (.*), ONT ID: (.*), Equipment ID: (.*)\"},SetVariable({V counter},{U 0},If(Regexp(GetEventVariable({U 17}),{V pattern}),CreateEventWithVariables({C CURRENT_MODEL},{H 0xfff065a1},ForEach(GetRegexpList(GetEventVariable({U 17}),{V pattern}),{Variable X},{Variable retVal},GetEventVariableList(),Prog2(Assign({V retVal},SetEventVariable({V retVal},{V counter},{Variable X})),Assign({V counter},Add({V counter},{U 1}))))))))"
     
    0xfff065a2 E 0 A 3,0xfff065a2,U
     
    0xfff065a1 P "CreateEventWithVariables({C CURRENT_MODEL},{H 0xfff065a2},SetEventVariable(GetEventVariableList(), {H 0x12b4c},Append(Append(Append(Append(Append(Append(Append(Append(GetEventVariable({U 1}),{S\" - ONT_ID: \"}),GetEventVariable({U 8})),{S\" - Port_ID: \"}),GetEventVariable({U 7})),{S\" - Equipment_ID: \"}),GetEventVariable({U 9})),{S\" - ALARM_NAME: \"}),GetEventVariable({U 4}))))"
     
    NOTE: Is not necessary to map the Trap Type and its OID because this information is already mapped by default into the file $SPECTRUM/SS/CsVendor/Ctron_Gen_HOST/AlertMap
     
    # syslogtrap                                      syslogMsg
     
    1.3.6.1.4.1.19406.1.2.6.1 0x01169fcb 1.3.6.1.4.1.19406.1.1.2.1(17,0)
     
    You can use a Trap **** like trapgen tool to test the past configurations:
     
    ./trapgen -d 192.168.20.3:162 -c public -o 1.3.6.1.4.1.19406.1.2 -g 6 -s 1 -i 192.168.15.4 -v 1.3.6.1.4.1.19406.1.1.2.1 STRING " TS:2020-01-01T00:00:00.432123-06:00SFP=21:1 Src: 192.168.15.4 Tag= Msg: 2020-01-01 00:00:00Z 10.71.40.100 #016#016#010! FAULT WARNING 2020-01-01 00:00:00-06:00#016#010 ALARM NAME :The fiber is damaged or the OLT cannot receive #016#010 expected optical signals from the ONT(LOSi/LOBi)#016#0120 PARAMETERS :FrameID: 0, SlotID: 3, PortID: 14, ONT ID: 56, Equipment ID: #016#010 IH9356I"
     
    Best regards from México.


  • 2.  RE: how to parse a massive message -received into DX NetOps Spectrum- from Rsyslog-DX NetOps Spectrum integration contained only into one OID=Varbind.

    Posted 28 days ago

    Excellent example!



    ------------------------------
    Cătălin Fărcășanu
    Senior Consultant
    SolvIT Networks
    ------------------------------