DX Operational Intelligence

Expand all | Collapse all

CA SOI: Create CI fromTrap SNMP

Jump to Best Answer
  • 1.  CA SOI: Create CI fromTrap SNMP

    Posted 08-18-2018 02:22 PM

    Hi everyone.

    We try to create a CI and Alerts using the next policy.xml:

     

    <Catalog version="1.0" globalextends="GLOBAL!" >

    <!-- ======Event Class====== -->
    <EventClass name="Item" >
    <Classify>
    <Field input="snmp_enterprise" pattern="^1\.3\.6\.1\.4\.1\.2000$" output="eventtype" outval="BLUEMIXCI" />
    </Classify>
    <Write>
    <Field type="file" name="outfile" properties="*" />
    <Field type="publishcache" properties="*" />
    </Write>
    </EventClass>

    <!-- ======Event Class to Create the CIs====== -->
    <!-- This is an example of an event class for CIs only. -->

    <EventClass name="BLUEMIXCI" extends="Item">
    <Parse>
    <Field input="snmp_varbindvals" output="temp_proyecto,temp_infraestructura,temp_plataforma,temp_componente,temp_servicio,temp_nombre,temp_detalle,temp_severidad,temp_plan_accion,temp_opcional01,temp_opcional02" pattern="^(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?)$" />
    </Parse>

    <Format>
    <Field output="ClassName" format="SoftwareComponent" input="" />
    <Field output="InstanceName" format="SC:{0}:{1}:{2}:{3}:{4}" input="temp_infraestructura,te{0}mp_plataforma,temp_proyecto,temp_componente,temp_servicio" />
    <Field output="Label" format="{0}" input="temp_servicio" />
    <Field output="ComponentName" format="SC:{0}:{1}:{2}:{3}:{4}" input="temp_infraestructura,temp_plataforma,temp_proyecto,temp_componente,temp_servicio" />

    <Field output="MdrElementID" format="BCI:{0}:{1}:{2}:{3}:{4}" input="temp_infraestructura,temp_plataforma,temp_proyecto,temp_componente,temp_servicio" />
    <Field output="ProductName" format="{0}" input="temp_infraestructura" />
    <Field output="TypeName" format="SoftwareComponent" input="" />

    <Field output="Description" format="CI Created via SNMP Connector" input="" />
    <Field output="MdrProduct" format="CA:00036" input="" />
    <Field output="MdrProdInstance" format="{0}" input="{fqdn(localhost)}" />
    </Format>
    </EventClass>

    <!-- ======Event Class====== -->
    <EventClass name="Alert" >
    <Classify>
    <Field input="snmp_enterprise" pattern="^1\.3\.6\.1\.4\.1\.2000$" output="eventtype" outval="BLUEMIX_Alerts" />
    </Classify>
    <!--
    <Write>
    <Field type="file" name="outfile" properties="*" />
    <Field type="publishcache" properties="*" />
    </Write>
    -->
    </EventClass>
    <!-- ======Event Class to Create the Alerts====== -->

    <!-- BLUEMIX -->

    <EventClass name="BLUEMIX_Alerts" extends="Alert">
    <Parse>
    <Field input="snmp_varbindvals" output="temp_proyecto,temp_infraestructura,temp_plataforma,temp_componente,temp_servicio,temp_nombre,temp_detalle,temp_severidad,temp_plan_accion,temp_opcional01,temp_opcional02" pattern="^(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?),(.*?)$" />
    </Parse>

    <Normalize>
    <Field input="temp_severidad" type="map" output="severity" >
    <mapentry mapin="^[Ee]rror$" mapout="Major" />
    <mapentry mapin="^[Ww]arning$" mapout="Major" />
    <mapentry mapin="^[Cc]ritical$" mapout="Critical"/>
    </Field>
    </Normalize>

    <Format>
    <Field conditional="severity" output="Severity" format="{0}" input="severity" />
    <Field output="MdrProduct" format="CA:00036" input="" />
    <Field output="MdrProdInstance" format="{0}" input="{fqdn(localhost)}" />
    <Field output="AlertedMdrProduct" format="CA:00036" input="" />
    <Field output="AlertedMdrProdInstance" format="{0}" input="{fqdn(localhost)}" />
    <Field output="OccurrenceTimestamp" format="{0}" input="{xsdateTime(now)}"/>
    <Field output="ReportTimestamp" format="{0}" input="{xsdateTime(now)}" />
    <Field output="AlertType" format="Risk-Fault" input="" />

    <Field output="ClassName" format="Alert" input="" />
    <Field output="Summary" format="{0}:{1}" input="temp_severidad,temp_nombre"/>
    <Field output="Message" format="[{0}] {1}: {2}. Accion: {3}. {4}. {5}." input="temp_severidad,temp_nombre,temp_detalle,temp_plan_accion,temp_opcional01,temp_opcional02" />
    <Field output="AlertedMdrElementID" format="BCI:{0}:{1}:{2}:{3}:{4}" input="temp_infraestructura,temp_plataforma,temp_proyecto,temp_componente,temp_servicio" />
    <Field output="MdrElementID" format="ALERT:{0}:{1}:{2}:{3}" input="temp_infraestructura,temp_plataforma,temp_nombre,temp_detalle" />
    </Format>
    </EventClass>

    <EventClass name="USM-Entity" >

    </EventClass>

    </Catalog>

     

    The alert is created. But not the CI and we have the next error:

    InvalidCIs - CI Staging create failed. Invalid class name - null

     

    Can you tell what the error is?



  • 2.  Re: CA SOI: Create CI fromTrap SNMP
    Best Answer

    Posted 09-03-2018 06:25 AM

    Hi Martin,

    one problem I see in the policy: you are missing a property from the following list.

    At least one of them must be set:

    • DeviceSysName
    • DeviceDnsName
    • DeviceBiosSystemID
    • DeviceAssetNumber
    • DevicePhysSerialNumber
    • DeviceIPV6AddressWithDomain
    • DeviceIPV4AddressWithDomain
    • DeviceIPV6Address
    • DeviceIPV4Address
    • DeviceMacAddress

     

    SoftwareComponent is supposed to run on a device, and thus the system requires these details.

    That does not mean that this device must exist as a separate CI, but without the information the SoftwareComponent CI will not be created.

    There might be more issues in the policy, but first fix this and then let us know, if your problem is solved.

     

    And just for information:

    You cannot set the Label via a normal Format statement.  You have to use a special way (Format2) to set the Label.  Let me know if you need more details for that.

     

    MichaelBoehm



  • 3.  Re: CA SOI: Create CI fromTrap SNMP

    Posted 09-06-2018 10:18 AM

    Hello Michael,
    Thanks for the info.
    Yes, you can send me information about Format2.



  • 4.  Re: CA SOI: Create CI fromTrap SNMP

    Posted 09-06-2018 10:45 AM

    Hi Martin,

    Format2 works in the same way as Format.  But it is processed following the global policy has set the Label per internal rules. E.g. Format2 will overwrite the internal setting.

    I normally set the label in two steps, to be more flexible.

    In the CI-class (in which you want to set  the label), add a block (following the Format block)

    <Format2>

       <Field output="temp_label" format="{0}" input="temp_servicio" />

    </Format2>

    to set the value of a temp_label attribute.

     

    In the <USM-Entity> class, add a Format block:

    <Format2>

       <Field conditional="temp_label" output="Label" format="{0}" input="temp_label" />

    </Format2>

     

    Using this two-step approach, you can set different labels in different classes, and finally ("conditional" to only do it when temp_label is set) assign the temp value to the Label.

     

    MichaelBoehm