DX NetOps

Dear Team,

I have configured snmp based integration between Nagios --> Spectrum

Its working like below,

1. Traps coming from Nagios server
2. It has one attribute which gives severity information, so i have used it to map the severity in the spectrum
3. One of the attribute in the trap is having hostname of targeted nagios agent server which i am using as event model name to create event model in CA Spectrum.
4. Alert is getting mapped on correct event model name in the Spectrum.

I am also getting traps with "OK" [This is an attribute in trap] event and I want to clear that particular alert with same metric and hostname combination as it showing in OK trap.

Can anyone please help me to get it done? or any suggestion?

Regards

Ajit C

You can use Event Condition rule to check if generated event from the trap has the "OK" data and then raise a new event that clears the alarm.

If you can show me your AlertMap and EventDisp and which Event Variable (or trap variable binding OID) which contains that "OK" data, I can give you more concrete answer.  

Thanks Widjaja for your reply,

Alert Map entries

# nSvcEvent nHostname
1.3.6.1.4.1.20006.1.6.7 0xfff0009a 1.3.6.1.4.1.20006.1.3.1.2(1,2)\
# nHostStateID
1.3.6.1.4.1.20006.1.1.1.4(3,0)\
# nSvcDesc
1.3.6.1.4.1.20006.1.3.1.6(7,8)\
# nSvcStateID
1.3.6.1.4.1.20006.1.3.1.7(9,0)\
# nSvcAttempt
1.3.6.1.4.1.20006.1.3.1.8(100,0)\
# nSvcDurationSec
1.3.6.1.4.1.20006.1.3.1.9(101,0)\
# nSvcGroupName
1.3.6.1.4.1.20006.1.3.1.10(102,0)\
# nSvcLastCheck
1.3.6.1.4.1.20006.1.3.1.11(10,0)\
# nSvcLastChange
1.3.6.1.4.1.20006.1.3.1.12(11,0)\
# nSvcOutput
1.3.6.1.4.1.20006.1.3.1.17(12,0)

Event disp file

{d "%w- %d %m-, %Y - %T"} - A "nSvcEvent" event has occurred, from {t} device, named {m}.\u000d\u000a\u000d\u000aThe SNMP trap that is generated as a result of an event with the service\u000a    in Nagios.\u000d\u000a\u000anHostname = {S 1}\u000anSvcDesc = {S 7}\u000anSvcStateID = {T nSvcStateID 9}\u000anSvcOutput = {S 12}\u000anHostname.nHostEventIndex = {o 2}\u000anHostStateID = {T nHostStateID 3}\u000anSvcDesc.nSvcEventIndex = {o 5}\u000anSvcAttempt = {I 7}\u000anSvcDurationSec = {I 8}\u000anSvcGroupName = {S 9}\u000anSvcLastCheck = {I 10}\u000anSvcLastChange = {I 11}\u000d\u000a\u000d\u000a(event [{e}])\u000d\u000a

This is the trap variable which is giving severity details such as critical, warning or OK

nSvcStateID
1.3.6.1.4.1.20006.1.3.1.7(9,0)\

Regards

Ajit C

Thanks for the data. So nSvcStateID has Integer data type and the following possible value.

  0(=OK), 1(=WARNING), 2(=CRITICAL), 3(=UNKNOWN)

You can create Event Condition Event Rule on 0xfff0009a, so, for example, you have Condition Rule as the following.

1. If value of event variable 9 equals to 1 create event A. Configure event A to raise Major alarm 1.

2. If value of event variable 9 equals to 2 create event B. Configure event B to raise Critical alarm 2.

3. If value of event variable 9 equals to 3 create event C. Configure event C to raise Minor alarm 3.

4. If value of event variable 9 equals to 0 create event D. Configure event D to clear alarm 1, 2 or 3.

Here is screen capture how you can set the Condition in Event Condition Rule (for item 4 above) using Event Configuration Tool.

I hope this helps.