DX NetOps

View Only

How to generate an SNMP trap that generates an alarm

MARUBUN SUPPORT posted Nov 18, 2024 03:36 AM

Hi Team,

[Product]

DX NetOps Spectrum

OS：RHEL7.2

[Question]

When the SS server receives an SNMP trap in Spectrum, the AlertMap and EventDisp are referenced and an alarm is generated according to the definitions in AlertMap and EventDisp, but conversely, is there a way to generate a list of SNMP traps that will generate alarms with a severity of "critical"?

If we go back to the configuration file,

1. Reference AlertMap to generate a list of traps that will generate events and a list of events associated with them.

2. Reference EventDisp to check the conditions for generating alarms for each event created in 1 and the severity of the alarms to be generated.

However, there are a huge number of registered events, and there are multiple AlertMap and EventDisp files, so it is not possible in terms of the amount of work.

I would appreciate it if you could let me know if there is a way to do this using some kind of tool.

If such a tool/method does not exist, please let me know.

Thanks,

Broadcom Employee Joseph Ackley posted Nov 18, 2024 08:13 AM

There is no single tool but you can do the following:

Launch Event Configuration
Display Event Code, Cause Code and Trap Event columns in the Navigation panel
Export
Open exported file in xcel
Filter on Cause Code and Trap Event columns
Display all but Blank in the Cause Code column
Display only TRUE in Trap Event Column
This should be all the trap events that generate an alarm
Copy all of the events to a text file in the $SPECROOT/SS/CsVendor directory. For example, Trap_Events.out
Create the following script: (named mine FindTrapEvents.sh)

#!/bin/sh
for i in `cat Trap_Events.out`
do
find . -name EventDisp -exec grep $i {} \; >> out
done

Set permissions to execute
Run the script
The out file will look similar to the following:

0x00d82b27 E 90 A 2,0x00d82b27
0x00d82b28 E 90 A 2,0x00d82b28
0x00d82b29 E 90 A 2,0x00d82b29
0x00d82b2a E 90 A 2,0x00d82b2a
0x00d82b2b E 60 A 1,0x00d82b2b,1
0x00d82b2c E 10 C 0x00d82b2b,1
0x00d82b2d E 60 A 1,0x00d82b2d
0x00d82b31 E 60 A 1,0x00d82b31
0x00d82b32 E 60 A 1,0x00d82b32
0x00d82b33 E 90 A 2,0x00d82b33

Anything with an "A" is an alarm. The number to the right of the A is the severity of the alarm. 1 = Minor, 2 = Major, 3 = Critical.

If there is a "C" that means that event clears an alarm.

Joe

Catalin Farcasanu posted Nov 18, 2024 08:50 AM

Try this. It would be a while to run it, but it should give you 2 files: trap_alarms.txt and event_alarms.txt. One is for alarms that are trap based, the other one for alarms that are event based.

If an alarm triggers an event logic, then this is not identified as trap alarm, is identified as event alarm.

---

for event in $(find $SPECROOT -type f -name EventDisp | xargs egrep " A " | gawk '{print $1}' | gawk -F":" '{print $2}'); do

id=$(echo $event | gawk -F"0x" '{print $2}');

alarm=$(find $SPECROOT/SG-Support -type f -name "Prob*${id}*" | xargs head -1);

if [[ ${alarm} != "" ]]; then

#alarm exists

alarm_severity=$(find $SPECROOT -type f -name EventDisp |xargs egrep $event |grep -v Install-Tools |grep A |gawk -F" A " '{print $2}' | gawk -F"," '{print $1}');

is_trap_alarm=$(find $SPECROOT -type f -name AlertMap |xargs egrep -w $event |grep -v Install-Tools |wc -l);

if [[ ${is_trap_alarm} -gt 0 ]]; then

case ${alarm_severity} in

severity="MINOR";;

severity="MAJOR";;

severity="CRITICAL";;

severity="4";;

severity="5";;

esac

echo -e "$event | $severity | $alarm" >> /tmp/trap_alarms.txt

else