how to configure "clearing" an alarm based on severity value

[puneetsahi]

how to configure "clearing" an alarm based on severity value and also
for some reason only one alarm/trap is displayed at once.. even though there are multiple ongoing alarm..

[cdienger]

It sounds like you're trying to monitor SNMP traps. Is this correct?

If you have multiple traps coming they may be all pointed and directed to the same XI service. You can configure traps to go to their own XI service however. In the attached screenshot the trap would go to 'SNMP Trap Service X'. This is the name of the XI service that will get updates.

For 'clearing' alarms I think what you want is the is_volatile option. This option will generate an alert each time a Critical, Warning, or Unknown comes in:

https://assets.nagios.com/downloads/nag ... ios-XI.pdf

The "Is Volatile" option can be set with the wizard or under the 'Check Settings' tab of the service.

[puneetsahi]

Hi,

Unfortunately that didnt help us to clear alarm.. hence did 'match' option to clear alarm.

We have two more questions for you:

1. Our application triggers multiple alarms(at once, sometimes) as all these alarms comes under one OID(service type) we were able to see only one alarm/entry at once. So, how can i display multiple alarms under one service and all uncleared alarms to be displayed.

[1607431070] SERVICE NOTIFICATION: nagiosadmin;10.40.251.16;Passive Service;WARNING;xi_service_notification_handler; Alarm Received: Local connections for ESME1SNMP below threshold, at Tue, 08 Dec 2020 12:33:43 +0000
[1607431070] SERVICE ALERT: 10.40.251.16;Passive Service;WARNING;HARD;1; Alarm Received: Local connections for ESME1SNMP below threshold, at Tue, 08 Dec 2020 12:33:43 +0000
[1607431070] SERVICE NOTIFICATION: nagiosadmin;10.40.251.16;Passive Service;WARNING;xi_service_notification_handler; Alarm Received: Local connections for ESME-SG-APDEMO below threshold, at Tue, 08 Dec 2020 12:33:43 +0000
[1607431070] SERVICE ALERT: 10.40.251.16;Passive Service;WARNING;HARD;1; Alarm Received: Local connections for ESME-SG-APDEMO below threshold, at Tue, 08 Dec 2020 12:33:43 +0000

2. How can we correlate alarm based on variable value(alarm id).

[cdienger]

1. The service will display only the last event that came in so you will need to configure multiple trap definitions to forward to individual XI services.
2. Use the MATCH option when you define the trap. http://snmptt.sourceforge.net/docs/snmp ... CONF-MATCH. MATCH can be used under the Advanced section of the trap definition in XI. The snmptt logs under /var/log/snmptt/ can be useful in discovering what variables are sent with the trap.

[puneetsahi]

It looks like I didn't complete my statement in my previous post,

2. How can we correlate the already raised alarm and clear it based on variable value(alarm id). As checked, I have seen an option with "SEC - Simple Event Correlator", but this looks to be a third-party tool. Is there any other way to do it?

Also, do you have a paid realtime support(chat support or something similar), to quickly work on these queries and integrate with Nagios?

[puneetsahi]

Just wanted to followup on the below queries.

"It looks like I didn't complete my statement in my previous post,

2. How can we correlate the already raised alarm and clear it based on variable value(alarm id). As checked, I have seen an option with "SEC - Simple Event Correlator", but this looks to be a third-party tool. Is there any other way to do it?

Also, do you have a paid realtime support(chat support or something similar), to quickly work on these queries and integrate with Nagios?"

[cdienger]

You would need a second definition that would set the status to OK. To do it based of criteria in the trap the MATCH option would be needed.

We do offer phone support. Check out https://www.nagios.com/services/support-plans/ or email [email protected] for more info.

[puneetsahi]

Hi,

Using match we were able to clear the Alarm, but we wanted to clear the alarm based on trap id(alarm already generated and displayed). Can you please suggest?

As mentioned in the below logs, the trap should be cleared by matching two conditions clear value(5) & trap id(3525).
Note: Trap id is a unique/dynamic value that will be generated for every trap and for clearing also trap id will be sent by our application. So, Nagios should clear the trap based on trap id. can you please suggest how to configure this?

Trigger Alarm:

Fri Dec 18 05:30:01 2020 .1.3.6.1.4.1.161.2052.1.32.60 Minor "ESME Connection" UNKNOWN - Received trap "cmpAlarmRecord" with variables "enterprises.161.2052.1.44.1.1:0 enterprises.161.2052.1.44.1.2:3525 enterprises.161.2052.1.32.2:2 enterprises.161.2052.1.32.1:0 enterprises.161.2052.1.32.3:0 enterprises.161.2052.1.32.4:/esmeLink-3/esmeLocalConnectionLink-1 enterprises.161.2052.1.32.71:/esmeLink-3/esmeLocalConnectionLink-1 enterprises.161.2052.1.32.5:Fri, 18 Dec 2020 11:25:44 +0000 enterprises.161.2052.1.32.6:6 enterprises.161.2052.1.32.7:13631489 enterprises.161.2052.1.32.8:3 enterprises.161.2052.1.32.9:0 enterprises.161.2052.1.32.10: enterprises.161.2052.1.32.72: enterprises.161.2052.1.32.11:0 enterprises.161.2052.1.32.12: enterprises.161.2052.1.32.73: enterprises.161.2052.1.32.13: enterprises.161.2052.1.32.14:1 enterprises.161.2052.1.32.15: enterprises.161.2052.1.32.16: enterprises.161.2052.1.32.17:Fri, 18 Dec 2020 11:25:44 +0000 enterprises.161.2052.1.32.18:34 enterprises.161.2052.1.32.19:0 enterprises.161.2052.1.32.20:Local connections for ESMESNMP1 below threshold enterprises.161.2052.1.32.21:Process Name: ehcmr01, Server: ESMESNMP1, Physical Blade: 5, Logical Blade: 0. enterprises.161.2052.1.32.70:ESMESNMP1"

Clear Alarm:

Fri Dec 18 05:38:15 2020 .1.3.6.1.4.1.161.2052.1.32.60 Ok "ESME Connection" UNKNOWN - Received trap "cmpAlarmRecord" with variables "enterprises.161.2052.1.44.1.1:0 enterprises.161.2052.1.44.1.2:3525 enterprises.161.2052.1.32.2:2 enterprises.161.2052.1.32.1:0 enterprises.161.2052.1.32.3:0 enterprises.161.2052.1.32.4:/esmeLink-3/esmeLocalConnectionLink-1 enterprises.161.2052.1.32.71:/esmeLink-3/esmeLocalConnectionLink-1 enterprises.161.2052.1.32.5:Fri, 18 Dec 2020 11:33:58 +0000 enterprises.161.2052.1.32.6:6 enterprises.161.2052.1.32.7:13631489 enterprises.161.2052.1.32.8:5 enterprises.161.2052.1.32.9:0 enterprises.161.2052.1.32.10: enterprises.161.2052.1.32.72: enterprises.161.2052.1.32.11:0 enterprises.161.2052.1.32.12: enterprises.161.2052.1.32.73: enterprises.161.2052.1.32.13: enterprises.161.2052.1.32.14:1 enterprises.161.2052.1.32.15: enterprises.161.2052.1.32.16: enterprises.161.2052.1.32.17:Fri, 18 Dec 2020 11:33:58 +0000 enterprises.161.2052.1.32.18:34 enterprises.161.2052.1.32.19:0 enterprises.161.2052.1.32.20: enterprises.161.2052.1.32.21:Process Name: ehcmr01, Server: ESMESNMP1, Physical Blade: 5, Logical Blade: 0. enterprises.161.2052.1.32.70:ESMESNMP1"

[cdienger]

Create two SNMP trap definitions - one that sets the service to WARNING or critical and another one that sets the service to OK(clear). Each definition should have advanced of configuration so that it is only triggered when your conditions are matched. Both definitions will trigger the same XI service.

For the WARNING/CRITICAL:

Code: Select all

MATCH MODE=and
MATCH $2: 3525
MATCH $11: 3

For the OK(clear):

Code: Select all

MATCH MODE=and
MATCH $2: 3525
MATCH $11: 5

[puneetsahi]

As informed in my previous message, 3525 is not fixed value it's an trap I'd. Variable 2 will keep changing for every trap generated.
So we can't put a match statement for $2 with 3525.