4 Replies Latest reply on Jan 10, 2020 8:16 AM by Eslam Farrag

    MRL for SNMP Integration

    Eslam Farrag
      Share This:

      Hi All,

       

      Currently I'm writing a refine MRL rule to map SNMP events in BTOM, I'm getting an error when trying to compile the cell. Please suggest where it can be modified. Note:  (
      snmp_vals,2) is an integer

       

      refine TEST integration:

         SNMP_TRAP($EV)

      where [($EV.status != CLOSED)]

      {

      $EV.msg = listgetelt($EV.snmp_vals,3);

      $EV.mc_host = $EV.snmp_source_addr;

      $EV.mc_object_owner = AdFalcon;

      $EV.mc_host_id  = listgetelt($EV.snmp_vals,2);

       

       

      }

       

      END

       

       

      new autoclose alarms :

      SNMP_TRAP($NEW) where [$NEW.status != CLOSED AND $NEW.severity >= INFO]

      using ALL

      {

      SNMP_TRAP($OLD)

      where

      [

      $OLD.status != CLOSED AND

      $OLD.severity > INFO AND

      $OLD.mc_host == $NEW.mc_host AND

      $NEW.mc_host_id == incr($OLD.mc_host_id)

       

      ]

      }

      triggers

      {

      $OLD.status = CLOSED;

      $NEW.status = CLOSED;

      }

      END

       

      The below error is given

       

      Error in file AdFalcon_mapping.mrl, line 13 column 26

      BMC_TS-IMC120184E: type error in expression

      BMC_TS-IMC120017E: Number of error(s): 1

      BMC_TS-IMC120015E: Total number of error(s): 1

      BMC_TS-IMC120012F: Compilation failed

       

      Thanks

        • 1. Re: MRL for SNMP Integration
          Roland Pocek

          hi Eslam Farrag

           

          I think you wont need the "(" ")" in the where clause and what I did was to assign the listgetelt to a variable and then assign the variable to a slot in the event

           

          $message = listgetelt($EV.snmp_vals,3);

          $EV.msg = $message;

           

          mc_host_id is defined as INTEGER, so that should be fine if you try to assign also an integer value

           

          #---------------------------------------------------------------------
          #  Core classes
          #---------------------------------------------------------------------

          MC_EV_CLASS :
             CORE_EVENT
             DEFINES {
                mc_host_id : INTEGER, hidden = yes;

           

          cheers

          rop

          • 2. Re: MRL for SNMP Integration
            Kaushik KM

            Eslam Farrag,

             

            made small changes, Please try below.

             

             

            refine TEST_integration : SNMP_TRAP($EV)

            where [($EV.status != CLOSED)]

            {

            $EV.msg = listgetelt($EV.snmp_vals,3);

            $EV.mc_host = $EV.snmp_source_addr;

            $EV.mc_object_owner = "AdFalcon";

            $EV.mc_host_id = stringtoint(listgetelt($EV.snmp_vals,2));

            }

            END

             

             

            new autoclose_alarms : SNMP_TRAP($NEW)

            where [$NEW.status != CLOSED AND $NEW.severity >= INFO]

            using ALL

            {

            SNMP_TRAP($OLD)

            where[

            $OLD.status != CLOSED AND

            $OLD.severity > INFO AND

            $OLD.mc_host == $NEW.mc_host AND

            $NEW.mc_host_id == incr($OLD.mc_host_id)

            ]

            }

            triggers

            {

            $OLD.status = CLOSED;

            $NEW.status = CLOSED;

            }

            END

             

             

            1)Your class selection is very generic(SNMP_TRAP), may be you tried for testing, but when you do this, if you integrate other snmp tools you will have issues in mapping.

            2)What exactly are you trying to do in new rule ? how is closing both old and new event going to help ?

             

            Thanks,

            Kaushik KM

            2 of 2 people found this helpful
            • 3. Re: MRL for SNMP Integration
              Eslam Farrag

              Thanks for your reply.

              I have compiled the cell the successfully, all attributes took effect except the auto closure part. what i need to do here is, the next alarm that comes with mc_host_id +1 to auto close the OLD.mc_host_id.

              • 4. Re: MRL for SNMP Integration
                Kaushik KM

                Hi Eslam Farrag

                 

                Please replace your new rule with below and give a try, please note that i have not tested.

                 

                 

                new autoclose_alarms : SNMP_TRAP($NEW)

                where [$NEW.status != CLOSED AND $NEW.severity >= INFO]

                using ALL

                {

                SNMP_TRAP($OLD) where[ $OLD.status != 'CLOSED' AND $OLD.severity > 'INFO' AND $OLD.mc_host == $NEW.mc_host ]

                }

                triggers {

                if ($NEW.mc_host_id == ($OLD.mc_host_id + 1)) then { $OLD.status = CLOSED; }

                }

                END

                 

                 

                Thanks,

                Kaushik KM