Mask Varbinds by name of OID not parm number

Hello everyone!

I want to filter a tricky Alcatel-Nokia trap message that the criticality is inside a %parm[#]% .

I’ve tried to filter it out with the “Mask Varbind” feature but the variable doesn’t always come in a specific order. In some messages is the 4th ,in others 7th and goes on…

I also tried to use inside the the %parm[]% but it didn’t worked.

In addition, I tried the event translator feature but the added parameter always goes last, and the snmp trap messages aren’t always consisted of a certain number of %parms% . That’s why I can’t be sure what varbind number I am supposed to use to catch the severity inside the variable.

Is there any other way to extract the content of a certain %parm% and use it to filter the event with event labels with different Severities?

Also, there is another thread with a guy with a similar problem with mine over here →
https://opennms-discuss.narkive.com/Ae3UNIuR/event-config-how-to-parse-snmp-trap-variable-oid-for-severity

he said he patched the opennms but I don’t know how to code and do something like that.

Thank you in advance!

Sorry for my English I am not a native speaker…

I had a similar issue in past with Kyocera printers. The OIDs were every time changing.
In this case Kyocera wanted to make sure, no one else except them is able to translate them.
I never found a solution for that :confused:

I know the event translator documentation was updated recently. Not sure if you read the latest state and if that helps to understand what event translator can do or not.

If nothing works, Drools could be an option. Afaiu you can manipulate events with it. But I am absolutely not familiar with that.
Here is some example code.

One way or another you could add some example events here so others can get an idea what the problem is. But please use the code formatting.

I think they’ve changed the OpenNMS code, build it and run this custom version.

@agalue suggested to create an issue for that.
https://narkive.com/Ae3UNIuR.9
Have you searched for it? Maybe you have luck and you will find an issue created by this Daniel.
But the post is 8 years old… Who knows…

Thanks for your respond, if I have a solution I will post it here!

To make it clear here I have an example of some traps:

.1.3.6.1.6.3.18.1.4.0="oadadm" 
.1.3.6.1.4.1.637.69.6.1.1.1.26="45/9" 
.1.3.6.1.4.1.637.69.6.1.1.1.16="Check the receive PON fiber input at the OLT." 
.1.3.6.1.4.1.637.69.6.1.1.1.23="AMS" 
.1.3.6.1.4.1.637.69.6.1.1.1.9="PON Port:SiteName:R1.S1.LT8.PON15" 
.1.3.6.1.4.1.637.69.6.1.1.1.3="4" 
.1.3.6.1.4.1.637.69.6.1.1.1.1="74838163" 
.1.3.6.1.4.1.637.69.6.1.1.1.2="1" 
.1.3.6.1.4.1.637.69.6.1.1.1.14="1" 
.1.3.6.1.4.1.637.69.6.1.1.1.12="PON" 
.1.3.6.1.4.1.637.69.6.1.1.1.5="TimeStamp" 
.1.3.6.1.4.1.637.69.6.1.1.1.10="2" 
.1.3.6.1.4.1.637.69.6.1.1.1.11="Loss Of Signal" 
.1.3.6.1.4.1.637.69.6.1.1.1.30="SiteIp"

severity =.1.3.6.1.4.1.637.69.6.1.1.1.3=“4” is %parm[#6]

.1.3.6.1.6.3.18.1.4.0="oadadm" 
.1.3.6.1.4.1.637.69.6.1.1.1.26="38/25" 
.1.3.6.1.4.1.637.69.6.1.1.1.15="TPS-TC Mismatch" 
.1.3.6.1.4.1.637.69.6.1.1.1.16="Check the peer modem type or change the TPS-TC mode of the line." 
.1.3.6.1.4.1.637.69.6.1.1.1.23="AMS" 
.1.3.6.1.4.1.637.69.6.1.1.1.9="XDSL Port:SiteName:R1.S1.LT2.P22" 
.1.3.6.1.4.1.637.69.6.1.1.1.3="4" 
.1.3.6.1.4.1.637.69.6.1.1.1.1="74855310" 
.1.3.6.1.4.1.637.69.6.1.1.1.2="1" 
.1.3.6.1.4.1.637.69.6.1.1.1.14="1" 
.1.3.6.1.4.1.637.69.6.1.1.1.12="XDSL" 
.1.3.6.1.4.1.637.69.6.1.1.1.5="TimeStamp" 
.1.3.6.1.4.1.637.69.6.1.1.1.10="2" 
.1.3.6.1.4.1.637.69.6.1.1.1.11="Configuration Or Customization Error" 
.1.3.6.1.4.1.637.69.6.1.1.1.30="SiteIp"

severity =.1.3.6.1.4.1.637.69.6.1.1.1.3=“4” is %parm[#7]

I have some more traps that the severity is the 4th or 8th.