cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Topology type definition for the SNMP Trap

gautier_begin
Advisor
Hello,
 
I have an application which is sending SNMP traps to Dynatrace. Dynatrace integrates them using the SNMPTrap extension.
I'ld like to customize the monitored entity according the information of the SNMPtrap. Unfortunately, my rule is not applied and I don't know why.
Could you please help.
 
SNMPtrap as captured by Dynatrace:
{
  "event.type": "LOG",
  "content": "SNMP trap (SNMPv2-SMI::enterprises.2190) reported from src:10.195.198.83\n agent:10.195.198.83",
  "status": "NONE",
  "timestamp": "1712737774254",
  "loglevel": "NONE",
  "dt.ingest.warnings": "processing_prepare_input_error",
  "log.source": "snmptraps",
  "snmp.trap_oid": "SNMPv2-SMI::enterprises.2190",
  "snmpv2-smi::enterprises.2190.166.4000.1.2": "VTOM_EXPLOIT_PPD/UTILITAIRE_VTOM/test ERRE",
  "device.address": "10.195.198.83",
  "dt.entity.snmptraps:com_dynatrace_ext_snmp-traps": "CUSTOM_DEVICE-57583FB2E29A224C",
  "snmp.version": "1"
}
 
 
The topolgy type definition:
[
{
"schemaId": "builtin:monitoredentities.generic.type",
"schemaVersion": "1.0.77",
"scope": "environment",
"value": {
"enabled": true,
"name": "snmptraps:vtom",
"displayName": "VTOM SNMP Trap",
"createdBy": "gbegin",
"rules": [
{
"idPattern": "Job_{snmpv2-smi::enterprises.2190.166.4000.1.2}",
"instanceNamePattern": "VTOM Job {snmpv2-smi::enterprises.2190.166.4000.1.2}",
"iconPattern": null,
"sources": [
{
"sourceType": "Logs"
}
],
"requiredDimensions": [
{
"key": "snmp.trap_oid",
"valuePattern": "$eq(SNMPv2-SMI::enterprises.2190)"
},
{
"key": "log.source",
"valuePattern": "$eq(snmptraps)"
}
],
"attributes": [
{
"key": "dt.ip_addresses",
"displayName": "Device Address",
"pattern": "{device.address}"
},
{
"key": "vtom_job",
"displayName": "VTOM Job Name",
"pattern": "{snmpv2-smi::enterprises.2190.166.4000.1.2}"
}
],
"role": null
}
]
}
}
]
 
Regards
2 REPLIES 2

Mike_L
Dynatrace Guru
Dynatrace Guru

I don't see anything obviously wrong with the configuration. Please create a support ticket as I remember there being some issues of using :: in the past.

Mike

gautier_begin
Advisor

Hi,

I found it. 

I first created a Log processing rule:

In the field processor definition, the column name to be used is not the JSON field given by the log monitoring but the value sent by the trap. The difference is that in the JSON, the column name is always lower case. The data sent by the trap is a mix lower/upper case.

Rule name: [SNMPTrap] snmptraps:vtom:job

Matcher:     snmp.trap_oid = "VTOMASN1MODULE::absyss"

Processor definition:

USING(INOUT "VTOMASN1MODULE::absyss.166.4000.1.2")
| FIELDS_RENAME(snmp.vtom.job: COLUMN("VTOMASN1MODULE::absyss.166.4000.1.2"))

Log sample:

{
  "event.type": "LOG",
  "content": "SNMP trap (VTOMASN1MODULE::absyss) reported from src:10.195.198.83\n agent:10.195.198.83",
  "status": "NONE",
  "timestamp": "1713272276183",
  "loglevel": "NONE",
  "dt.ingest.warnings": "processing_prepare_input_error",
  "log.source": "snmptraps",
  "snmp.trap_oid": "VTOMASN1MODULE::absyss",
  "device.address": "10.195.198.83",
  "vtomasn1module::absyss.166.4000.1.2": "CACEIS_PPD/FDS/CHECK_COR_2 ERRE",
  "snmp.version": "1"
}

Rk: The Rule test is not working. It is not taking into account this lower case issue.

 

Then I create this topology rule:

[
{
"schemaId": "builtin:monitoredentities.generic.type",
"schemaVersion": "1.0.77",
"scope": "environment",
"value": {
"enabled": true,
"name": "vtom:snmptrap",
"displayName": "VTOM SNMP Trap",
"createdBy": "gbegin",
"rules": [
{
"idPattern": "job_{snmp.vtom.job}",
"instanceNamePattern": "VTOM Job {snmp.vtom.job}",
"iconPattern": null,
"sources": [
{
"sourceType": "Logs"
}
],
"requiredDimensions": [
{
"key": "snmp.trap_oid",
"valuePattern": "$eq(VTOMASN1MODULE::absyss)"
}
],
"attributes": [],
"role": null
}
]
}
}
]

 

Regards

 

Featured Posts