zabbix配置snmptrap告警自动恢复简单应用

一、配置snmptrap自动恢复前提

Snmptrap能够自动恢复的前提是有恢复状态推送,以及告警ID要一致,以下操作主要是标记告警ID,标记出snmptrap推送的告警和恢复是同一条告警数据




示例:

10:49:08 2025/06/27 ZBXTRAP 172.

PDU INFO:

community                      Ch

messageid                      0

notificationtype               TRAP

errorstatus                    0

requestid                      98567813

receivedfrom                   UDP: [172.30.]:31920->[172.30.]:162

version                        1

errorindex                     0

transactionid                  1058

VARBINDS:

DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (13365127) 1 day, 13:07:31.27

SNMPv2-MIB::snmpTrapOID.0      type=6  value=OID: SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.0.1

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.1.0 type=4  value=STRING: "501"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.2.0 type=4  value=STRING: "1"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.3.0 type=4  value=STRING: "2024-11-18 18:00:15"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.4.0 type=4  value=STRING: "fusioncompute"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.5.0 type=2  value=INTEGER: 5

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.6.0 type=4  value=STRING: "FusionCompute"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.7.0 type=4  value=STRING: "NE=66000000"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.8.0 type=4  value=STRING: "75"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.9.0 type=2  value=INTEGER: 151007030

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.10.0 type=2  value=INTEGER: 5

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.11.0 type=2  value=INTEGER: 2

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.12.0 type=2  value=INTEGER: 2

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.13.0 type=2  value=INTEGER: 2

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.14.0 type=4  value=""

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.15.0 type=4  value=""

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.16.0 type=4  value=""

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.27.0 type=4  value=STRING: "urn:sites:2D661162:vrms:2"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.28.0 type=4  value=STRING: "Remote Management Data Backup Is Not Configured for VRM"

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.29.0 type=4  value=STRING: "Neither the device nor NMS can automatically detect whether the alarm has been restored. Please manually clear the alarm after confirming that the issue has been resolved."

SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.30.0 type=4  value=""

基于上面的内容设置触发器:

{{ITEM.VALUE}.iregsub("SNMPv2-SMI::enterprises\.2011\.2\.15\.2\.4\.3\.3\.1\.0\s+type=4\s+value=STRING:\s+\"(\d+)\"",\1)}告警ID要和上一张图名称匹配上,而正则表达式就要匹配上告警的ID,也是就501,核心是

{{ITEM.VALUE}.iregsub("(\d+)",\1)},{ITEM.VALUE}代表监控项采集回来的值,iregsub正则过滤,””是匹配,\1是匹配第一个


效果:告警标题里面会多了一个告警ID:501,如果有了,就代表告警和恢复的告警ID标记成功,标记为同一条,就成功了


简单的示例:


{{ITEM.VALUE}.regsub("告警ID:(\d+),",\1)}



如果需要转换告警的内容还可以设置以下的内容,就基于原本snmptrap的内容转换翻译,因为oid太长而且不明确其意思,需要对oid专业,使用监控项的JavaScript进行转换


var lines = value.split('\n');

var result = [];


var fieldMappings = {

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.1.0": "告警ID",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.3.0": "告警时间",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.4.0": "告警设备名称",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.5.0": "产品系列标识",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.6.0": "产品类型名称",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.7.0": "产品唯一标识",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.11.0": "告警级别",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.14.0": "告警确认时间",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.16.0": "进行确认操作的操作员",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.27.0": "告警扩展信息",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.28.0": "告警发生原因",

"SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.29.0": "告警修复建议"

};


for (var i = 0; i < lines.length; i++) {

    var line = lines[i].trim();

    for (var key in fieldMappings) {

        if (line.startsWith(key)) {

            var valuePart = line.substring(line.indexOf("type="));

            result.push(fieldMappings[key] + ": " + valuePart);

            break;

        }

    }

}


return result.join('\n');

效果:


告警ID: type=4 value=STRING: "501"告警时间: type=4 value=STRING: "2024-11-18 18:00:15"告警设备名称: type=4 value=STRING: "fusioncompute"产品系列标识: type=2 value=INTEGER: 5产品类型名称: type=4 value=STRING: "FusionCompute"产品唯一标识: type=4 value=STRING: "NE=66000000"告警级别: type=2 value=INTEGER: 2告警确认时间: type=4 value=""进行确认操作的操作员: type=4 value=""告警扩展信息: type=4 value=STRING: "urn:sites:2D661162:vrms:2"告警发生原因: type=4 value=STRING: "Remote Management Data Backup Is Not Configured for VRM"告警修复建议: type=4 value=STRING: "Neither the device nor NMS can automatically detect whether the alarm has been restored. Please manually clear the alarm after confirming that the issue has been resolved."

然后触发器也要修改:

{{ITEM.VALUE}.iregsub("告警ID: type=4\s+value=STRING: \"(\d+)\"",\1)}


©著作权归作者所有,转载或内容合作请联系作者
【社区内容提示】社区部分内容疑似由AI辅助生成,浏览时请结合常识与多方信息审慎甄别。
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

相关阅读更多精彩内容

友情链接更多精彩内容