zabbix配置snmptrap告警自动恢复简单应用

Snmptrap能够自动恢复的前提是有恢复状态推送,以及告警ID要一致,以下操作主要是标记告警ID,标记出snmptrap推送的告警和恢复是同一条告警数据

一、配置snmptrap自动恢复前提

Snmptrap能够自动恢复的前提是有恢复状态推送,以及告警ID要一致,以下操作主要是标记告警ID,标记出snmptrap推送的告警和恢复是同一条告警数据

WkcU6ljK6a0d7917126ee.pngVzCIXRik6a0d792e7ee19.pnggP513C2F6a0d794e5615f.pngKZp4zAVz6a0d7942d5f9e.png示例:

10:49:08 2025/06/27 ZBXTRAP 172.

PDU INFO:

  community Ch

  messageid 0

  notificationtype TRAP

  errorstatus 0

  requestid 98567813

  receivedfrom UDP: [172.30.]:31920->[172.30.]:162

  version 1

  errorindex 0

  transactionid 1058

VARBINDS:

  DISMAN-EVENT-MIB::sysUpTimeInstance type=67 value=Timeticks: (13365127) 1 day, 13:07:31.27

  SNMPv2-MIB::snmpTrapOID.0 type=6 value=OID: SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.0.1

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.1.0 type=4 value=STRING: "501"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.2.0 type=4 value=STRING: "1"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.3.0 type=4 value=STRING: "2024-11-18 18:00:15"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.4.0 type=4 value=STRING: "fusioncompute"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.5.0 type=2 value=INTEGER: 5

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.6.0 type=4 value=STRING: "FusionCompute"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.7.0 type=4 value=STRING: "NE=66000000"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.8.0 type=4 value=STRING: "75"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.9.0 type=2 value=INTEGER: 151007030

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.10.0 type=2 value=INTEGER: 5

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.11.0 type=2 value=INTEGER: 2

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.12.0 type=2 value=INTEGER: 2

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.13.0 type=2 value=INTEGER: 2

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.14.0 type=4 value=""

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.15.0 type=4 value=""

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.16.0 type=4 value=""

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.27.0 type=4 value=STRING: "urn:sites:2D661162:vrms:2"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.28.0 type=4 value=STRING: "Remote Management Data Backup Is Not Configured for VRM"

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.29.0 type=4 value=STRING: "Neither the device nor NMS can automatically detect whether the alarm has been restored. Please manually clear the alarm after confirming that the issue has been resolved."

  SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.30.0 type=4 value=""

基于上面的内容设置触发器:

vAZgba9f6a0d797857da5.png{{ITEM.VALUE}.iregsub("SNMPv2-SMI::enterprises\.2011\.2\.15\.2\.4\.3\.3\.1\.0\s+type=4\s+value=STRING:\s+\"(\d+)\"",\1)} 告警ID要和上一张图名称匹配上,而正则表达式就要匹配上告警的ID,也是就501,核心是

{{ITEM.VALUE}.iregsub("(\d+)",\1)} ,{ITEM.VALUE}代表监控项采集回来的值,iregsub正则过滤,””是匹配,\1是匹配第一个

7FMSGnp46a0d799c9e666.png效果:告警标题里面会多了一个 告警ID:501,如果有了,就代表告警和恢复的告警ID标记成功,标记为同一条,就成功了

RAtnDI626a0d79b96f333.png简单的示例:

pHZ5ozeC6a0d79d04a0e3.png{{ITEM.VALUE}.regsub("告警ID:(\d+),",\1)}

SL1LeGj76a0d7a07c8630.pngVjvhqd5l6a0d7a158f567.png如果需要转换告警的内容还可以设置以下的内容,就基于原本snmptrap的内容转换翻译,因为oid太长而且不明确其意思,需要对oid专业,使用监控项的JavaScript进行转换

t5p6aUnM6a0d7a29ca9d6.pngvar lines = value.split('\n');

var result = [];

var fieldMappings = {

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.1.0": "告警ID",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.3.0": "告警时间",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.4.0": "告警设备名称",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.5.0": "产品系列标识",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.6.0": "产品类型名称",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.7.0": "产品唯一标识",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.11.0": "告警级别",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.14.0": "告警确认时间",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.16.0": "进行确认操作的操作员",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.27.0": "告警扩展信息",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.28.0": "告警发生原因",

    "SNMPv2-SMI::enterprises.2011.2.15.2.4.3.3.29.0": "告警修复建议"

};

for (var i = 0; i < lines.length; i++) {

    var line = lines[i].trim();

    for (var key in fieldMappings) {

        if (line.startsWith(key)) {

            var valuePart = line.substring(line.indexOf("type="));

            result.push(fieldMappings[key] + ": " + valuePart);

            break;

        }

    }

}

return result.join('\n');

效果:TaqScObk6a0d7af9ecb18.png

告警ID: type=4 value=STRING: "501"

告警时间: type=4 value=STRING: "2024-11-18 18:00:15"

告警设备名称: type=4 value=STRING: "fusioncompute"

产品系列标识: type=2 value=INTEGER: 5

产品类型名称: type=4 value=STRING: "FusionCompute"

产品唯一标识: type=4 value=STRING: "NE=66000000"

告警级别: type=2 value=INTEGER: 2

告警确认时间: type=4 value=""

进行确认操作的操作员: type=4 value=""

告警扩展信息: type=4 value=STRING: "urn:sites:2D661162:vrms:2"

告警发生原因: type=4 value=STRING: "Remote Management Data Backup Is Not Configured for VRM"

告警修复建议: type=4 value=STRING: "Neither the device nor NMS can automatically detect whether the alarm has been restored. Please manually clear the alarm after confirming that the issue has been resolved."

然后触发器也要修改:

p5Qp68jc6a0d7ca559a8d.png{{ITEM.VALUE}.iregsub("告警ID: type=4\s+value=STRING: \"(\d+)\"",\1)}

YM3x75hs6a0d7cc38e318.pngIUNOG2te6a0d7cdb861d5.png

你可能感兴趣的文章

相关问题

0 条评论

请先 登录 后评论
王一哲
王一哲

6 篇文章

作家榜 »

  1. 乐维君 515 文章
  2. YOHOHO 14 文章
  3. 细雨闲花 13 文章
  4. 机灵小和尚 13 文章
  5. 我是一只小菜鸡 12 文章
  6. 。。。 9 文章
  7. 御前侍卫张五哥 9 文章
  8. 小黄人 8 文章