Alarms ReST api

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Event translation and Alarm generation

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

RRD stops recording

Hello,

I have the problem, that the rrd-data isn't anymore updated for a few nodes.

This is the last entry for the stopped node in collected.log:

2013-05-16 08:36:11,535 WARN  [CollectdScheduler-50 Pool-fiber9] 
CollectionResourceWrapper: getAttributeValue: can't find attribute 
called ifHighSpeed on node[3680].interfaceSnmp[DEFAULT_VLAN-0026f10f0b00]
2013-05-16 08:36:11,535 WARN  [CollectdScheduler-50 Pool-fiber9] 
ThresholdingSet: passedThresholdFilters: can't find value of ifHighSpeed 
for resource node[3680].interfaceSnmp[DEFAULT_VLAN-0026f10f0b00]

Twenty minutes later I get this event:
uei.opennms.org/provisioner/provisioningAdapterFailed

tcpdump tells me, that snmp-data will still be fetched from this node.

Load of the system is very low. In the past the system had checked more 
than 1000 nodes, which worked fine. Now I have for testing-purposes 20 
nodes on the system and the system still doesn't work.

Any suggestions?

Stefan

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Email Notifications for Alarms based on SNMP Traps

I am trying to setup OpenNMS to monitor VPN tunnels. 

My goaI is to have email notifications from OpenNMS alarm, triggered by a VPN tunnel-down trap, when a VPN
tunnel-up trap (that clears alarm state) has not arrived within 5 minutes.

Normally we use ICMP packets NAT'd over the tunnel for monitoring notification purposes, but are
constrained to doing this monitoring only with traps in this particular scenario.   

The hardware we are receiving traps from is a Fortinet 60B that has multiple IPSEC VPN tunnels configured to
connect to similarly configured Fortinet devices at remote locations.

So far, I have updated event definitions to properly identity the VPN traps (Slight modification to
existing OpenNMS Fortinet v3 Event xml to support the FortIOS v4 MIBs). I have included these below for
reference. 

Currently we can receive traps with OpenNMS and generate email notifications for those traps indicating
Up/Down. The VPN Up and VPN Down trap notifications contain appropriate varbinds to identify the
particular tunnel by its remote tunnel endpoint.

Our goal is to use Alarms so that we can correlate the Down/Up traps for a specific location using the tunnel
endpoint pararmeter in the Alarm reduction label.  We also want to suppress notifications for brief
tunnel flaps, or delay notification to see if the situation resolves itself.   

Reading the following posts, I am able to generate events, and generate notifications for those events,
and I now even have Alarms setup that seem to reflect the events.

We can't seem to figure out how to trigger notifications from the alarms, as the emails still arrive based on
the event state, not the alarm state. 

Specifically, I want an email when <alarm-data reduction-key="%parm[#3]%!%parm[#4]%!%nodeid%"> is
triggered, and would like to suppress/delay it when the clear-key is received.   

http://www.opennms.org/wiki/Configuring_alarms 
http://www.opennms.org/wiki/Creating_Threshold_Alarms 

Below is my event.xml for the Traps we are generating alarms for:

<event>
        <mask>
                <maskelement>
                        <mename>id</mename>
                        <mevalue>.1.3.6.1.4.1.12356.101.2</mevalue>
                </maskelement>
                <maskelement>
                        <mename>generic</mename>
                        <mevalue>6</mevalue>
                </maskelement>
                <maskelement>
                        <mename>specific</mename>
                        <mevalue>301</mevalue>
                </maskelement>
        </mask>
        <uei>uei.opennms.org/traps/fortinet/fnTrapVpnTunUp</uei>
        <event-label>FORTIOS-400-MIB defined trap event: fnTrapVpnTunUp</event-label>
        <descr>
&lt;p&gt;Indicates that the specified VPN tunnel has been brought up.&lt;/p&gt;&lt;table&gt;
        &lt;tr&gt;&lt;td&gt;&lt;b&gt;

        fnSysSerial&lt;/b&gt;&lt;/td&gt;&lt;td&gt;
        %parm[#1]%;&lt;/td&gt;&lt;td&gt;&lt;p&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;
        &lt;tr&gt;&lt;td&gt;&lt;b&gt;

        sysName&lt;/b&gt;&lt;/td&gt;&lt;td&gt;
        %parm[#2]%;&lt;/td&gt;&lt;td&gt;&lt;p&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;
        &lt;tr&gt;&lt;td&gt;&lt;b&gt;

        fnVpnTrapLocalGateway&lt;/b&gt;&lt;/td&gt;&lt;td&gt;
        %parm[#3]%;&lt;/td&gt;&lt;td&gt;&lt;p&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;
        &lt;tr&gt;&lt;td&gt;&lt;b&gt;

        fnVpnTrapRemoteGateway&lt;/b&gt;&lt;/td&gt;&lt;td&gt;
        %parm[#4]%;&lt;/td&gt;&lt;td&gt;&lt;p&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
        </descr>
                <logmsg dest='logndisplay'>&lt;p&gt;
                        fnTrapVpnTunUp trap received
                        fnSysSerial=%parm[#1]%
                        sysName=%parm[#2]%
                        fnVpnTrapLocalGateway=%parm[#3]%
                        fnVpnTrapRemoteGateway=%parm[#4]%&lt;/p&gt;
                </logmsg>
        <severity>Cleared</severity>
        <alarm-data reduction-key="%parm[#3]%:%parm[#4]%:%nodeid%"
clear-key="%parm[#3]%!%parm[#4]%!%nodeid%" alarm-type="2" auto-clean="false"/>

</event>
<event>
        <mask>
                <maskelement>
                        <mename>id</mename>
                        <mevalue>.1.3.6.1.4.1.12356.101.2</mevalue>
                </maskelement>
                <maskelement>
                        <mename>generic</mename>
                        <mevalue>6</mevalue>
                </maskelement>
                <maskelement>
                        <mename>specific</mename>
                        <mevalue>302</mevalue>
                </maskelement>
        </mask>
        <uei>uei.opennms.org/traps/fortinet/fnTrapVpnTunDown</uei>
        <event-label>FORTIOS-400-MIB defined trap event: fnTrapVpnTunDown</event-label>
        <descr>
&lt;p&gt;The specified VPN tunnel has been brought down.&lt;/p&gt;&lt;table&gt;
        &lt;tr&gt;&lt;td&gt;&lt;b&gt;

        fnSysSerial&lt;/b&gt;&lt;/td&gt;&lt;td&gt;
        %parm[#1]%;&lt;/td&gt;&lt;td&gt;&lt;p&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;
        &lt;tr&gt;&lt;td&gt;&lt;b&gt;

        sysName&lt;/b&gt;&lt;/td&gt;&lt;td&gt;
        %parm[#2]%;&lt;/td&gt;&lt;td&gt;&lt;p&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;
        &lt;tr&gt;&lt;td&gt;&lt;b&gt;

        fnVpnTrapLocalGateway&lt;/b&gt;&lt;/td&gt;&lt;td&gt;
        %parm[#3]%;&lt;/td&gt;&lt;td&gt;&lt;p&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;
        &lt;tr&gt;&lt;td&gt;&lt;b&gt;

        fnVpnTrapRemoteGateway&lt;/b&gt;&lt;/td&gt;&lt;td&gt;
        %parm[#4]%;&lt;/td&gt;&lt;td&gt;&lt;p&gt;&lt;/p&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
        </descr>
                <logmsg dest='logndisplay'>&lt;p&gt;
                        fnTrapVpnTunDown trap received
                        fnSysSerial=%parm[#1]%
                        sysName=%parm[#2]%
                        fnVpnTrapLocalGateway=%parm[#3]%
                        fnVpnTrapRemoteGateway=%parm[#4]%&lt;/p&gt;
                </logmsg>
        <severity>Major</severity>
        <alarm-data reduction-key="%parm[#3]%!%parm[#4]%!%nodeid%" alarm-type="1" auto-clean="false"/>

</event>

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

MIB conversion

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

hrSWRun

the first message seems to have vanished, so here
it is again:

Hi everybody!

I have a problem regarding the monitoring of a
specific process on a Windows box.

Since I have multiple instances of the same
service.exe, my approach is to monitor wether
given hrSWRunParameters, which are specific to a certain
instance, exist.

I keep getting messages of the following kind:

SERVICE-XY outage identified on interface 10.2.2.2 with reason code: Unexpected exception during SNMP
poll of interface 10.2.2.2.

Configuration files are

default-foreign-source.xml:
--------------------
 <detector class="org.opennms.netmgt.provision.detector.snmp.HostResourceSWRunDetector" name="SERVICE-XY">
            <parameter value=".1.3.6.1.2.1.25.4.2.1.5" key="serviceNameOid"/>
            <parameter value="~.*servicexy\.ini.*|.*SERVICEXY\.INI.*" key="serviceToDetect"/>
 </detector>
--------------------

poller-configuration.xml:
--------------------
<service name="SERVICE-XY" interval="300000" user-defined="false" status="on">
                        <parameter key="retry" value="1"/>
                        <parameter key="timeout" value="5000"/>
                        <parameter key="service-name-oid" value=".1.3.6.1.2.1.25.4.2.1.5"/>
                        <parameter key="service-name" value="~.*(servicexy\.ini|SERVICEXY\.INI).*"/>
</service>

<monitor service="SERVICE-XY"         class-name="org.opennms.netmgt.poller.monitors.HostResourceSwRunMonitor"/>
--------------------

- since parameters seem to be lower case or capital
I look for both.

I can't see any further log messages concerning
the above error message.

any help (also regarding wether this approach is
valid or not) appreciated!

best regards
 Joerg

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

hrSWRun problems II

I forgot,

versions are

CentOS 6.4 (Kernel 2.6.32-358.6.1.el6)

net-snmp-5.5-44.el6_4.1

OpenNMS 1.10.9

best regards
Joerg

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Are event descriptions available in notifications?

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

multiple threshold events

Hi list,

sometimes I get multiple threshold events for the same incident. All with the same timestamp:

216992 	Normal [+] [-] 	19.04.13 13:46:29 [<] [>] 	oaprt01.tclsg.local 	10.2.1.216 [+] [-] 	SNMP [+] [-]
uei.opennms.org/custom/mfp/konica/toner/tn319y/low [+] [-] Edit notifications for event
Threshold exceeded for SNMP datasource prtMSLevel on interface 10.2.1.216, parms: label="Toner
(Yellow)" ds="prtMSLevel" value="12" instance="1.3" trigger="1" rearm="80.0" threshold="30.0"

216991 	Normal [+] [-] 	19.04.13 13:46:29 [<] [>] 	oaprt01.tclsg.local 	10.2.1.216 [+] [-] 	SNMP [+] [-]
uei.opennms.org/custom/mfp/konica/toner/tn319y/low [+] [-] Edit notifications for event
Threshold exceeded for SNMP datasource prtMSLevel on interface 10.2.1.216, parms: label="Toner
(Yellow)" ds="prtMSLevel" value="12" instance="1.3" trigger="1" rearm="80.0" threshold="30.0"
	
216990 	Normal [+] [-] 	19.04.13 13:46:29 [<] [>] 	oaprt01.tclsg.local 	10.2.1.216 [+] [-] 	SNMP [+] [-]
uei.opennms.org/custom/mfp/konica/toner/tn319y/low [+] [-] Edit notifications for event
Threshold exceeded for SNMP datasource prtMSLevel on interface 10.2.1.216, parms: label="Toner
(Yellow)" ds="prtMSLevel" value="12" instance="1.3" trigger="1" rearm="80.0" threshold="30.0"

216989 	Normal [+] [-] 	19.04.13 13:46:29 [<] [>] 	oaprt01.tclsg.local 	10.2.1.216 [+] [-] 	SNMP [+] [-]
uei.opennms.org/custom/mfp/konica/toner/tn319y/low [+] [-] Edit notifications for event
Threshold exceeded for SNMP datasource prtMSLevel on interface 10.2.1.216, parms: label="Toner
(Yellow)" ds="prtMSLevel" value="12" instance="1.3" trigger="1" rearm="80.0" threshold="30.0"

But why? Any ideas?

This is my threshold config:

Threshd:
    <package name="KonicaBizhubC360">
        <filter>IPADDR != '0.0.0.0' &amp; catincBizhubC360</filter>
        <include-range begin="1.1.1.1" end="254.254.254.254"/>
        <service name="SNMP" interval="300000" user-defined="false" status="on">
            <parameter key="thresholding-group" value="KonicaBizhubC360"/>
        </service>
    </package>

Threshold:
<group name="KonicaBizhubC360" rrdRepository="/var/lib/opennms/rrd/snmp/">
        <threshold description="Toner Yellow" type="low"
            ds-type="prtMarkerSuppliesIndex" value="30.0" rearm="80.0"
            trigger="1" ds-label="prtMarkerSuppliesDescription"
            triggeredUEI="uei.opennms.org/custom/mfp/konica/toner/tn319y/low"
            rearmedUEI="uei.opennms.org/custom/mfp/konica/toner/tn319y/full"
            filterOperator="or" ds-name="prtMSLevel">
            <resource-filter field="prtMarkerSuppliesDescription">^Toner\s\(Yellow\)$</resource-filter>
        </threshold>
    </group>

Greetings

--
 Marcel

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Wrong graph scale

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

OpenNMS - calculate availability for all the interfaces

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss