Build SNMP rules quickly…
Recently I have begun using the Netcool IDE to build and develop rules for probes. Specifically, the master of all probes, the “MTTrapd probe” and it has proven to be quite handy. Prior to using the Netcool IDE I had been using editors such as vi to edit rules. We at Orb Data get allot of customers who want to integrate existing devices into the wonderful world of Omnibus and one of the most popular methods for integration is via SNMP.
The Integration process usually goes as follows. The customer hands the MIB (for the device) over and I convert it using MIB Manager into basic rules that the MTtrapd probe can understand. It is shortly after this point that many customers interest in integration wanes, by handing over the MIBs they think job done. However, the rules produced by MIB Manager provide a starting point and not a finished article. To develop the rules further I need SNMP traps which I usually need the customer to generate.
A Common Problem
As both the customer and I usually have a hundred and one things to do we get on with the completion of the integration can get pushed to the side. The customer when he has free time is able to generate a few SNMP traps, he emails me and I check the event in the alerts.status table. I can see the trap has been interpreted by the rules however it is obvious that some of the fields require a bit of work. The customer and I usually get into a cycle of modify rules, generate trap and review event, this process can burn through quite a bit of time. Of course one way of speeding up the process would be not to rely on the customer to generate the traps required. Therefore I would need software that can capture a raw event and then replay the trap multiple times allowing me to fine tune the rules without customer involvement.
Thankfully the native Mttrapd rules are able to capture raw events by setting the RawCapture property to 1 in the mttrapd.props file. You should be warned that this approach is overkill as setting RawCapture to 1 in the mttrapd.props file will capture all events that arrive at the SNMP probe and could fill up valuable disk space. A more efficient way to capture the traps is to go to the rules file generated by the MIB manager and find the section of interest and insert the %RawCapture = 1 statement, this ensures that only the desired trap is captured in the mttrapd.cap file. The snippet of rules illustrates capturing SolarWinds (needed to capture SolarWinds traps only) traps in a Raw Capture file:
With the raw events captured in the mttrapd.cap file, a tool is now needed to replay the events. This is where Netcool IDE makes it’s grand entrance. Not only can the Netcool IDE replay the raw events by reading them from a .cap file but it can also connect to an ObjectServer and display the events. It has all the bells and whistles required to get to grips quickly with Netcool rules (syntax checker, regular expression builder, etc).
Enter Netcool IDE
On starting Netcool IDE you will need to open an existing set of rules. So you will need to have a copy of the customers Mttrapd rules to use.
Open the rules that require editing to display them in the Netcool IDE.
With the rules displayed you can connect the rules up to an existing ObjectServer to replay the captured events. To do this either click on the multicolored grid on the menu or go to Tools and select Process Raw Capture. Enter the details of your ObjectServer and click Connect.
Once a successful connection has been made, you get prompted for the location of the .cap file (so make sure you have a copy to hand). On clicking on the .cap file the traps are replayed and the events displayed in the Netcool IDE.
With the events displayed you can see with your own eyes how the rules have interpreted each field in alerts.status. It should be noted that the events replayed have not actually been inserted into the actual alerts.status table in the ObjectServer. So you can replay the events as many times as you want without making any inserts into the actual alerts.status table in the ObjectServer. You can now edit the rules as you want and then replay the events many times, this removes the requirement for customers to generate test alerts and will allow you to develop a sensible set of rules that meets all the customers requirements in a short time frame.
As a relative newcomer to using the Netcool IDE it has quickly become a mainstay of my Omnibus toolset proving a more than useful tool for integrating devices via SNMP quickly and efficiently. If you have not used it before I suggest you try it and you might be quietly surprised.