Alerting from Traps - clean up the email message

Hello,

I am sending SNMP Traps on port 162 into my LibreNMS server, and I might not be grasping how to properly manage the trap information. My current rules grab the trap in the field

eventlog.type = “trap” AND eventlog.message LIKE ‘%12003%’

I have not found a better way to sort the trap based on the payload of said traip.

Here is a copy of my alert template:

{{ $alert->title }}
Severity: {{ $alert->severity }}
@if ($alert->state == 0) Time elapsed: {{ $alert->elapsed }} @endif
Timestamp: {{ $alert->timestamp }}
Unique-ID: {{ $alert->uid }}

@if ($alert->faults)
@foreach ($alert->faults as $key => $value)
@if ($loop->last) Current TRAP – {{ $value[‘message’] }} @endif
@endforeach
@endif

And here is a sample email response:

Alert for device 192.168.1.1 - Something Happened
Severity: warning
Timestamp: 2021-09-09 14:31:09
Unique-ID: 1234

    Current TRAP -- MY-MIB::infrElementStatusTrap

{"SNMPv2-MIB::sysUpTime.0":"20:4:27:13.21","MY-MIB::infrEventId.0":"20398","MY-MIB::infrEventTime.0":"20210909142834","MY-MIB::infrIPAddress.0":"192.168.1.1","MY-MIB::infrLocation.0":"1","My-MIB::infrElementType.0":"bsr","My-MIB::infrSeriousnessLevel.0":"yellow","My-MIB::infrAuxInfo.0":"12002","My-MIB::infrLocationType.0":"sbs","My-MIB::infrArea.0":"0","SNMPv2-SMI::snmpModules.18.1.3.0":"192.168.127.1","SNMPv2-SMI::snmpModules.18.1.4.0":"public","SNMPv2-MIB::snmpTrapEnterprise.0":"My-MIB::My-T"}

Questions:

  1. Is there a way in my Alert template that I can cleanup deeper, such as {{ $value[‘message.MIB::Location’] }} to isolate that field? Perhaps I could also perform a grep to sort for that field, or perhaps a sed / awk to pull out the piece of desired information?

  2. On my email, I have &quot but here in the HTML viewer, I am seeing “” marks. Is there a command inside the alert template that I can surpres those marks?

My goal is to make the email presentation nice and clean for a quick read.

Thanks,

Christian

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.