Traps Processing Functions

NetObserv SNMP Trap introduces a new DSL Processor which is responsible for processing and enriching the incoming traps. The DSL Processor is a powerful tool designed to streamline and enhance your data processing workflows. It allows you to define and execute complex data transformations using a simple and intuitive domain-specific language (DSL). The collector leverages Benthos Bloblang as a DSL and includes additional SNMP-specific functions to enrich and transform the data from SNMP traps.

Features

  • Intuitive Syntax: Write clear and concise transformation rules.

  • High Performance: Optimized for speed and efficiency.

  • Flexibility: Easily adaptable to various data processing needs.

Custom Functions

The DSL processor supports the following custom functions:

snmp_display_string()

The snmp_display_string() transforms a raw OCTET STRING to a DisplayString value (per SNMPv2-TC). In the case of an error while processing the raw value, an empty string is returned.

Example

root.out.netapp.productSerialNum = this.trap.VarBinds.index(1).Value.snmp_display_string()

snmp_date_and_time()

The snmp_date_and_time() transforms a raw OCTET STRING to a DateAndTime value (per SNMPv2-TC). In the case of an error processing the raw value an empty string is returned.

Example

snmp_int_enum_enrich()

circle-exclamation

The snmp_int_enum_enrich() function transforms an integer to the enumerated string that it represents. Integer enumerations are located by default in /etc/elastiflow/snmp/enums/integer. Note that enum_enrich() is deprecated. While it still works, it will be removed in a future release.

Example

Syntax

Parameters

  • OID (string): The Object Identifier used as a key for the enumeration keys.

snmp_int_display_hint()

The snmp_int_display_hint() function transforms a raw integer-based value to a display-able string.

Example:

Syntax

Parameters

  • RFC2579-compatible integer-based display hint (string): The value of the DISPLAY-HINT specified for an integer-based MIB object. The display hint must be compatible with RFC 2579, section 3.1.

snmp_mac_address()

The snmp_mac_address() function transforms a raw OCTET STRING to a MacAddress value (per SNMPv2-TC). In the case of an error processing the raw value an empty string is returned.

Example

snmp_octet_string()

The snmp_octet_string() function transforms a raw OCTET STRING to a hex string, e.g. 0708090a0b0c. In the case of an error processing the raw value an empty string is returned.

Example

snmp_octet_display_hint()

The snmp_octet_display_hint() function transforms a raw value of type OCTET STRING to a display-able string.

Example:

Syntax

Parameters

  • RFC2579-compatible octet-format display hint (string): The value of the DISPLAY-HINT specified for an octet-format MIB object. The display hint must be compatible with RFC 2579, section 3.1.

snmp_oid_get_index()

The snmp_oid_get_index() function extracts the Index portion of a variable binding OID following a supplied prefix.

Example

Syntax

Parameters

  • OID (string): The Object Identifier used as a key for the enumeration keys.

snmp_oid_extract_index()

The snmp_oid_extract_index() function extracts the index values from a variable binding OID based on a comma-separated list of index types. The output is an array of index values.

Example

Syntax

Parameters

  • comma-separated list of Index value types (string): The list of index value types to extract from the OID index.

The following is a list of supported values. Note that these are the same index value types supported by the NetObserv SNMP Collector object definitions.

  • Integer

  • OctetString

  • ImplicitOctetString

  • ObjectIdentifier

  • ImplicitObjectIdentifier

  • Integer32

  • IpAddress

  • MacAddress

  • Unsigned32

  • Opaque

snmp_inet_address()

The snmp_inet_address() function transforms an InetAddress value (per INET-ADDRESS-MIB) into an IP address, IP address with Zone, or DNS name based on an Integer value of InetAddressType.

Example

Syntax

Parameters

  • InetAddressType (Integer): The value of InetAddressType which indicates the type of the InetAddress that is being transformed.

snmp_int_to_ipv4()

The snmp_int_to_ipv4() function transforms an Integer raw value into an IPv4 address string.

Example

Examples

Extract and transform index values from the OID of a variable binding

The following variable binding contains and instance of ospfLsdbType from OSPF-MIB.

First we extract the index portion of the variable bindings OID:

Which produces the following output:

Next we extract the individual components of the index, assigning them to a temporary variable that can be deleted later.

We can then assign the values from the array to fields in the output record. Note the use of snmp_int_enum_enrich() to also transform root.out.ospf.LsdbType to its enumerated string value.

The resulting output record is now:

Handling the various forms of IP addresses

SNMP has various ways of expressing IP addresses.

  • Originally SNMP only supported IPv4 addresses, the IpAddress type.

  • As an IPv4 address is 4 bytes in size, some vendors choose to use a 32-bit integer to express the four bytes.

  • To add support for IPv6 and other possible types, the INET-ADDRESS-MIB introduced InetAddress and InetAddressType, where the latter declares the type, and thus the necessary transformation, of the former. As a result these two value are commonly seen together.

Handling values of types InetAddress and InetAddressType

Let's look at this last use-case first. Consider the following variable bindings which contain an InetAddressType and an InetAddress.

Let's first assign the InetAddressType to a field.

We can then pass this InetAddressType value into snmp_inet_address() to transform the InetAddress variable binding's value.

The resulting record fields are:

Note that we could also use snmp_int_enum_enrich() to further transform MyInetAddressType, or we could drop the field if it is no longer needed after the transformation of MyInetAddress.

Handling IPv4 addresses expressed as a 32-bit integer

As mentioned above, an IPv4 address is 4 bytes in size, so some vendors will choose to use a 32-bit integer to express the four bytes of the address.

The snmp_int_to_ipv4() function allows the integer value to be easily transformed into an IPv4 address.

The resulting output is:

Last updated

Was this helpful?