cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

How to use Event Fields in automatic reaction on R80.10?

Hello guys,

I am trying to setup some SNMP traps as automatic reactions on R80.10 SmartEvent. It doesn't seem to work the same way as it did in R77.30.

Fields like [Source] and [Destination] have an array of sub-fields which can be seen when using a script to print it: Destination: (countryname: United States; IP: 216.58.222.98; repetitions: 1).

Thus, when the host has a public IP address it returns only the countryname in the trap.

Also, the field [Origin] always returns the IP as "0", but I could really work with the second sub-field "hostname":

Origin: (IP: 0; hostname: SMS; repetitions: 1)

Is it possible to put these sub-fields in the trap using some variation of the notation [<field>]?

The alternative would be to create a script to filter the event output and send these traps, but I'd rather not have to install scripts every time I need to set these up.

3 Replies

Re: How to use Event Fields in automatic reaction on R80.10?

Hi Pedro,

did you ever get anywhere with this? I have the same requirement...

Thanks!

Luke

0 Kudos

Re: How to use Event Fields in automatic reaction on R80.10?

Hello Luke,

No, I never solved this. I am currently experimenting with a third party SIEM, but it would be great to make this work correctly with SmartEvent.

0 Kudos
Admin
Admin

Re: How to use Event Fields in automatic reaction on R80.10?

Kfir Dadosh‌ any thoughts on this one?

0 Kudos