This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Pedro_Espindola
Advisor
‎2017-08-23 07:19 AM

How to use Event Fields in automatic reaction on R80.10?

Hello guys,

I am trying to setup some SNMP traps as automatic reactions on R80.10 SmartEvent. It doesn't seem to work the same way as it did in R77.30.

Fields like [Source] and [Destination] have an array of sub-fields which can be seen when using a script to print it: Destination: (countryname: United States; IP: 216.58.222.98; repetitions: 1).

Thus, when the host has a public IP address it returns only the countryname in the trap.

Also, the field [Origin] always returns the IP as "0", but I could really work with the second sub-field "hostname":

Origin: (IP: 0; hostname: SMS; repetitions: 1)

Is it possible to put these sub-fields in the trap using some variation of the notation [<field>]?

The alternative would be to create a script to filter the event output and send these traps, but I'd rather not have to install scripts every time I need to set these up.

3 Replies
Luke_Bourike
Explorer
‎2018-05-29 08:22 AM

Hi Pedro,

did you ever get anywhere with this? I have the same requirement...

Thanks!

Luke

0 Kudos
Pedro_Espindola
Advisor
‎2018-06-04 10:11 AM
In response to Luke_Bourike

Hello Luke,

No, I never solved this. I am currently experimenting with a third party SIEM, but it would be great to make this work correctly with SmartEvent.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-04 10:04 PM

Kfir Dadosh‌ any thoughts on this one?

0 Kudos