Setting Severity on Events

Go to solution
Ganeshm1
Tera Guru

‎09-09-2024 03:41 AM

Hi All,

 

We are receiving events from MID SNMP Trap Listener. As expected only additional information value is populating for these events. 

Unfortunately we are not receiving any information regarding severity in additional information field and even the third part source team member are not able to modify anything in the payload. 

 

Can anyone help me how we can map severity to one static value and what are pros and cons of mapping to static value?

Regards,
Ganesh

Labels:
0 Helpfuls
  • 1,020 Views
1 ACCEPTED SOLUTION

Go to solution
Aneesh-D
Tera Guru
Tera Guru

‎09-10-2024 07:29 PM

Dear @Ganeshm1 - In a standard SNMP trap implementation, the agent usually sends the type/category of notification. The notification type can be used to determine the severity of the issue.

 

Eg: ServiceDownNotification, InterfaceDownNotification, LoginFailureNotification.

To give you a real world sample: look at the below notification types from BIGIP F5 load balancer:

AneeshD_0-1726021731642.png

 

So try to understand the vendor SNMP implementation and you can use that as a way to determine and set the severity.

 

Please let me know if you need further assistance. Or mark the answer as helpful.

 

thanks,

Aneesh D

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
marcguegueniat
Kilo Sage

‎09-10-2024 07:10 AM

Hello,

You will have to write your logic into your event(s) rule(s) and/or Event field mapping.

With Event field mapping you can generate a field based on another.

For instance, you could build the severity field out of a temperature field.

Event Rules will help you with the Transform and compose or Threshold options.

If you want to test with a static value, you can just hardcode severity in Transform and compose.

Having a static value seems limited, however it really depends on what is sent you and the use case behind.

Usefull docs: 

Event rules 

Event Field Mapping 

Regards,

0 Helpfuls

Go to solution
Aneesh-D
Tera Guru
Tera Guru

‎09-10-2024 07:29 PM

Dear @Ganeshm1 - In a standard SNMP trap implementation, the agent usually sends the type/category of notification. The notification type can be used to determine the severity of the issue.

 

Eg: ServiceDownNotification, InterfaceDownNotification, LoginFailureNotification.

To give you a real world sample: look at the below notification types from BIGIP F5 load balancer:

AneeshD_0-1726021731642.png

 

So try to understand the vendor SNMP implementation and you can use that as a way to determine and set the severity.

 

Please let me know if you need further assistance. Or mark the answer as helpful.

 

thanks,

Aneesh D

0 Helpfuls