SnmpXmlParser

Wed May 27 04:16:50 EDT 2009

This handler will parse XML-based SNMP Trap/Inform format, placing each varbind in an Augur variable named by its numeric position. The first varbind is named "var1", the second is "var2" and so on. The following attributes will also be processed, and named accordingly:


agent, community, enterprise, generic, specific, ticks, duration

All attributes are defined by SNMP, except the "duration" attribute, which is added as a convenience. The duration represents the "ticks" attribute (hundredths of seconds since some element-specific reset) converted into a human-readable time duration, in the format:


  [days] [hours]:[minutes]:[seconds].[hundredths]

Below is an example trap, in the expected XML format. A blank line is appended after each trap for easier human viewing. (The first line is split here to avoid scrolling; the line is not split in live events.)


<trap:v1 agent="192.12.12.12" community="public" enterprise="1.3.6.1.1"
generic="2" specific="4" ticks="11100" duration="129 1:06:51.88">
  <varbind name="1.3.6.1.1.0" value="one thing" type="SNMPOctetString"/>
  <varbind name="1.3.6.1.1.1" value="987" type="SNMPInteger"/>
</trap:v1>

This handler would parse the above XML into the following values:

agent 192.12.12.12

community public

enterprise 1.3.6.1.1

generic 2

specific 4

ticks 11100

duration 129 1:06:51.88

var1 one thing

var2 987

agent	192.12.12.12
community	public
enterprise	1.3.6.1.1
generic	2
specific	4
ticks	11100
duration	129 1:06:51.88
var1	one thing
var2	987

Note that you can still use the rule trees to parse varbinds and attributes directly into named variables as you choose. This handler just provides a tool to auto-parse the varbinds into numbered variables, if you prefer to reference them that way.

Deployment

You should usually apply this handler on a rule tree or its nodes (rather than a gateway) since the rules will likely depend on access to the parsed variables, so it makes sense to keep them together.