Enumeration
of keyword/value pairs
After
VMware Smart Assurance
NOTIF has determined the appropriate ECI for a raw event, but before
it starts processing, it will see if the values for the keyword/value
pairs should be translated based on enumeration tables. For example,
a keyword/value pair with OID = .1.3.1.6.2.9.4432.12
may have a table that permits incoming values to be translated. The
value 1 may mean
off
and the value 2 may mean on
. In general, if an object ID (OID) has a translation table, VMware Smart Assurance
NOTIF converts
the value supplied in the raw event to the translation value specified
by the table.In some situations, some devices may append additional
nodes to the OID. For example, a device appends an IP address to the
OID so that a given raw event might be .1.3.1.6.2.9.4432.12.192.168.1.234.
VMware Smart Assurance
NOTIF allows
you to flag an ECI as one which might have pairs that could use wildcard
enumeration lookups. What this means is that VMware Smart Assurance
NOTIF will
first see if there is an enumeration lookup table for .1.3.1.6.2.9.4432.12.192.168.1.234,
and if none is found and
wildcards are possible for the
ECI, then VMware Smart Assurance
NOTIF would look for enumeration mapping tables for .1.3.1.6.2.9.4432.12.192.168.1,
.1.3.1.6.2.9.4432.12.192.168, .1.3.1.6.2.9.4432.12.192, .1.3.1.6.2.9.4432.12,
and so on till a lookup table is found or the name runs out of dot
-separated values. This is a relatively computationally
intense process, so VMware Smart Assurance
NOTIF also permits the administrator to set a maximum number of
trailing nodes to check before giving up. In our example, where some
devices are known to append IP addresses, the administrator might
set the maximum number of trailing nodes to be four. To summarize
wildcard enumeration lookups:
- At the system level (in the configuration file) indicate the maximum number of nodes to drop in checking for enumeration tables.
- For specific ECIs that are used with raw events that might have OIDs that need wildcard lookups, set the ECI Use Enum Wildcard flag to true.Note this example is specific to SNMP, but any dot-separated keyword string will work in the same manner. A keyword/value pair may appear as Smarts.textSeverity = Critical and be processed by an enumeration of:Critical -> 1Major -> 2....The display name of enumerated values may be changed to make theVMware Smart AssuranceNOTIF Editor tree view more readable. For example, an enumerated value of .1.3.6.1.4.1.9.9.37.2.13 may not have much meaning to the reader, but typing a display name of Trap.Cisco.FRU.Status makes it easy to identify the actual use of the enumerated value.