-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcisco_wlc4.xml
109 lines (109 loc) · 6.66 KB
/
cisco_wlc4.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<eventFormatRecognizer><![CDATA[\tSNMPv2-MIB::snmpTrapOID\.0 = OID: SNMPv2-SMI::enterprises\.9\.9\.(?:513|515|598)\.]]></eventFormatRecognizer>
<parsingInstructions>
<collectFieldsByRegex src="$_rawmsg">
<regex><![CDATA[<_year:gPatYear>-<_mon:gPatMonNum>-<_day:gPatDay>\s+<_time:gPatTime>\s+.*SNMPv2-MIB::snmpTrapOID\.0 = OID: SNMPv2-SMI::enterprises\.9\.9\.<_oid:gPatInt>\.0.<_eventType:gPatInt>\t<_body:gPatMesgBody>]]></regex>
</collectFieldsByRegex>
<setEventAttribute attr="deviceTime">toDateTime($_mon, $_day, $_year, $_time)</setEventAttribute>
<setEventAttribute attr="eventType">Cisco-WLC-Generic</setEventAttribute>
<setEventAttribute attr="extEventRecvProto">Snmp Trap</setEventAttribute>
<choose>
<when test="$_oid = '513'">
<collectAndSetAttrByKeyValuePair sep="\t" src="$_body">
<attrKeyMap attr="_hostMACAddr" key="SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.1.0 = Hex-STRING: "/>
<attrKeyMap attr="_nepMACAddr" key="SNMPv2-SMI::enterprises.9.9.513.3.2.0 = Hex-STRING: "/>
<attrKeyMap attr="wlanSsid" key="SNMPv2-SMI::enterprises.9.9.513.3.4.0 = STRING: "/>
</collectAndSetAttrByKeyValuePair>
<choose>
<when test="$_eventType = '1'">
<setEventAttribute attr="eventType">Cisco-WLC-1-ApIfRegulatoryDomainMismatchNotif</setEventAttribute>
</when>
<when test="$_eventType = '2'">
<setEventAttribute attr="eventType">Cisco-WLC-2-ApCrash</setEventAttribute>
</when>
<when test="$_eventType = '3'">
<setEventAttribute attr="eventType">Cisco-WLC-3-ApUnsupported</setEventAttribute>
</when>
<when test="$_eventType = '4'">
<setEventAttribute attr="eventType">Cisco-WLC-4-ApAssociated</setEventAttribute>
<collectAndSetAttrByRegex src="$_body">
<regex><![CDATA[SNMPv2-SMI::enterprises\.9\.9\.513\.1\.1\.1\.1\.5\.[\d.]+ = STRING: "<nepDevName:gPatMesgBodyMin>"]]></regex>
</collectAndSetAttrByRegex>
</when>
<when test="$_eventType = '5'">
<setEventAttribute attr="eventType">Cisco-WLC-5-ApPower</setEventAttribute>
</when>
<when test="$_eventType = '6'">
<setEventAttribute attr="eventType">Cisco-WLC-6-ApRogueApDetected</setEventAttribute>
</when>
<when test="$_eventType = '7'">
<setEventAttribute attr="eventType">Cisco-WLC-7-ApRogueApCleared</setEventAttribute>
</when>
<when test="$_eventType = '8'">
<setEventAttribute attr="eventType">Cisco-WLC-8-ApWipsNotification</setEventAttribute>
</when>
<when test="$_eventType = '9'">
<setEventAttribute attr="eventType">Cisco-WLC-9-ApNoDownlinkChannelNotify</setEventAttribute>
</when>
<when test="$_eventType = '10'">
<setEventAttribute attr="eventType">Cisco-WLC-10-ApIfUpNotify</setEventAttribute>
</when>
<when test="$_eventType = '11'">
<setEventAttribute attr="eventType">Cisco-WLC-11-ApIfDownNotify</setEventAttribute>
</when>
<when test="$_eventType = '19'">
<setEventAttribute attr="eventType">Cisco-WLC-19-ciscoLwappApRogueDetected</setEventAttribute>
<collectAndSetAttrByKeyValuePair sep="\t" src="$_body">
<attrKeyMap attr="wlanSsid" key="SNMPv2-SMI::enterprises.9.9.513.3.4.0 = STRING: "/>
<attrKeyMap attr="wlanChannelId" key="SNMPv2-SMI::enterprises.9.9.513.3.13.0 = STRING: "/>
<attrKeyMap attr="_hostMACAddr" key="SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.1.0 = Hex-STRING: "/>
<attrKeyMap attr="_srcMACAddr" key="SNMPv2-SMI::enterprises.9.9.513.3.2.0 = Hex-STRING: "/>
</collectAndSetAttrByKeyValuePair>
</when>
</choose>
<when test="exist _nepMACAddr">
<setEventAttribute attr="nepMACAddr">normalizeMAC($_nepMACAddr)</setEventAttribute>
</when>
</when>
<when test="$_oid = '515'">
<collectAndSetAttrByKeyValuePair sep="\t" src="$_body">
<attrKeyMap attr="user" key="SNMPv2-SMI::enterprises.9.9.515.1.1.0 = STRING: "/>
</collectAndSetAttrByKeyValuePair>
<when test="$_eventType = '1'">
<setEventAttribute attr="eventType">Cisco-WLC-1-GuestUserRemoved</setEventAttribute>
</when>
</when>
<when test="$_oid = '598'">
<collectAndSetAttrByKeyValuePair sep="\t" src="$_body">
<attrKeyMap attr="serverIpAddr" key="SNMPv2-SMI::enterprises.9.9.598.1.2.1.1.3.183 = STRING: "/>
<attrKeyMap attr="_hostMACAddr" key="SNMPv2-SMI::enterprises.9.9.598.1.2.1.1.6.183 = Hex-STRING: "/>
<attrKeyMap attr="user" key="SNMPv2-SMI::enterprises.9.9.598.1.2.1.1.7.183 = STRING: "/>
</collectAndSetAttrByKeyValuePair>
<choose>
<when test="$_eventType = '1'">
<setEventAttribute attr="eventType">Cisco-WLC-1-ApIfRegulatoryDomainMismatchNotif</setEventAttribute>
</when>
<when test="$_eventType = '2'">
<setEventAttribute attr="eventType">Cisco-WLC-2-ServerGlobalActivated</setEventAttribute>
</when>
<when test="$_eventType = '3'">
<setEventAttribute attr="eventType">Cisco-WLC-3-ServerGlobalDeactivated</setEventAttribute>
</when>
<when test="$_eventType = '4'">
<setEventAttribute attr="eventType">Cisco-WLC-4-ServerWlanActivated</setEventAttribute>
</when>
<when test="$_eventType = '5'">
<setEventAttribute attr="eventType">Cisco-WLC-5-ServerWlanDeactivated</setEventAttribute>
</when>
<when test="$_eventType = '6'">
<setEventAttribute attr="eventType">Cisco-WLC-6-ReqTimedOut</setEventAttribute>
</when>
</choose>
</when>
</choose>
<when test="exist _hostMACAddr">
<setEventAttribute attr="hostMACAddr">normalizeMAC($_hostMACAddr)</setEventAttribute>
</when>
<when test="exist _srcMACAddr">
<setEventAttribute attr="srcMACAddr">normalizeMAC($_srcMACAddr)</setEventAttribute>
</when>
</parsingInstructions>