TP-Link switches and the Event Console

Troubleshooting
1

Hello there,

I am using a handful of tp-link switches and configured them to send events to the CMK Event Console.
However, no matter what I try, the events are not being assigned to the actual host in the monitoring.

The official documentation states:

The host names used by your devices in messages are unfortunately not always consistent. As we have already seen, when sending notifications Checkmk attempts as far as possible to automatically assign the host names from events in active monitoring when assigning the event’s checks, and when displaying the events in the operation. At the same time upper and lower case use will be standardised, and the alias as well as the IP-address will be tested as host names.

I have tried everything, filling my host with alias and ip-address, but to no avail. The events are created without assignment and get more or less lost unless there are so many events that the event rule creation limit of 1000 events hit.

I would have entered the FQDN/FQHN inside the tp-link devices webinterface, but since they are Consumer/SoHo devices, they don’t allow for domain names.

The thing is that I cannot create a hostname translation regex like (.*).domain.tld since I have different domains in use.

Maybe we have somebody who is also using TP-Link devices (at least there is an official snmp package for them now) in combination with the Event Console?

Help is greatly appreciated. Removing the names entirely and editing the hosts so that $HOSTNAME$ == IP-Address is not at all viable for me.

PS: The option Convert FQHNs has drop domain part, but where is: add domain part? Can we have this?

2

Ok, I am a little bit further in regards to the hostname translation regex. What was missing in the documentation handbook, was found in the help text of the setting:

You can add any number of expressions here which are executed succesively until the first match. Please specify a regular expression in the first field. This expression should at least contain one subexpression exclosed in brackets - for example vm_(.*)_prod. In the second field you specify the translated hostname and can refer to the first matched group with \1, the second with \2 and so on, for example \1.example.org.

So what I did was, I created 3 successive rules, for the 3 domains that I have inside the monitoring.

Like so:

(.*), \1.domain1.tld
(.*), \1.domain2.tld
(.*), \1.domain3.tld

So now, at least, the events are created and assigned to hostname called .domain1.tld I haven’t tried test events from other domains yet, but I guess since the hostname is not being sent by the device at a certain place where the Event Console expects it to be, it is left empty.

But why is the originating ip-address not being used? It is entered inside the WATO host information and it is displayed in the event.

Here are some redacted screenshots for you to better understand what I did so far:

image
image1133×313 24.6 KB

image
image831×149 12.4 KB

image
image831×695 50.4 KB

image
image883×582 32.2 KB

3

Just a quick follow-up, the regex that I put was a very bad idea. All hostnames have now been appended regardless if they were already an FQDN or not.

Still searching for a proper way to do this

4

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.