Enumeration of keyword/value pairs

After NOTIF has determined the appropriate ECI for a raw event, but before it starts processing, it will see if the values for the keyword/value pairs should be translated based on enumeration tables. For example, a keyword/value pair with

OID = .1.3.1.6.2.9.4432.12 may have a table that permits incoming values to be translated. The value 1 may mean off and the value 2 may mean on. In general, if an object ID (OID) has a translation table, NOTIF converts the value supplied in the raw event to the translation value specified by the table.

In some situations, some devices may append additional nodes to the OID. For example, a device appends an IP address to the OID so that a given raw event might be .1.3.1.6.2.9.4432.12.192.168.1.234. NOTIF allows you to flag an ECI as one which might have pairs that could use wildcard enumeration lookups. What this means is that NOTIF will first see if there is an enumeration lookup table for .1.3.1.6.2.9.4432.12.192.168.1.234, and if none is found and wildcards are possible for the ECI, then NOTIF would look for enumeration mapping tables for .1.3.1.6.2.9.4432.12.192.168.1, .1.3.1.6.2.9.4432.12.192.168, .1.3.1.6.2.9.4432.12.192, .1.3.1.6.2.9.4432.12, and so on till a lookup table is found or the name runs out of dot-separated values. This is a relatively computationally intense process, so NOTIF also permits the administrator to set a maximum number of trailing nodes to check before giving up. In our example, where some devices are known to append IP addresses, the administrator might set the maximum number of trailing nodes to be four.

To summarize wildcard enumeration lookups:

At the system level (in the configuration file) indicate the maximum number of nodes to drop in checking for enumeration tables.
For specific ECIs that are used with raw events that might have OIDs that need wildcard lookups, set the ECI Use Enum Wildcard flag to true.

Note this example is specific to SNMP, but any dot-separated keyword string will work in the same manner. A keyword/value pair may appear as Smarts.textSeverity = Critical and be processed by an enumeration of:

Critical -> 1

Major -> 2

....

The display name of enumerated values may be changed to make the NOTIF Editor tree view more readable. For example, an enumerated value of .1.3.6.1.4.1.9.9.37.2.13 may not have much meaning to the reader, but typing a display name of Trap.Cisco.FRU.Status makes it easy to identify the actual use of the enumerated value.