Example of AlertMap for DX NetOps Spectrum

Introduction

This document describes an example of event mapping (AlertMap) to integrate SNMP traps emitted by Planisys authoritative DNS servers with DX NetOps Spectrum.

The objective is to facilitate a Proof of Concept (PoC) and serve as a reference for NOC and operations teams.

Basic Concepts

In DX NetOps Spectrum, an AlertMap (or Event-to-Alarm Mapping) defines:

  • Which SNMP event is received (trap OID)

  • Which alarm is generated in Spectrum

  • With which severity

  • Which message is displayed to the operator

  • Which model type it is associated with (Host, Application, etc.)

Planisys traps use standard SNMPv2 and are fully compatible with Spectrum’s event system.

MIB Used

The rules described in this document are based on the following MIB:

PLANISYS-BIND-AUTH-MIB

Enterprise root OID:

1.3.6.1.4.1.64835

Summary of Supported Traps

Trap

Description

Severity

dnsSvcDown

BIND service stopped or down

Critical

dnsSvcUp

BIND service operational

Informational

Example of AlertMap Rules

The following sections describe how the rules should be configured in Spectrum. Exact menu names may vary depending on the version, but the concept remains the same.

Alarm: Authoritative DNS Service Down

Input Event

  • Trap OID

    PLANISYS-BIND-AUTH-MIB::dnsSvcDown

  • Source

    Host (Host or Application model type)

Conditions

  • The trap contains the pdnsHostFqdn varbind

  • pdnsSeverity = 1 (Critical)

Action in Spectrum

  • Create a new alarm

Severity

  • Critical

Recommended Message

Servicio DNS autoritativo caído en {pdnsHostFqdn}

Dynamic Variables

Spectrum can display additional information using the received varbinds:

  • pdnsHostFqdn → Affected host

  • pdnsEventTimeUtc → Event time

  • pdnsMessage → Textual details of the issue

Alarm: Authoritative DNS Service Operational

Input Event

  • Trap OID

    PLANISYS-BIND-AUTH-MIB::dnsSvcUp

Conditions

  • pdnsSeverity = 5 (Informational)

Action in Spectrum

  • Generate informational event

  • (Optional) Clear or close the alarm associated with dnsSvcDown

Severity

  • Information

Recommended Message

Servicio DNS autoritativo operativo en {pdnsHostFqdn}

Relationship Between Alarms (Optional)

For a better operational experience, it is recommended to:

  • Associate dnsSvcUp as the clear event for dnsSvcDown

  • In this way, when the service recovers, the critical alarm will be closed automatically

This behavior is common in ITIL/NOC environments.

Validation During the Proof of Concept

Test Procedure

On a Planisys authoritative DNS server:

systemctl stop named
systemctl start named

Expected Results in Spectrum

  • When stopping the service:

    • The dnsSvcDown trap is received

    • A Critical alarm is generated

  • When starting the service:

    • The dnsSvcUp trap is received

    • An informational event is generated

    • (Optional) The previous critical alarm is cleared

Recommended Best Practices

  • Associate alarms with the Host model

  • Use pdnsHostFqdn as the primary identifier

  • Maintain severities consistent with ITIL

  • Document these rules in the NOC runbook

Security Notes

  • The AlertMap does not define SNMP credentials

  • SNMP communities or SNMPv3 credentials are managed outside Spectrum

  • It is recommended to restrict UDP/162 access using a firewall

Compatibility

This AlertMap example is compatible with:

  • DX NetOps Spectrum

  • Other NMS platforms with similar SNMP event mapping