I am running 4.2.5 also so we should be on the same event architecture.
Couple of initial questions:
What event class contains this rule statement? The implication from your log line is that you have applied it to the very top-level "root" event class, which probably isn't what you want?
Presumably in your actual rule statement you do not have the diamond brackets around your oid, just the quotes?
I have the following rule on an event class /Traps which works and produces no errors in zeneventd.log:
getattr(evt,'agent','') == 'zentrap' and evt.summary.find('Hello') != 0 and evt.oid.startswith('1.3.6.1.4.1.123')
Note that there is no colon at the end of the rule line as you might expect if you were writing a standard python test.
It is only the last test for evt.oid that you care about. A better way of testing that would be:
getattr(evt,'agent','') == 'zentrap' and evt.summary.find('Hello') != 0 and getattr(evt,'oid','2').strip().startswith('1.3.6.1.4.1.123')
I am using getattr on the evt dictionary to get the 'oid' attribute and if that fails then the default value will be '2' (which clearly does not start with 1.3.6.1.4.1.123).
I have also stripped the oid attribute just in case there is white space at the start or end of the oid string.
To test, I have put on a little transform:
evt.summary = 'JC ' + evt.summary
myOid = evt.oid.strip()
evt.myOidStripped = myOid
if myOid.startswith('1.3.6.1.4.1.123'):
evt.myOid = evt.oid
else:
evt.myOid = 'None'
The result is that in the event details both evt.myOidStripped and evt.myOid are '1.3.6.1.4.1.123'. That said, I have shown a couple of enhancements here but the original test with evt.oid.startswith('1.3.6.1.4.1.123') also worked in exactly the same way.
I used snmptrap to generate an SNMP V2c trap to the manager localhost, with:
/usr/bin/snmptrap -v 2c -c public localhost '' .1.3.6.1.4.1.123.0.1236 .1.3.6.1.4.1.123.0.1236 s 'Hello world 6 via SNMP V2c'
Is your Zenoss 4.2.5 patched up to the latest PTF?
Hope some of that might help.
Cheers,
Jane