[syslog-ng] Convert syslog to traps

Fri Dec 10 16:53:56 CET 2010

Many Thanks to all those who replied.

Martin:

It is version 2.0.3

Thank you for the hint. Now have fixed the issue in my program and is working fine as expected. It doesn't send the new line chars any more. I am copy-pasting the config and program. Please let me know, if it can still be improved.

syslog-ng.conf:
destination convert_syslog_to_trap  { 
          program ("/tmp/convertSyslogToTrap");     
};

cat /tmp/convertSyslogToTrap:
#!/bin/bash
 read syslog
 # Process the syslog message and forward it as trap using  /usr/local/bin/snmptrap

Mathew: 

I do use Net-SNMP to an extent with embedded perl. But mostly I use it for receiving SNMP traps. Do you mean that, it provides a facility to receive syslogs as well ? If so, would be interested to use that feature. Are they any comparision chars available between Net-SNMP syslog receiving capability and syslog-ng capability ?

Balazs  &  Clayton 

This request is not specific to Cisco devices and requirement is to handle syslogs. Also, it is not possible to suggest to my customer to configure devices to send traps for syslogs. 

--- On Thu, 12/9/10, Martin Holste <mcholste at gmail.com> wrote:

From: Martin Holste <mcholste at gmail.com>
Subject: Re: [syslog-ng] Convert syslog to traps
To: difficult_id at yahoo.com, "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
Date: Thursday, December 9, 2010, 2:05 PM

I think program() is the best bet for you.  I haven't had anything like that happen when using program().  What version of syslog-ng are you using?  I don't think syslog-ng is sending newlines, but your script may be interpreting "silence" from syslog-ng as nothing and appending a newline or something.  If you post a snippet from your script showing how it's reading from syslog-ng, that would help.  It would also help to see the config relevant to the program() destination.

On Thu, Dec 9, 2010 at 12:27 PM, Jay <difficult_id at yahoo.com> wrote:

Have a requirement to convert all incoming syslogs to SNMP traps and send it to another host. One option I could think of is to use program () destination.

When I tried this option, I find that syslog-ng is continuously sending newline characters to the specified program. i.e. even when no syslog is received, syslog-ng seems to be pumping newline chars to the specified program.

Also I read the warning message in admin guide that, it will open up the door to DOS attack.

Could someone let me know the best way to achieve this, please ?

Thanks in advance for the help.
John

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101210/187cdb14/attachment.htm 