Hi Gabor,

I have captured the traffic which we are forwarding using snmp() –

But this is how I want an extra field to be added in trap itself before the variable-binding -

Regards,

Shivani Maurya

From: Nagy Gábor <gabor.hl@gmail.com>
Sent: Tuesday, March 22, 2022 12:11 AM
To: wernli@in2p3.fr; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>; Maurya, Shivani <shivani.maurya@intel.com>
Subject: Re: [syslog-ng] Customizing syslog-ng snmp() destination option

Hi,

I'm not an SNMP expert, but I looked around and I don't know if what you ask is possible with SNMP protocol.

Can you show an example of what this trap would look like, please?

What is the difference on the receiving side (e.g. with snmptrapd)?

Regards,

Gabor

Fabien Wernli <wernli@in2p3.fr> ezt írta (időpont: 2022. márc. 21., H, 17:31):

Hi,

On Mon, Mar 21, 2022 at 04:12:19PM +0000, Maurya, Shivani wrote:
> I wanted to add a field "agent-addr" as part of the trap & not in the variable-binding. This field "agent-addr" will contain the IP address of the device which is sending the syslog message to the syslog server. How can I add a customized filed as part of the trap?

The documentation of the snmp destination is here https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.33/administration-guide/49#TOPIC-1663343
You can use syslog-ng macros inside the snmp-obj parameter.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq