No, because you can not define a variable name from the content of the syslog line. 2015-06-09T11:14:42-07:00 saker.comp.uvic.ca daemon.info snmptrap: . Cold Start Trap (0) Uptime: 0 seconds DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (235800437) 27 days, 7:00:04.37 SM10-R3-MIB::componentLocation = STRING: Enclosure 0, Drawer 4 SM10-R3-MIB::componentType = STRING: Drawer SM10-R3-MIB::deviceErrorCode = STRING: 2857 SM10-R3-MIB::deviceHostIPAddr = STRING: "192.168.21.22" SM10-R3-MIB::deviceHostIPType = INTEGER: ipv4(1) SM10-R3-MIB::deviceHostName = STRING: disk11b.westgrid. SM10-R3-MIB::deviceUserLabel = STRING: disk11_westgrid SM10-R3-MIB::eventTime = STRING: Jun 9, 2015 11:13:41 AM SM10-R3-MIB::trapDescription = STRING: Drawer open or removed SNMPv2-MIB::snmpTrapOID.0 = OID: SM10-R3-MIB::storageArrayCritical we need to make name and values of sysUpTimeInstance = 235800437 componentLocation = Enclosure 0, Drawer 4 componentType = Drawer deviceErrorCode = 2857 deviceHostIPAddr = 192.168.21.22 deviceHostIPType = ipv4(1) deviceHostName = disk11b.westgrid. deviceUserLabel = disk11_westgrid eventTime = Jun 9, 2015 11:13:41 AM trapDescription = Drawer open or removed snmpTrapOID.0 = SM10-R3-MIB::storageArrayCritical On 06/09/2015 11:28 AM, Jim Hendrick wrote:
Couldn't that be done using patterndb?
Sent from my Verizon Wireless 4G LTE smartphone
-------- Original message -------- From: Fabien Wernli <wernli@in2p3.fr> Date: 06/09/2015 10:29 AM (GMT-05:00) To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Integrating with snmp traps
Hi,
On Tue, Jun 09, 2015 at 06:26:40AM -0700, Evan Rempel wrote:
When you say you "would actually like to parse all the key-values from the original payload" what do you mean? Do you want to process them with syslog-ng filters etc, or are you feeding this to another type of structured worker thread?
I'd like to basically have the structured SNMP message parsed in syslog-ng, in the same way json-parser() parses JSON payload, and makes the key-values available as macros in syslog-ng.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria