No, because you can not define a variable name from the content of the syslog line.

2015-06-09T11:14:42-07:00 saker.comp.uvic.ca daemon.info snmptrap: . Cold Start Trap (0) Uptime: 0 seconds      DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (235800437) 27 days, 7:00:04.37        SM10-R3-MIB::componentLocation = STRING: Enclosure 0, Drawer 4  SM10-R3-MIB::componentType = STRING: Drawer     SM10-R3-MIB::deviceErrorCode = STRING: 2857     SM10-R3-MIB::deviceHostIPAddr = STRING: "192.168.21.22" SM10-R3-MIB::deviceHostIPType = INTEGER: ipv4(1) SM10-R3-MIB::deviceHostName = STRING: disk11b.westgrid. SM10-R3-MIB::deviceUserLabel = STRING: disk11_westgrid  SM10-R3-MIB::eventTime = STRING: Jun 9, 2015 11:13:41 AM        SM10-R3-MIB::trapDescription = STRING: Drawer open or removed   SNMPv2-MIB::snmpTrapOID.0 = OID: SM10-R3-MIB::storageArrayCritical


we need to make name and values of

sysUpTimeInstance = 235800437
componentLocation = Enclosure 0, Drawer 4
componentType = Drawer
deviceErrorCode = 2857
deviceHostIPAddr = 192.168.21.22
deviceHostIPType = ipv4(1)
deviceHostName = disk11b.westgrid.
deviceUserLabel = disk11_westgrid
eventTime = Jun 9, 2015 11:13:41 AM
trapDescription = Drawer open or removed
snmpTrapOID.0 = SM10-R3-MIB::storageArrayCritical



On 06/09/2015 11:28 AM, Jim Hendrick wrote:
Couldn't that be done using patterndb? 



Sent from my Verizon Wireless 4G LTE smartphone


-------- Original message --------
From: Fabien Wernli <wernli@in2p3.fr>
Date: 06/09/2015 10:29 AM (GMT-05:00)
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Integrating with snmp traps

Hi,

On Tue, Jun 09, 2015 at 06:26:40AM -0700, Evan Rempel wrote:
> When you say you "would actually like to parse all the key-values from
> the original payload" what do you mean?
> Do you want to process them with syslog-ng filters etc, or are you
> feeding this to another type of structured worker thread?

I'd like to basically have the structured SNMP message parsed in syslog-ng,
in the same way json-parser() parses JSON payload, and makes the key-values
available as macros in syslog-ng.


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq



______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq




-- 
Evan Rempel                                      erempel@uvic.ca
Senior Systems Administrator                        250.721.7691
Data Centre Services, University Systems, University of Victoria