[syslog-ng] Convert syslog to traps
Balazs Scheidler
bazsi at balabit.hu
Thu Dec 9 21:24:14 CET 2010
hi,
I just happened to be thinking about SNMP support. Cisco seems to have a
MIB for syslog->snmp translation. So if anyone volunteers to anything
related, I think this should be followed:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=clogMessageGenerated&translate=Translate&submitValue=SUBMIT
On Thu, 2010-12-09 at 11:54 -0800, Matthew Hall wrote:
> My advice, Net-SNMP via Perl if Perl is fast enough.
>
> Otherwise next easiest would be Westhawk SNMP via Java.
>
> If that won't work then Net-SNMP via C or SNMP++ via C++ is the fastest
> there is.
>
> I have a lot of experience writing SNMP network management software so I
> can try to get you straightened out if you run into trouble.
>
> Matthew.
>
> On Thu, Dec 09, 2010 at 01:05:26PM -0600, Martin Holste wrote:
> > I think program() is the best bet for you. I haven't had anything like that
> > happen when using program(). What version of syslog-ng are you using? I
> > don't think syslog-ng is sending newlines, but your script may be
> > interpreting "silence" from syslog-ng as nothing and appending a newline or
> > something. If you post a snippet from your script showing how it's reading
> > from syslog-ng, that would help. It would also help to see the config
> > relevant to the program() destination.
> >
> > On Thu, Dec 9, 2010 at 12:27 PM, Jay <difficult_id at yahoo.com> wrote:
> >
> > > Have a requirement to convert all incoming syslogs to SNMP traps and send
> > > it to another host. One option I could think of is to use program ()
> > > destination.
> > >
> > > When I tried this option, I find that syslog-ng is continuously sending
> > > newline characters to the specified program. i.e. even when no syslog is
> > > received, syslog-ng seems to be pumping newline chars to the specified
> > > program.
> > >
> > > Also I read the warning message in admin guide that, it will open up the
> > > door to DOS attack.
> > >
> > > Could someone let me know the best way to achieve this, please ?
> > >
--
Bazsi
More information about the syslog-ng
mailing list