[syslog-ng] Convert syslog to traps

Clayton Dukes cdukes at gmail.com
Thu Dec 9 22:12:36 CET 2010 

If this is for Cisco boxes, you can use:
snmp-server enable traps syslog

This will generate a trap using the enterprise oid of 1.3.6.1.4.1.9.9.41.2

______________________________________________________________

Clayton Dukes
______________________________________________________________


On Thu, Dec 9, 2010 at 3:24 PM, Balazs Scheidler <bazsi at balabit.hu> wrote:

>
> hi,
>
> I just happened to be thinking about SNMP support. Cisco seems to have a
> MIB for syslog->snmp translation. So if anyone volunteers to anything
> related, I think this should be followed:
>
>
> http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=clogMessageGenerated&translate=Translate&submitValue=SUBMIT
>
>
> On Thu, 2010-12-09 at 11:54 -0800, Matthew Hall wrote:
> > My advice, Net-SNMP via Perl if Perl is fast enough.
> >
> > Otherwise next easiest would be Westhawk SNMP via Java.
> >
> > If that won't work then Net-SNMP via C or SNMP++ via C++ is the fastest
> > there is.
> >
> > I have a lot of experience writing SNMP network management software so I
> > can try to get you straightened out if you run into trouble.
> >
> > Matthew.
> >
> > On Thu, Dec 09, 2010 at 01:05:26PM -0600, Martin Holste wrote:
> > > I think program() is the best bet for you.  I haven't had anything like
> that
> > > happen when using program().  What version of syslog-ng are you using?
>  I
> > > don't think syslog-ng is sending newlines, but your script may be
> > > interpreting "silence" from syslog-ng as nothing and appending a
> newline or
> > > something.  If you post a snippet from your script showing how it's
> reading
> > > from syslog-ng, that would help.  It would also help to see the config
> > > relevant to the program() destination.
> > >
> > > On Thu, Dec 9, 2010 at 12:27 PM, Jay <difficult_id at yahoo.com> wrote:
> > >
> > > > Have a requirement to convert all incoming syslogs to SNMP traps and
> send
> > > > it to another host. One option I could think of is to use program ()
> > > > destination.
> > > >
> > > > When I tried this option, I find that syslog-ng is continuously
> sending
> > > > newline characters to the specified program. i.e. even when no syslog
> is
> > > > received, syslog-ng seems to be pumping newline chars to the
> specified
> > > > program.
> > > >
> > > > Also I read the warning message in admin guide that, it will open up
> the
> > > > door to DOS attack.
> > > >
> > > > Could someone let me know the best way to achieve this, please ?
> > > >
>
> --
> Bazsi
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101209/0a6152cf/attachment.htm

More information about the syslog-ng mailing list