[syslog-ng] Integrating with snmp traps

Evan Rempel erempel at uvic.ca
Tue Jun 9 20:33:56 CEST 2015 

No, because you can not define a variable name from the content of the syslog line.

2015-06-09T11:14:42-07:00 saker.comp.uvic.ca daemon.info snmptrap: . Cold Start Trap (0) Uptime: 0 seconds DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (235800437) 27 days, 7:00:04.37        SM10-R3-MIB::componentLocation = STRING: Enclosure 0, Drawer 4  SM10-R3-MIB::componentType = STRING: Drawer     SM10-R3-MIB::deviceErrorCode = STRING: 2857 SM10-R3-MIB::deviceHostIPAddr = STRING: "192.168.21.22" SM10-R3-MIB::deviceHostIPType = INTEGER: ipv4(1) SM10-R3-MIB::deviceHostName = STRING: 
disk11b.westgrid. SM10-R3-MIB::deviceUserLabel = STRING: disk11_westgrid SM10-R3-MIB::eventTime = STRING: Jun 9, 2015 11:13:41 AM SM10-R3-MIB::trapDescription = STRING: Drawer open or removed SNMPv2-MIB::snmpTrapOID.0 = OID: SM10-R3-MIB::storageArrayCritical


we need to make name and values of

sysUpTimeInstance = 235800437
componentLocation = Enclosure 0, Drawer 4
componentType = Drawer
deviceErrorCode = 2857
deviceHostIPAddr = 192.168.21.22
deviceHostIPType = ipv4(1)
deviceHostName = disk11b.westgrid.
deviceUserLabel = disk11_westgrid
eventTime = Jun 9, 2015 11:13:41 AM
trapDescription = Drawer open or removed
snmpTrapOID.0 = SM10-R3-MIB::storageArrayCritical



On 06/09/2015 11:28 AM, Jim Hendrick wrote:
> Couldn't that be done using patterndb?
>
>
>
> Sent from my Verizon Wireless 4G LTE smartphone
>
>
> -------- Original message --------
> From: Fabien Wernli <wernli at in2p3.fr>
> Date: 06/09/2015 10:29 AM (GMT-05:00)
> To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
> Subject: Re: [syslog-ng] Integrating with snmp traps
>
> Hi,
>
> On Tue, Jun 09, 2015 at 06:26:40AM -0700, Evan Rempel wrote:
> > When you say you "would actually like to parse all the key-values from
> > the original payload" what do you mean?
> > Do you want to process them with syslog-ng filters etc, or are you
> > feeding this to another type of structured worker thread?
>
> I'd like to basically have the structured SNMP message parsed in syslog-ng,
> in the same way json-parser() parses JSON payload, and makes the key-values
> available as macros in syslog-ng.
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>


-- 
Evan Rempel                                      erempel at uvic.ca
Senior Systems Administrator                        250.721.7691
Data Centre Services, University Systems, University of Victoria

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150609/a7b8bec1/attachment-0001.htm

More information about the syslog-ng mailing list