[syslog-ng] Customizing syslog-ng snmp() destination option

Gabor Nagy (gnagy) Gabor.Nagy at oneidentity.com
Tue Mar 22 15:17:42 UTC 2022


Thanks Shivani for the example!

I didn't know "agent-addr" is a standardized SNMPv1 trap element.
I've found it in the SNMPv1 RFC too. [1]

Unfortunately, syslog-ng only supports snmpv2c and snmpv3 versions.
I've checked the code of snmp-dest() and I think it would be _relatively_ easy to add snmpv1 support.
I can open a feature request on GitHub, as I'm not sure when we could get to this in the near future, or is there any reason against SNMPv1.

Regards,
Gabor


[1] https://datatracker.ietf.org/doc/html/rfc1157/#section-4.1.6
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Fabien Wernli <wernli at in2p3.fr>
Sent: Tuesday, March 22, 2022 8:12
To: Maurya, Shivani <shivani.maurya at intel.com>
Cc: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Customizing syslog-ng snmp() destination option

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Hi again,

On Tue, Mar 22, 2022 at 06:09:32AM +0000, Maurya, Shivani wrote:
> But this is how I want an extra field to be added in trap itself before the variable-binding -
>
> [cid:image002.png at 01D83DE1.7C82C330]

As I said, I think you can achieve this using `snmp-obj()`.
Try the following:

    snmp-obj('.1.3.6.1.6.3.18.1.3.0', 'Ipaddress', "${SOURCEIP}")

______________________________________________________________________________
Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=mJAT2oTdxOtlg%2FviRHWvJfDuGCGeAPABN%2BCqDmuFA9Q%3D&reserved=0
Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Nojx51D6YkOswnnLzog1ykOV3D39L8cv%2B4NLIRm%2BkNU%3D&reserved=0
FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=u3FuE5V2S8%2BCWe2k6AupGSQ%2F6gX3j4SMvMDTchwJuOM%3D&reserved=0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20220322/bfb046a7/attachment.htm>


More information about the syslog-ng mailing list