[syslog-ng] Customizing syslog-ng snmp() destination option
Maurya, Shivani
shivani.maurya at intel.com
Tue Mar 22 16:57:24 UTC 2022
Hi Gabor,
We want to use snmpv2v/snmpv3 only going forward. This is the reason I want to add the field "agent-addr". Is there a way to add "agent-addr" field with snmpv2c/snmpv3 ?
Regards,
Shivani Maurya
From: Gabor Nagy (gnagy) <Gabor.Nagy at oneidentity.com>
Sent: Tuesday, March 22, 2022 8:48 PM
To: Maurya, Shivani <shivani.maurya at intel.com>; wernli at in2p3.fr; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Customizing syslog-ng snmp() destination option
Thanks Shivani for the example!
I didn't know "agent-addr" is a standardized SNMPv1 trap element.
I've found it in the SNMPv1 RFC too. [1]
Unfortunately, syslog-ng only supports snmpv2c and snmpv3 versions.
I've checked the code of snmp-dest() and I think it would be _relatively_ easy to add snmpv1 support.
I can open a feature request on GitHub, as I'm not sure when we could get to this in the near future, or is there any reason against SNMPv1.
Regards,
Gabor
[1] https://datatracker.ietf.org/doc/html/rfc1157/#section-4.1.6
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Fabien Wernli <wernli at in2p3.fr<mailto:wernli at in2p3.fr>>
Sent: Tuesday, March 22, 2022 8:12
To: Maurya, Shivani <shivani.maurya at intel.com<mailto:shivani.maurya at intel.com>>
Cc: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: Re: [syslog-ng] Customizing syslog-ng snmp() destination option
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi again,
On Tue, Mar 22, 2022 at 06:09:32AM +0000, Maurya, Shivani wrote:
> But this is how I want an extra field to be added in trap itself before the variable-binding -
>
> [cid:image002.png at 01D83DE1.7C82C330]
As I said, I think you can achieve this using `snmp-obj()`.
Try the following:
snmp-obj('.1.3.6.1.6.3.18.1.3.0', 'Ipaddress', "${SOURCEIP}")
______________________________________________________________________________
Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=mJAT2oTdxOtlg%2FviRHWvJfDuGCGeAPABN%2BCqDmuFA9Q%3D&reserved=0
Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Nojx51D6YkOswnnLzog1ykOV3D39L8cv%2B4NLIRm%2BkNU%3D&reserved=0
FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=u3FuE5V2S8%2BCWe2k6AupGSQ%2F6gX3j4SMvMDTchwJuOM%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20220322/0336eba1/attachment-0001.htm>
More information about the syslog-ng
mailing list