[syslog-ng] Customizing syslog-ng snmp() destination option

Maurya, Shivani shivani.maurya at intel.com
Wed Mar 23 06:38:18 UTC 2022


Hi Gabor,

Can you please help here?

Regards,
Shivani Maurya

From: Maurya, Shivani
Sent: Tuesday, March 22, 2022 10:27 PM
To: Gabor Nagy (gnagy) <Gabor.Nagy at oneidentity.com>; wernli at in2p3.fr; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: RE: [syslog-ng] Customizing syslog-ng snmp() destination option

Hi Gabor,

We want to use snmpv2v/snmpv3 only going forward. This is the reason I want to add the field "agent-addr". Is there a way to add "agent-addr" field with snmpv2c/snmpv3 ?

Regards,
Shivani Maurya

From: Gabor Nagy (gnagy) <Gabor.Nagy at oneidentity.com<mailto:Gabor.Nagy at oneidentity.com>>
Sent: Tuesday, March 22, 2022 8:48 PM
To: Maurya, Shivani <shivani.maurya at intel.com<mailto:shivani.maurya at intel.com>>; wernli at in2p3.fr<mailto:wernli at in2p3.fr>; Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: Re: [syslog-ng] Customizing syslog-ng snmp() destination option

Thanks Shivani for the example!

I didn't know "agent-addr" is a standardized SNMPv1 trap element.
I've found it in the SNMPv1 RFC too. [1]

Unfortunately, syslog-ng only supports snmpv2c and snmpv3 versions.
I've checked the code of snmp-dest() and I think it would be _relatively_ easy to add snmpv1 support.
I can open a feature request on GitHub, as I'm not sure when we could get to this in the near future, or is there any reason against SNMPv1.

Regards,
Gabor


[1] https://datatracker.ietf.org/doc/html/rfc1157/#section-4.1.6
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Fabien Wernli <wernli at in2p3.fr<mailto:wernli at in2p3.fr>>
Sent: Tuesday, March 22, 2022 8:12
To: Maurya, Shivani <shivani.maurya at intel.com<mailto:shivani.maurya at intel.com>>
Cc: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: Re: [syslog-ng] Customizing syslog-ng snmp() destination option

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Hi again,

On Tue, Mar 22, 2022 at 06:09:32AM +0000, Maurya, Shivani wrote:
> But this is how I want an extra field to be added in trap itself before the variable-binding -
>
> [cid:image002.png at 01D83DE1.7C82C330]

As I said, I think you can achieve this using `snmp-obj()`.
Try the following:

    snmp-obj('.1.3.6.1.6.3.18.1.3.0', 'Ipaddress', "${SOURCEIP}")

______________________________________________________________________________
Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=mJAT2oTdxOtlg%2FviRHWvJfDuGCGeAPABN%2BCqDmuFA9Q%3D&reserved=0
Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Nojx51D6YkOswnnLzog1ykOV3D39L8cv%2B4NLIRm%2BkNU%3D&reserved=0
FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cgabor.nagy%40oneidentity.com%7C1341f1fe92104de79ae708da0bd35bee%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637835299655341547%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=u3FuE5V2S8%2BCWe2k6AupGSQ%2F6gX3j4SMvMDTchwJuOM%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20220323/fd7a8fa8/attachment-0001.htm>


More information about the syslog-ng mailing list