1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
*******************************
omsnmp: SNMP Trap Output Module
*******************************
=========================== ===========================================================================
**Module Name:** **omsnmp**
**Author:** Andre Lorbach <alorbach@adiscon.com>
=========================== ===========================================================================
Purpose
=======
Provides the ability to send syslog messages as an SNMPv1 & v2c traps.
By default, SNMPv2c is preferred. The syslog message is wrapped into a
OCTED STRING variable. This module uses the
`NET-SNMP <http://net-snmp.sourceforge.net/>`_ library. In order to
compile this module, you will need to have the
`NET-SNMP <http://net-snmp.sourceforge.net/>`_ developer (headers)
package installed.
Configuration Parameters
========================
.. note::
Parameter names are case-insensitive.
Action Parameters
-----------------
Server
^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"string", "none", "yes", "``$actionsnmptarget``"
This can be a hostname or ip address, and is our snmp target host.
This parameter is required, if the snmptarget is not defined, nothing
will be send.
Port
^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"integer", "162", "no", "``$actionsnmptargetport``"
The port which will be used, common values are port 162 or 161.
Transport
^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"string", "udp", "no", "``$actionsnmptransport``"
Defines the transport type you wish to use. Technically we can
support all transport types which are supported by NET-SNMP.
To name a few possible values:
udp, tcp, udp6, tcp6, icmp, icmp6 ...
Version
^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"integer", "1", "no", "``$actionsnmpversion``"
There can only be two choices for this parameter for now.
0 means SNMPv1 will be used.
1 means SNMPv2c will be used.
Any other value will default to 1.
Community
^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"string", "public", "no", "``$actionsnmpcommunity``"
This sets the used SNMP Community.
TrapOID
^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"string", "1.3.6.1.4.1.19406.1.2.1", "no", "``$actionsnmptrapoid``"
The default value means "ADISCON-MONITORWARE-MIB::syslogtrap".
This configuration parameter is used for **SNMPv2** only.
This is the OID which defines the trap-type, or notification-type
rsyslog uses to send the trap.
In order to decode this OID, you will need to have the
ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the
receiver side. Downloads of these mib files can be found here:
`http://www.adiscon.org/download/ADISCON-MIB.txt <http://www.adiscon.org/download/ADISCON-MIB.txt>`_
`http://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt <http://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt>`_
Thanks to the net-snmp mailinglist for the help and the
recommendations ;).
MessageOID
^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"string", "1.3.6.1.4.1.19406.1.2.1", "no", "``$actionsnmpsyslogmessageoid``"
This OID will be used as a variable, type "OCTET STRING". This
variable will contain up to 255 characters of the original syslog
message including syslog header. It is recommend to use the default
OID.
In order to decode this OID, you will need to have the
ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the
receiver side. To download these custom mibs, see the description of
**TrapOID**.
EnterpriseOID
^^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"string", "1.3.6.1.4.1.3.1.1", "no", "``$actionsnmpenterpriseoid``"
The default value means "enterprises.cmu.1.1"
Customize this value if needed. I recommend to use the default value
unless you require to use a different OID.
This configuration parameter is used for **SNMPv1** only. It has no
effect if **SNMPv2** is used.
SpecificType
^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"integer", "0", "no", "``$actionsnmpspecifictype``"
This is the specific trap number. This configuration parameter is
used for **SNMPv1** only. It has no effect if **SNMPv2** is used.
Snmpv1DynSource
^^^^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"string", "", "no", "none"
.. versionadded:: 8.2001
If set, the source field of the SNMP trap can be overwritten with the a
template. The internal default is "%fromhost-ip%". The result should be a
valid IPv4 Address. Otherwise setting the source will fail.
Below is a sample template called "dynsource" which you canm use to set the
source to a custom property:
.. code-block:: none
set $!custom_host = $fromhost;
template(name="dynsource" type="list") {
property(name="$!custom_host")
}
This configuration parameter is used for **SNMPv1** only.
It has no effect if **SNMPv2** is used.
TrapType
^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"integer", "6", "no", "``$actionsnmptraptype``"
There are only 7 Possible trap types defined which can be used here.
These trap types are:
.. code-block:: none
0 = SNMP_TRAP_COLDSTART
1 = SNMP_TRAP_WARMSTART
2 = SNMP_TRAP_LINKDOWN
3 = SNMP_TRAP_LINKUP
4 = SNMP_TRAP_AUTHFAIL
5 = SNMP_TRAP_EGPNEIGHBORLOSS
6 = SNMP_TRAP_ENTERPRISESPECIFIC
.. note::
Any other value will default to 6 automatically. This configuration
parameter is used for **SNMPv1** only. It has no effect if **SNMPv2**
is used.
Caveats/Known Bugs
==================
- In order to decode the custom OIDs, you will need to have the adiscon
mibs installed.
Examples
========
Sending messages as snmp traps
------------------------------
The following commands send every message as a snmp trap.
.. code-block:: none
module(load="omsnmp")
action(type="omsnmp" server="localhost" port="162" transport="udp"
version="1" community="public")
|
