Use this documentation with care! It describes the outdated version 7, which was actively developed around 2014 and is considered dead by the rsyslog team.

This documentation reflects the latest update of the v7-stable branch. It describes the 7.6.8 version, which was never released. As such, it contains some content that does not apply to any released version.

To obtain the doc that properly matches your installed v7 version, obtain the doc set from your distro. Each version of rsyslog contained the version that exactly matches it.

As general advise, it is strongly suggested to upgrade to the current version supported by the rsyslog project. The current version can always be found on the right-hand side info box on the rsyslog web site.

Note that there is only limited rsyslog community support available for the outdated v7 version (officially we do not support it at all, but we usually are able to answer simple questions). If you need to stick with v7, it probably is best to ask your distribution for support.

omsnmp: SNMP Trap Output Module

Module Name:    omsnmp

Author: Andre Lorbach <alorbach@adiscon.com>

Description:

Provides the ability to send syslog messages as an SNMPv1 & v2c traps. By default, SNMPv2c is preferred. The syslog message is wrapped into a OCTED STRING variable. This module uses the NET-SNMP library. In order to compile this module, you will need to have the NET-SNMP developer (headers) package installed.

Action Line:

%omsnmp% without any further parameters.

Configuration Directives:

  • $actionsnmptransport(This parameter is optional, the default value is “udp”) Defines the transport type you wish to use. Technically we can support all transport types which are supported by NET-SNMP. To name a few possible values: udp, tcp, udp6, tcp6, icmp, icmp6 … Example: $actionsnmptransport udp

  • $actionsnmptarget This can be a hostname or ip address, and is our snmp target host. This parameter is required, if the snmptarget is not defined, nothing will be send. Example: $actionsnmptarget server.domain.xxx

  • $actionsnmptargetport(This parameter is optional, the default value is “162”) The port which will be used, common values are port 162 or 161. Example: $actionsnmptargetport 162

  • $actionsnmpversion(This parameter is optional, the default value is “1”) There can only be two choices for this parameter for now. 0 means SNMPv1 will be used. 1 means SNMPv2c will be used. Any other value will default to 1. Example: $actionsnmpversion 1

  • $actionsnmpcommunity(This parameter is optional, the default value is “public”) This sets the used SNMP Community. Example:$actionsnmpcommunity public

  • $actionsnmptrapoid(This parameter is optional, the default value is “1.3.6.1.4.1.19406.1.2.1” which means “ADISCON-MONITORWARE-MIB::syslogtrap”) This configuration parameter is used for SNMPv2 only. This is the OID which defines the trap-type, or notifcation-type rsyslog uses to send the trap. In order to decode this OID, you will need to have the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side. Downloads of these mib files can be found here:

    http://www.adiscon.org/download/ADISCON-MIB.txt

    http://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt Thanks to the net-snmp mailinglist for the help and the recommendations ;). Example: $actionsnmptrapoid 1.3.6.1.4.1.19406.1.2.1 **If you have this MIBS installed, you can also configured with the OID Name: **$actionsnmptrapoid ADISCON-MONITORWARE-MIB::syslogtrap

  • $actionsnmpsyslogmessageoid(This parameter is optional, the default value is “1.3.6.1.4.1.19406.1.1.2.1” which means “ADISCON-MONITORWARE-MIB::syslogMsg”) This OID will be used as a variable, type “OCTET STRING”. This variable will contain up to 255 characters of the original syslog message including syslog header. It is recommend to use the default OID. In order to decode this OID, you will need to have the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side. To download these custom mibs, see the description of $actionsnmptrapoid. Example: $actionsnmpsyslogmessageoid 1.3.6.1.4.1.19406.1.1.2.1 **If you have this MIBS installed, you can also configured with the OID Name: **$actionsnmpsyslogmessageoid ADISCON-MONITORWARE-MIB::syslogMsg

  • $actionsnmpenterpriseoid(This parameter is optional, the default value is “1.3.6.1.4.1.3.1.1” which means “enterprises.cmu.1.1”) Customize this value if needed. I recommend to use the default value unless you require to use a different OID. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used. Example: $actionsnmpenterpriseoid 1.3.6.1.4.1.3.1.1

  • $actionsnmpspecifictype(This parameter is optional, the default value is “0”)** This is the specific trap number. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used. Example: $actionsnmpspecifictype 0

  • $actionsnmptraptype (This parameter is optional, the default value is “6” which means SNMP_TRAP_ENTERPRISESPECIFIC) There are only 7 Possible trap types defined which can be used here. These trap types are: 0 = SNMP_TRAP_COLDSTART 1 = SNMP_TRAP_WARMSTART 2 = SNMP_TRAP_LINKDOWN 3 = SNMP_TRAP_LINKUP 4 = SNMP_TRAP_AUTHFAIL 5 = SNMP_TRAP_EGPNEIGHBORLOSS 6 = SNMP_TRAP_ENTERPRISESPECIFIC Any other value will default to 6 automatically. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used. Example: $actionsnmptraptype 6

Caveats/Known Bugs:

  • In order to decode the custom OIDs, you will need to have the adiscon mibs installed.

Sample:

The following commands send every message as a snmp trap.

$ModLoad omsnmp
$actionsnmptransport udp
$actionsnmptarget localhost
$actionsnmptargetport 162
$actionsnmpversion 1
$actionsnmpcommunity public
*.* :omsnmp:

This documentation is part of the rsyslog project.

Copyright © 2008-2014 by Rainer Gerhards and Adiscon. Released under the GNU GPL version 3 or higher.