omsnmp: SNMP Trap Output Module
Module Name: | omsnmp |
Author: | Andre Lorbach <alorbach@adiscon.com> |
Purpose
Provides the ability to send syslog messages as an SNMPv1 & v2c traps. By default, SNMPv2c is preferred. The syslog message is wrapped into a OCTED STRING variable. This module uses the NET-SNMP library. In order to compile this module, you will need to have the NET-SNMP developer (headers) package installed.
Configuration Parameters
Note
Parameter names are case-insensitive.
Action Parameters
Server
type | default | mandatory |
|
|---|---|---|---|
string | none | yes |
|
This can be a hostname or ip address, and is our snmp target host. This parameter is required, if the snmptarget is not defined, nothing will be send.
Port
type | default | mandatory |
|
|---|---|---|---|
integer | 162 | no |
|
The port which will be used, common values are port 162 or 161.
Transport
type | default | mandatory |
|
|---|---|---|---|
string | udp | no |
|
Defines the transport type you wish to use. Technically we can support all transport types which are supported by NET-SNMP. To name a few possible values: udp, tcp, udp6, tcp6, icmp, icmp6 …
Version
type | default | mandatory |
|
|---|---|---|---|
integer | 1 | no |
|
There can only be two choices for this parameter for now. 0 means SNMPv1 will be used. 1 means SNMPv2c will be used. Any other value will default to 1.
Community
type | default | mandatory |
|
|---|---|---|---|
string | public | no |
|
This sets the used SNMP Community.
TrapOID
type | default | mandatory |
|
|---|---|---|---|
string | 1.3.6.1.4.1.19406.1.2.1 | no |
|
The default value means “ADISCON-MONITORWARE-MIB::syslogtrap”.
This configuration parameter is used for SNMPv2 only. This is the OID which defines the trap-type, or notification-type rsyslog uses to send the trap. In order to decode this OID, you will need to have the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side. Downloads of these mib files can be found here:
https://www.adiscon.org/download/ADISCON-MIB.txt
https://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt Thanks to the net-snmp mailinglist for the help and the recommendations ;).
MessageOID
type | default | mandatory |
|
|---|---|---|---|
string | 1.3.6.1.4.1.19406.1.2.1 | no |
|
This OID will be used as a variable, type “OCTET STRING”. This variable will contain up to 255 characters of the original syslog message including syslog header. It is recommend to use the default OID. In order to decode this OID, you will need to have the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side. To download these custom mibs, see the description of TrapOID.
EnterpriseOID
type | default | mandatory |
|
|---|---|---|---|
string | 1.3.6.1.4.1.3.1.1 | no |
|
The default value means “enterprises.cmu.1.1”
Customize this value if needed. I recommend to use the default value unless you require to use a different OID. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.
SpecificType
type | default | mandatory |
|
|---|---|---|---|
integer | 0 | no |
|
This is the specific trap number. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.
Snmpv1DynSource
type | default | mandatory |
|
|---|---|---|---|
string | no | none |
Added in version 8.2001.
If set, the source field of the SNMP trap can be overwritten with the a template. The internal default is “%fromhost-ip%”. The result should be a valid IPv4 Address. Otherwise setting the source will fail.
Below is a sample template called “dynsource” which you can use to set the source to a custom property:
set $!custom_host = $fromhost;
template(name="dynsource" type="list") {
property(name="$!custom_host")
}
This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.
TrapType
type | default | mandatory |
|
|---|---|---|---|
integer | 6 | no |
|
There are only 7 Possible trap types defined which can be used here. These trap types are:
0 = SNMP_TRAP_COLDSTART
1 = SNMP_TRAP_WARMSTART
2 = SNMP_TRAP_LINKDOWN
3 = SNMP_TRAP_LINKUP
4 = SNMP_TRAP_AUTHFAIL
5 = SNMP_TRAP_EGPNEIGHBORLOSS
6 = SNMP_TRAP_ENTERPRISESPECIFIC
Note
Any other value will default to 6 automatically. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.
Caveats/Known Bugs
In order to decode the custom OIDs, you will need to have the adiscon mibs installed.
Examples
Sending messages as snmp traps
The following commands send every message as a snmp trap.
module(load="omsnmp")
action(type="omsnmp" server="localhost" port="162" transport="udp"
version="1" community="public")
See also
Help with configuring/using Rsyslog:
Mailing list - best route for general questions
GitHub: rsyslog source project - detailed questions, reporting issues that are believed to be bugs with
Rsyslog
See also
Contributing to Rsyslog:
Source project: rsyslog project README.
Documentation: rsyslog-doc project README
Copyright 2008-2023 Rainer Gerhards (Großrinderfeld), and Others.