TwitterFacebookGoogle

omsnmp: SNMP Trap Output Module

Module Name:omsnmp
Author:Andre Lorbach <alorbach@adiscon.com>

Purpose

Provides the ability to send syslog messages as an SNMPv1 & v2c traps. By default, SNMPv2c is preferred. The syslog message is wrapped into a OCTED STRING variable. This module uses the NET-SNMP library. In order to compile this module, you will need to have the NET-SNMP developer (headers) package installed.

Configuration Parameters

Note

Parameter names are case-insensitive.

Action Parameters

Server

typedefaultmandatoryobsolete legacy directive
stringnoneyes$actionsnmptarget

This can be a hostname or ip address, and is our snmp target host. This parameter is required, if the snmptarget is not defined, nothing will be send.

Port

typedefaultmandatoryobsolete legacy directive
integer162no$actionsnmptargetport

The port which will be used, common values are port 162 or 161.

Transport

typedefaultmandatoryobsolete legacy directive
stringudpno$actionsnmptransport

Defines the transport type you wish to use. Technically we can support all transport types which are supported by NET-SNMP. To name a few possible values: udp, tcp, udp6, tcp6, icmp, icmp6 …

Version

typedefaultmandatoryobsolete legacy directive
integer1no$actionsnmpversion

There can only be two choices for this parameter for now. 0 means SNMPv1 will be used. 1 means SNMPv2c will be used. Any other value will default to 1.

Community

typedefaultmandatoryobsolete legacy directive
stringpublicno$actionsnmpcommunity

This sets the used SNMP Community.

TrapOID

typedefaultmandatoryobsolete legacy directive
string1.3.6.1.4.1.19406.1.2.1no$actionsnmptrapoid

The default value means “ADISCON-MONITORWARE-MIB::syslogtrap”.

This configuration parameter is used for SNMPv2 only. This is the OID which defines the trap-type, or notification-type rsyslog uses to send the trap. In order to decode this OID, you will need to have the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side. Downloads of these mib files can be found here:

http://www.adiscon.org/download/ADISCON-MIB.txt

http://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt Thanks to the net-snmp mailinglist for the help and the recommendations ;).

MessageOID

typedefaultmandatoryobsolete legacy directive
string1.3.6.1.4.1.19406.1.2.1no$actionsnmpsyslogmessageoid

This OID will be used as a variable, type “OCTET STRING”. This variable will contain up to 255 characters of the original syslog message including syslog header. It is recommend to use the default OID. In order to decode this OID, you will need to have the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side. To download these custom mibs, see the description of TrapOID.

EnterpriseOID

typedefaultmandatoryobsolete legacy directive
string1.3.6.1.4.1.3.1.1no$actionsnmpenterpriseoid

The default value means “enterprises.cmu.1.1”

Customize this value if needed. I recommend to use the default value unless you require to use a different OID. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.

SpecificType

typedefaultmandatoryobsolete legacy directive
integer0no$actionsnmpspecifictype

This is the specific trap number. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.

TrapType

typedefaultmandatoryobsolete legacy directive
integer6no$actionsnmptraptype

There are only 7 Possible trap types defined which can be used here. These trap types are:

0 = SNMP_TRAP_COLDSTART
1 = SNMP_TRAP_WARMSTART
2 = SNMP_TRAP_LINKDOWN
3 = SNMP_TRAP_LINKUP
4 = SNMP_TRAP_AUTHFAIL
5 = SNMP_TRAP_EGPNEIGHBORLOSS
6 = SNMP_TRAP_ENTERPRISESPECIFIC

Note

Any other value will default to 6 automatically. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.

Caveats/Known Bugs

  • In order to decode the custom OIDs, you will need to have the adiscon mibs installed.

Examples

Sending messages as snmp traps

The following commands send every message as a snmp trap.

module(load="omsnmp")
action(type="omsnmp" server="localhost" port="162" transport="udp"
       version="1" community="public")

See also

Help with configuring/using Rsyslog:

  • Mailing list - best route for general questions
  • GitHub: rsyslog source project - detailed questions, reporting issues that are believed to be bugs with Rsyslog
  • Stack Exchange (View, Ask) - experimental support from rsyslog community

See also

Contributing to Rsyslog:

© 2008-2019, `Rainer Gerhards and Others. This site uses the “better” theme for Sphinx.