omsnmp: SNMP Trap Output Module¶
| Module Name: | omsnmp |
| Author: | Andre Lorbach <alorbach@adiscon.com> |
Purpose¶
Provides the ability to send syslog messages as an SNMPv1 & v2c traps. By default, SNMPv2c is preferred. The syslog message is wrapped into a OCTED STRING variable. This module uses the NET-SNMP library. In order to compile this module, you will need to have the NET-SNMP developer (headers) package installed.
Configuration Parameters¶
Note
Parameter names are case-insensitive.
Action Parameters¶
Server¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| string | none | yes | $actionsnmptarget |
This can be a hostname or ip address, and is our snmp target host. This parameter is required, if the snmptarget is not defined, nothing will be send.
Port¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| integer | 162 | no | $actionsnmptargetport |
The port which will be used, common values are port 162 or 161.
Transport¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| string | udp | no | $actionsnmptransport |
Defines the transport type you wish to use. Technically we can support all transport types which are supported by NET-SNMP. To name a few possible values: udp, tcp, udp6, tcp6, icmp, icmp6 …
Version¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| integer | 1 | no | $actionsnmpversion |
There can only be two choices for this parameter for now. 0 means SNMPv1 will be used. 1 means SNMPv2c will be used. Any other value will default to 1.
Community¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| string | public | no | $actionsnmpcommunity |
This sets the used SNMP Community.
TrapOID¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| string | 1.3.6.1.4.1.19406.1.2.1 | no | $actionsnmptrapoid |
The default value means “ADISCON-MONITORWARE-MIB::syslogtrap”.
This configuration parameter is used for SNMPv2 only. This is the OID which defines the trap-type, or notifcation-type rsyslog uses to send the trap. In order to decode this OID, you will need to have the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side. Downloads of these mib files can be found here:
http://www.adiscon.org/download/ADISCON-MIB.txt
http://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt Thanks to the net-snmp mailinglist for the help and the recommendations ;).
MessageOID¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| string | 1.3.6.1.4.1.19406.1.2.1 | no | $actionsnmpsyslogmessageoid |
This OID will be used as a variable, type “OCTET STRING”. This variable will contain up to 255 characters of the original syslog message including syslog header. It is recommend to use the default OID. In order to decode this OID, you will need to have the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver side. To download these custom mibs, see the description of TrapOID.
EnterpriseOID¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| string | 1.3.6.1.4.1.3.1.1 | no | $actionsnmpenterpriseoid |
The default value means “enterprises.cmu.1.1”
Customize this value if needed. I recommend to use the default value unless you require to use a different OID. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.
SpecificType¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| integer | 0 | no | $actionsnmpspecifictype |
This is the specific trap number. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.
TrapType¶
| type | default | mandatory | obsolete legacy directive |
|---|---|---|---|
| integer | 6 | no | $actionsnmptraptype |
There are only 7 Possible trap types defined which can be used here. These trap types are:
0 = SNMP_TRAP_COLDSTART
1 = SNMP_TRAP_WARMSTART
2 = SNMP_TRAP_LINKDOWN
3 = SNMP_TRAP_LINKUP
4 = SNMP_TRAP_AUTHFAIL
5 = SNMP_TRAP_EGPNEIGHBORLOSS
6 = SNMP_TRAP_ENTERPRISESPECIFIC
Note
Any other value will default to 6 automatically. This configuration parameter is used for SNMPv1 only. It has no effect if SNMPv2 is used.
Caveats/Known Bugs¶
- In order to decode the custom OIDs, you will need to have the adiscon mibs installed.
Examples¶
Sending messages as snmp traps¶
The following commands send every message as a snmp trap.
module(load="omsnmp")
action(type="omsnmp" server="localhost" port="162" transport="udp"
version="1" community="public")
See also
Help with configuring/using Rsyslog:
- Mailing list - best route for general questions
- GitHub: rsyslog source project - detailed questions, reporting issues
that are believed to be bugs with
Rsyslog - Stack Exchange (View, Ask) - experimental support from rsyslog community
See also
Contributing to Rsyslog:
- Source project: rsyslog project README.
- Documentation: rsyslog-doc project README