Ok so I go to load the Module omsnmp and I get an error in syslog that omsnmp.so in /lib64 not found.....So I downloaded the source from here http://www.rsyslog.com/files/download/rsyslog/rsyslog-7.2.6.tar.gz
To just try and grab the omsnmp.so file (I think I would have to compile to be able to get that file) Anywho Rainer you're on the right track. I don't think there is an input. Which is what I'm wanting. So my question is ....how would I get rsyslog to pick this up? Or is there another work around. So on the switch side I just gave it the community name and ip address and criteria to send.... In the snmpd.conf on the server side the only thing that is setup is the community name and the service is running. I don't think there is much more than that required. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Lang Sent: Thursday, April 11, 2013 11:30 AM To: rsyslog-users Subject: Re: [rsyslog] snmp on linux with rsyslog log with the RSYSLOG_DebugFormat to see exactly what the various fields are filled with. I don't think fromhost-ip ever includes a port. David Lang On Thu, 11 Apr 2013, Josh Bitto wrote: > Ok so basically I would do something like this? > > $ModLoad omsnmp > > if $fromhost-ip == 'ip.addy.ha.ha:162' then /var/log/to-a-file.log & ~ > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of David Lang > Sent: Thursday, April 11, 2013 11:13 AM > To: rsyslog-users > Subject: Re: [rsyslog] snmp on linux with rsyslog > > you setup traps on the device to send messages to rsyslog. > > But I doubt that you can set it up to send ALL log messages out that way. > > Rsyslog has a module that can listen for SNMP Trap messages that are sent by > other devices. > > David Lang > > On Thu, 11 Apr 2013, Josh Bitto wrote: > >> >> I don't fully understand your response. I have to setup a trap on the >> switch (to send logs to server) OR on the server side(to receive logs from >> switch)? >> I'm still a little confused on how rsyslog works with this. >> >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of David Lang >> Sent: Thursday, April 11, 2013 10:47 AM >> To: rsyslog-users >> Subject: Re: [rsyslog] snmp on linux with rsyslog >> >> On Thu, 11 Apr 2013, Josh Bitto wrote: >> >>> I'm starting to add devices from our network to forward logs and I came >>> across a switch that uses snmp....I looked at the documentation on the >>> website and had a couple of questions. >>> >>> 1. Will ryslsog use V3 of snmp? >>> 2. When adding the module to the rsyslog config to receive traffic >>> from said device is a trap necessary or can I just load a module and have a >>> source IP and port number configured to send logs to a specific file? >> >> SNMP has two modes of operation >> >> 1. SNMP Query. the device listens for SNMP requests and responds with >> the appropriate information >> >> 2. SNMP Traps. The device sends a message out under a specific condition. >> >> In neither case are all the logs on the device sent over SNMP. >> >> If you do not configure traps, nothing will be sent to the rsyslog server. >> >> I don't know if rsyslog supports SNMPv3 or not. >> >> Traps are designed to be alerts for critical failures, while it's good to >> get them, you probably want more data and really want the device to send >> it's logs to you. Once you have the device sending it's logs, you will >> probably find that the data that's in the traps is also in the log. >> >> David Lang >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This >> is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our >> control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE >> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites >> beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE >> THAT. >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This > is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our > control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
