On Thu, 11 Apr 2013, Josh Bitto wrote:
I'm sorry David....well the switch is some ghetto switch that only uses snmp
to send logs....why in the hell it doesn't use syslog is my guess as
well....trust me I'd rather light the thing on fire and throw it out the
window then have to deal with this.
Ok let me start from scratch.....I'm on a centos 6.4 linux box and you can yum
install net-snmp and net-snmp-utils when configuring the package you just give
it a secure community name that basically identifies that server. So on the
device side you want to send the snmp stuff to you have to define the
community name and ip address to where it goes.....so I did that...it
works...the only thing is trying to figure out how to get the traffic into a
readable file :/
I believe that those packages allow you to send snmp queries to other systems, I
think there is another package, probably net-snmpd that would setup a server on
your system. You could use that to run a SNMP Trap server, and then have that
Trap server either log to syslog, or log to a file that you then gather using
imfile.
So you would have three independant things to configure
1. the switch needs to be configured to send traps to your box
2. you need to have a SNMP Trap server installed and configured to listen for
Traps and write them out (either directly to syslog or to a file)
3. you need to have rsyslog receive the logs from the trap server, or scrape the
file using imfile, and then process the log messages normally.
I would push back on management and try to tell them to either live without
logging on that switch, or let you buy a replacement.
David Lang
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of David Lang
Sent: Thursday, April 11, 2013 12:59 PM
To: rsyslog-users
Subject: Re: [rsyslog] snmp on linux with rsyslog
On Thu, 11 Apr 2013, Josh Bitto wrote:
Ok so I go to load the Module omsnmp and I get an error in syslog that
omsnmp.so in /lib64 not found.....So I downloaded the source from here
http://www.rsyslog.com/files/download/rsyslog/rsyslog-7.2.6.tar.gz
To just try and grab the omsnmp.so file (I think I would have to
compile to be able to get that file)
Anywho Rainer you're on the right track. I don't think there is an input. Which
is what I'm wanting.
Yes, om* is output module.
So my question is ....how would I get rsyslog to pick this up? Or is there
another work around.
is your equipment unable to log via syslog? If so, let me know what brand it is
so I can avoid it. Network equipment has been logging via syslog for decades.
SNMP Traps would be a very poor fallback if what you are wanting is log
messages, assuming you could make it work.
So on the switch side I just gave it the community name and ip address and
criteria to send....
In the snmpd.conf on the server side the only thing that is setup is
the community name and the service is running. I don't think there is
much more than that required.
on the server side, what are you setting up? what software uses the config you
created?
I'm sorry if it seems like I'm making you jump through hoops here, but your
questions usually lack so much context that I am having to try and guess what
you are really trying to get done and why.
David Lang
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of David Lang
Sent: Thursday, April 11, 2013 11:30 AM
To: rsyslog-users
Subject: Re: [rsyslog] snmp on linux with rsyslog
log with the RSYSLOG_DebugFormat to see exactly what the various fields are
filled with.
I don't think fromhost-ip ever includes a port.
David Lang
On Thu, 11 Apr 2013, Josh Bitto wrote:
Ok so basically I would do something like this?
$ModLoad omsnmp
if $fromhost-ip == 'ip.addy.ha.ha:162' then /var/log/to-a-file.log &
~
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of David Lang
Sent: Thursday, April 11, 2013 11:13 AM
To: rsyslog-users
Subject: Re: [rsyslog] snmp on linux with rsyslog
you setup traps on the device to send messages to rsyslog.
But I doubt that you can set it up to send ALL log messages out that way.
Rsyslog has a module that can listen for SNMP Trap messages that are sent by
other devices.
David Lang
On Thu, 11 Apr 2013, Josh Bitto wrote:
I don't fully understand your response. I have to setup a trap on
the switch (to send logs to server) OR on the server side(to receive logs from
switch)?
I'm still a little confused on how rsyslog works with this.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of David Lang
Sent: Thursday, April 11, 2013 10:47 AM
To: rsyslog-users
Subject: Re: [rsyslog] snmp on linux with rsyslog
On Thu, 11 Apr 2013, Josh Bitto wrote:
I'm starting to add devices from our network to forward logs and I came across
a switch that uses snmp....I looked at the documentation on the website and had
a couple of questions.
1. Will ryslsog use V3 of snmp?
2. When adding the module to the rsyslog config to receive traffic from
said device is a trap necessary or can I just load a module and have a source
IP and port number configured to send logs to a specific file?
SNMP has two modes of operation
1. SNMP Query. the device listens for SNMP requests and responds
with the appropriate information
2. SNMP Traps. The device sends a message out under a specific condition.
In neither case are all the logs on the device sent over SNMP.
If you do not configure traps, nothing will be sent to the rsyslog server.
I don't know if rsyslog supports SNMPv3 or not.
Traps are designed to be alerts for critical failures, while it's good to get
them, you probably want more data and really want the device to send it's logs
to you. Once you have the device sending it's logs, you will probably find that
the data that's in the traps is also in the log.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
