So now that I have rsyslog sending SNMP traps, we've discovered that the
messages it is sending don't actually follow the Adiscon MIB that is
referenced in the documentation...
Here is what the MIB says rsyslog should be sending:
syslogtrap NOTIFICATION-TYPE
OBJECTS { syslogMsg,
syslogSeverity,
syslogFacility
}
STATUS current
DESCRIPTION
"Syslogmessage Trap."
::= { monitorwaretraps 1 }
However what is actually being sent across the wire doesn't have the
syslogSeverity or syslogFacility, just the log message and the sysUpTime.
Looking at the code, this is all that appears to have been implemented:
/* If SNMP Version1 is configured !*/
if(pData->snmpsession->version == SNMP_VERSION_1) {
pdu = snmp_pdu_create(SNMP_MSG_TRAP);
/* Set enterprise */
if(!snmp_parse_oid(pData->szEnterpriseOID == NULL ?
"1.3.6.1.4.1.3.1.1" : (char*)pData->szEnterpriseOID,
enterpriseoid, &enterpriseoidlen )) {
strErr = snmp_api_errstring(snmp_errno);
errmsg.LogError(0, RS_RET_DISABLE_ACTION,
"omsnmp_sendsnmp: Parsing EnterpriseOID "
"failed '%s' with error '%s'
\n", pData->szSyslogMessageOID, strErr);
ABORT_FINALIZE(RS_RET_DISABLE_ACTION);
}
pdu->enterprise = (oid *) MALLOC(enterpriseoidlen *
sizeof(oid));
memcpy(pdu->enterprise, enterpriseoid, enterpriseoidlen
* sizeof(oid));
pdu->enterprise_length = enterpriseoidlen;
/* Set Traptype */
pdu->trap_type = pData->iTrapType;
/* Set SpecificType */
pdu->specific_type = pData->iSpecificType;
/* Set Updtime */
pdu->time = get_uptime();
}
/* If SNMP Version2c is configured !*/
else if (pData->snmpsession->version == SNMP_VERSION_2c)
{
long sysuptime;
char csysuptime[20];
/* Create PDU */
pdu = snmp_pdu_create(SNMP_MSG_TRAP2);
/* Set uptime */
sysuptime = get_uptime();
snprintf( csysuptime, sizeof(csysuptime) , "%ld",
sysuptime);
trap = csysuptime;
snmp_add_var(pdu, objid_sysuptime,
sizeof(objid_sysuptime) / sizeof(oid), 't', trap);
/* Now set the SyslogMessage Trap OID */
if ( snmp_add_var(pdu, objid_snmptrap,
sizeof(objid_snmptrap) / sizeof(oid), 'o',
pData->szSnmpTrapOID == NULL ?
"1.3.6.1.4.1.19406.1.2.1" : (char*) pData->szSnmpTrapOID
) != 0) {
strErr = snmp_api_errstring(snmp_errno);
errmsg.LogError(0, RS_RET_DISABLE_ACTION,
"omsnmp_sendsnmp: Adding trap OID failed '%s' with error '%s' \n",
pData->szSnmpTrapOID, strErr);
ABORT_FINALIZE(RS_RET_DISABLE_ACTION);
}
}
So rsyslog isn't actually complying with its own MIB - definitely looks
like this is a work in progress!!
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
