by the way, net-snmp includes a program to receive SNMP traps and send them to
syslog, snmptrapd. so you may already have all the pieces available to handle
SNMP traps.
looking at netflow, it looks like a mess to parse, and current versions use SCTP
instead of UDP for their transport. This just means that implementing input and
output modules is probably more work than I was thinking when I wrote the
message below.
David Lang
On Sun, 3 Nov 2013, David Lang wrote:
Date: Sun, 3 Nov 2013 08:25:12 -0800 (PST)
From: David Lang <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] Question on 600$ dev cost.
First off to be clear, I don't work for Adiscon. They are Rainer's employer
and the primary sponsors of Rsyslog. That said, Rsyslog is opensource, so you
can hire anyone to write something for you, so you could hire Pavel, me or
anyone else to write something. Adiscon professional services can probably
write it faster than the rest of us as they are the most familiar with the
code, but you don't have to limit yourself to them. It is nice to throw
business their way to thank them for their work, but if they are too backed
up anything goes :-)
There is already a onsnmp module, although it may need to be modified to do
what you are looking for.
Rainer and Adiscon tend to quote in Euros, not $, but you'll have to wait and
see what he has to say as far as the price goes, I think you're asking for
more items than a single ~$600 project, but we'll have to see.
It sounds like what you are looking for is the following
an input module that will accept SNMP traps and convert them to syslog
messages
an output module that will convert specially formatted syslog messages to
SNMP traps (this may just be a modification/update of the existing omsnmp
module)
an input module that will accept netflow messages and convert them to syslog
messages
an output module that will convert messages to netflow format and send them
netflow has a lot of different versions of the protocol, which versions did
you want to support? do you need to be able to accept input in one format and
send output in a different format?
what message rate are you thinking of in terms of netflow messages?
I would be thinking in terms of having the syslog message be a JSON formatted
message containing all the pieces needed to recreate the original message,
and the outputs looking for those specific tags.
Given that the inputs are UDP, and they are one message per packet, it may
not require full input modules, but rather just new parser modules that can
be run from the existing imudp module
I think I've seen comments that parser modules would be ~500 Euros for
Adiscon/Rainer to write.
David Lang
On Sun, 3 Nov 2013, Nick Syslog wrote:
Rainer/David,
I was curious if the 600$ development costs for an "open" effort would be
possible for something like netflow/snmp inputs and outputs?
Have had a lot of conversations lately with co-workers about the
possibility of having SNMP and Netflow routed via rsyslog but I know that
both of these aren't syslog either so I wanted to ultimately see what the
viability of something like this is first.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
