...
Code Block |
---|
SNMP Trap Processing - Line Diagram snmptrapd--> rsyslog--> /var/log/nmis/snmptrap.log --> opEvents --> Blacklist --> EventParserRules --> SnmpTrapParserPlugin.pm |
Deployment Steps
Step #1 - Configure snmptrapd to forward traps to
...
syslog
RHEL/Centos - Edit /etc/sysconfig/snmptrapd
Below is an example of configuring snmptrapd to send traps to rsyslog. The '-Ls' flag tells snmptrapd to send logging output to syslog. Using '-Ls2' specifies that snmptrapd will send it with the local2 facility value. The facility value is what rsyslog keys on for routing decisions. Please review the snmptrapd and snmpcmd man pages.
Code Block | ||
---|---|---|
| ||
OPTIONS="-n --OQ Ls2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis8/mibs/traps" |
Debian - Edit /etc/default/snmptrapd
Below is an example of configuring snmptrapd to send traps to rsyslog. The '-Ls' flag tells snmptrapd to send logging output to syslog. Using '-Ls2' specifies that snmptrapd will send it with the local2 facility value. The facility value is what rsyslog keys on for routing decisions. Please review the snmptrapd and snmpcmd man pages.
Code Block | ||
---|---|---|
| ||
TRAPDOPTS="-n --OQ Ls2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis8/mibs/traps" /etc/systemd/system/snmptrapd.service.d/override.conf -n -OQ -Ls2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis9/mibs/traps [Service] ExecStart= ExecStart=/usr/sbin/snmptrapd -n -OQ -Ls2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis9/mibs/traps |
Verify /etc/snmp/snmptrapd.conf
...
Most likely we will not want these messages to also go to /var/log/messages. We can edit /etc/rsyslog.conf to prevent this from happening. An example for facility local2 follows; notice the 'local2.nonepwd
' statement.
Code Block | ||
---|---|---|
| ||
*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages |
...