Related Topics
Table of Contents
Table of Contents |
---|
Purpose
Provide a SNMP trap handling solution that can scale to 300 traps per second.
...
Code Block | ||
---|---|---|
| ||
*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages |
Step #3 - Configure opEvents to process SNMP trap log file using a plugin
Modify opCommon.nmis
We need to tell opEvents to process the newly created snmptrap.log file. This is done in /usr/local/omk/conf/opCommon.nmis. Be careful with this file; in reality it is a perl hash, any syntax error will render the OMK server dead. After modifying this file check it for syntax errors with the following command 'perl -c /usr/local/omk/conf/opCommon.nmis'. If you are not scared you should be
Something like the following example needs to be added to the opevents section of opCommon.nmis.
...
Install SNMP trap parser plugin
Install an opEvents parser plugin such as: snmpTrap.pm . This perl module will be placed in /usr/local/omdomk/conf/parser_plugins.
The plugin is not always needed. Traps can be processed using the event handler nmis traplog, but the plugin can parse more complex snmp traps.
...
Using the built in traplog parser, we would modify the Step 3 for the following:
Step #3 - Configure opEvents to process SNMP trap log file using a built in parser
Modify opCommon.nmis (abi3)/opCommon.json (abi4)
We need to tell opEvents to process the newly created snmptrap.log file. This is done in /usr/local/omk/conf/opCommon.nmis. Be careful with this file; in reality it is a perl hash, any syntax error will render the OMK server dead. After modifying this file check it for syntax errors (Just for the .nmis file) with the following command 'perl -c /usr/local/omk/conf/opCommon.nmis'. If you are not scared you should be
Code Block |
---|
"opevents_logs" : { "traplog" : [ "<nmis9_logs>/snmptrap.log" ], |
...
We can add as many rules and captures as we need.
Related Topics
...
SNMP Traps with Cisco and Other devices
...
opEvents - Centralized Logging Solution
...
opEvents - Syslog Handling - Adding a New Vendor
...
Here you can find further information.