Related Topics

• SNMP Traps with Cisco and Other devices

• opEvents - Centralized Logging Solution

• opEvents - Syslog Handling - Adding a New Vendor

• opEvents - Syslog Handling - Adding a New Format

Table of Contents

Purpose

Provide a SNMP trap handling solution that can scale to 300 traps per second.

...

We need to tell opEvents to process the newly created snmptrap.log file.  This is done in /usr/local/omk/conf/opCommon.nmis.  Be careful with this file; in reality it is a perl hash, any syntax error will render the OMK server dead.  After modifying this file check it for syntax errors with the following command 'perl -c /usr/local/omk/conf/opCommon.nmis'.  If you are not scared you should be

Something like the following example needs to be added to the opevents section of opCommon.nmis. 

...

Install an opEvents parser plugin such as: snmpTrap.pm .  This perl module will be placed in /usr/local/omdomk/conf/parser_plugins. 

The plugin is not always needed. Traps can be processed using the event handler nmis traplog, but the plugin can parse more complex snmp traps.

...

We need to tell opEvents to process the newly created snmptrap.log file.  This is done in /usr/local/omk/conf/opCommon.nmis.  Be careful with this file; in reality it is a perl hash, any syntax error will render the OMK server dead.  After modifying this file check it for syntax errors (Just for the .nmis file) with the following command 'perl -c /usr/local/omk/conf/opCommon.nmis'.  If you are not scared you should be

      "opevents_logs" : {
         "traplog" : [
           "<nmis9_logs>/snmptrap.log"
         ],

...

We can add as many rules and captures as we need. Here you can find further information. 

Related Topics

...

SNMP Traps with Cisco and Other devices

...

opEvents - Centralized Logging Solution

...

opEvents - Syslog Handling - Adding a New Vendor

...