...
| Code Block |
|---|
SNMP Trap Processing - Line Diagram snmptrapd--> rsyslog--> /var/log/nmis/snmptrap.log --> opEvents --> Blacklist --> EventParserRules --> SnmpTrapParserPlugin.pm |
Deployment Steps
Step #1 - Configure snmptrapd to forward traps to
...
syslog
RHEL/Centos - Edit /etc/sysconfig/snmptrapd
Below is an example of configuring snmptrapd to send traps to rsyslog. The '-Ls' flag tells snmptrapd to send logging output to syslog. Using '-Ls2' specifies that snmptrapd will send it with the local2 facility value. The facility value is what rsyslog keys on for routing decisions. Please review the snmptrapd and snmpcmd man pages.
| Code Block | ||
|---|---|---|
| ||
OPTIONS="-n --OQ Ls2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis8/mibs/traps" |
Debian - Edit /etc/default/snmptrapd
Below is an example of configuring snmptrapd to send traps to rsyslog. The '-Ls' flag tells snmptrapd to send logging output to syslog. Using '-Ls2' specifies that snmptrapd will send it with the local2 facility value. The facility value is what rsyslog keys on for routing decisions. Please review the snmptrapd and snmpcmd man pages.
| Code Block | ||
|---|---|---|
| ||
TRAPDOPTS="-n --OQ Ls2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis8/mibs/traps" /etc/systemd/system/snmptrapd.service.d/override.conf -n -OQ -Ls2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis9/mibs/traps [Service] ExecStart= ExecStart=/usr/sbin/snmptrapd -n -OQ -Ls2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis9/mibs/traps |
Verify /etc/snmp/snmptrapd.conf
...
Most likely we will not want these messages to also go to /var/log/messages. We can edit /etc/rsyslog.conf to prevent this from happening. An example for facility local2 follows; notice the 'local2.nonepwd
' statement.
| Code Block | ||
|---|---|---|
| ||
*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages |
...