You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Purpose

Provide a SNMP trap handling solution that can scale to 300 traps per second.

Overview

This solution leverages snmptrapd to initially pull the trap off the wire, apply access  control, translate, then forward it to rsyslog.  rsyslog then puts the translated trap in a log file to be processed by opEvents.  opEvents then applies filtering, parsing and actions as appropriate. 

SNMP Trap Processing - Line Diagram
 
snmptrapd--> rsyslog--> /var/log/nmis/syslogSnmpTrap.log --> opEvents --> Blacklist --> EventParserRules --> clarogtSnmpTrapParserPlugin.pm

Deployment Steps

Step #1 - Configure snmptrapd to forward traps to rsyslog

Below is an example of configuring snmptrapd to send traps to rsyslog.  The '-Ls' flag tells snmptrapd to send logging output to syslog.  Using '-Ls 2' specifies that snmptrapd will send it with the local2 facility value.  The facility value is what rsyslog keys on for routing decisions.  Please review the snmptrapd and snmpcmd man pages.

/etc/sysconfig/snmptrapd
 OPTIONS="-n -Ls 2 -p /var/run/snmptrapd.pid -m ALL -M /usr/local/nmis8/mibs/traps"

Step #2 - Configure rsyslog to route traps into a specified log file

We need the traps to be placed into a specified log file that opEvents will process.  The following example states that all messages with a facility of local2 will be placed in the /usr/local/nmis8/logs/snmptrap.log file.

/etc/rsyslog.d/nmis.conf
local2.*                /usr/local/nmis8/logs/snmptrap.log

 

 

  • No labels