Forwarding snmptrapd SNMP trap messages to rsyslog

From Notes_Wiki
Revision as of 16:17, 2 March 2015 by Saurabh (talk | contribs)

<yambe:breadcrumb>Rsyslog_configuration|Rsyslog configuration</yambe:breadcrumb>

Forwarding snmptrapd SNMP trap messages to rsyslog

It is possible that some device does not supports sending messages to rsyslog but supports sending trap messages to snmp trap server. Further it might be the case that device supports both for different type of situations. Thus configuring snmptrapd to get snmp trap messages might become necessary. To configure snmptrapd use:

  1. yum -y install net-snmp
  2. Update firewall to allow incoming packets on UDP port 162 and restart firewall for new changes to take effect
  3. Edit /etc/snmp/snmptrapd.conf and add following line:
    authCommunity log,execute,net Rsyslog_Server
    Here name of the community (in our case, 'Rsyslog_Server') must match in the controller configuration and should not contain any spaces.
  4. Start and enable snmptrapd service
  5. Then same as in case of Linksys and HP switches as described at Configuring rsyslog to get syslog from network devices add following lines for sending such logs to a different log file:
    if $programname == 'Cisco_2504_Controller' or $msg contains '10.4.5.75' then /var/log/netlog/Cisco/Cisco_2504_Controller.log
    & ~
    Here programname, IP address and desired log path should be configured as per the requirements.


Cisco 2504 controller

Specifically in case of Cisco 2504 controller using below command on log file:

grep IpAddress Cisco_2504_Controller.log | awk -F# '{for(i=4;i<9;i++){res=$i; split(res,resArr,":"); printf "%s,",resArr[4]} printf "\n"}'

produces output of the form <email-address>, <AP-mac-addr>, <client-mac-addr>, <ip-addr>, <AP-name>


Steps contributed by Nehal J Wani and documented with help of Kiran Kollipara



<yambe:breadcrumb>Rsyslog_configuration|Rsyslog configuration</yambe:breadcrumb>