Hi I am using net-snmp 5.7.3 on Ubuntu and have a few questions regarding logmatch trap
- How can we get more information in a logmatch trap other than the pattern matched? For example if we have below logmatch loginFailure /var/log/auth.log 30 Failed password monitor -r 10 -o logMatchName -o logMatchFileName -o logMatchCurrentCount -o logMatchRegEx "Log Match" != logMatchCurrentCount we get the below trap DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3774203) 10:29:02.03 SNMPv2-MIB::snmpTrapOID.0 = OID: DISMAN-EVENT-MIB::mteTriggerFired DISMAN-EVENT-MIB::mteHotTrigger.0 = STRING: Log Match DISMAN-EVENT-MIB::mteHotTargetName.0 = STRING: DISMAN-EVENT-MIB::mteHotContextName.0 = STRING: DISMAN-EVENT-MIB::mteHotOID.0 = OID: UCD-SNMP-MIB::logMatchCurrentCount.1 DISMAN-EVENT-MIB::mteHotValue.0 = INTEGER: 3 UCD-SNMP-MIB::logMatchName.1 = STRING: loginFailure UCD-SNMP-MIB::logMatchFilename.1 = STRING: /var/log/auth.log UCD-SNMP-MIB::logMatchCurrentCount.1 = INTEGER: 3 UCD-SNMP-MIB::logMatchRegEx.1 = STRING: Failed password for the below message in auth.log Sep 5 19:51:43 sshd[23557]: Failed password for root from xx.xx.xx.xx port 41569 ssh2 Is it possible to get the user name in the string as part of the logmatch trap? Like 'root' in above example. If it is not possible via the logmatch implementation, can we execute a script when the pattern is matched that can do additional checking and raise a trap instead? Thanks in advance.
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders