Re: [netsnmp-coders] missing information in logmatch trap

Fri, 06 Sep 2019 20:54:56 -0700 

Jeff,

Thanks for your reply.

It was a deliberate mail to net-snmp-coders. Because, I knew about the
pattern matching but that would not suffice because we get a trap like
below when we give a '.*' in pattern

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3022) 0:00:30.22
SNMPv2-MIB::snmpTrapOID.0 = OID: DISMAN-EVENT-MIB::mteTriggerFired
DISMAN-EVENT-MIB::mteHotTrigger.0 = STRING: Log Match
DISMAN-EVENT-MIB::mteHotTargetName.0 = STRING:
DISMAN-EVENT-MIB::mteHotContextName.0 = STRING:
DISMAN-EVENT-MIB::mteHotOID.0 = OID: UCD-SNMP-MIB::logMatchCurrentCount.1
DISMAN-EVENT-MIB::mteHotValue.0 = INTEGER: 9 UCD-SNMP-MIB::logMatchName.1 =
STRING: loginFailure UCD-SNMP-MIB::logMatchFilename.1 = STRING:
/var/log/auth.log UCD-SNMP-MIB::logMatchCurrentCount.1 = INTEGER: 9
UCD-SNMP-MIB::logMatchRegEx.1 = STRING: Failed password .*

For the following config,
logmatch loginFailure /var/log/auth.log 30 Failed password for .*
and line in log fine as below
Sep  5 19:51:43  sshd[23557]: Failed password for root from xx.xx.xx.xx
port 41569 ssh2

It will match the string but it will not print the username in the trap
data. So, I was looking for any code changes that an be done to make it
expand the pattern and then send that data in trap.

REgards,
Gowtham

On Sat, Sep 7, 2019 at 2:26 AM Jeff Gehlbach <je...@opennms.com> wrote:

> On 9/5/19 10:58 PM, Thommandra Gowtham wrote:
>
> > - How can we get more information in a logmatch trap other than the
> > pattern matched?
>
> Making your pattern match more text should do the trick. For example:
>
> logmatch loginFailure /var/log/auth.log 30 Failed password for .*
>
> BTW, this kind of question isn't really what the net-snmp-coders list is
> for. The net-snmp-users list is a better fit:
>
> https://sourceforge.net/projects/net-snmp/lists/net-snmp-users
>
> -jeff
>
>
> _______________________________________________
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>

_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders






















					Reply via email to