Re: [netsnmp-coders] missing information in logmatch trap

Mon, 23 Sep 2019 23:27:24 -0700 

Hi Jeff,

Can I get a response for the request?

Thanks,
Gowtham

On Sat, Sep 7, 2019 at 9:23 AM Thommandra Gowtham <trgowtham...@gmail.com>
wrote:

> Jeff,
>
> Thanks for your reply.
>
> It was a deliberate mail to net-snmp-coders. Because, I knew about the
> pattern matching but that would not suffice because we get a trap like
> below when we give a '.*' in pattern
>
> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3022) 0:00:30.22
> SNMPv2-MIB::snmpTrapOID.0 = OID: DISMAN-EVENT-MIB::mteTriggerFired
> DISMAN-EVENT-MIB::mteHotTrigger.0 = STRING: Log Match
> DISMAN-EVENT-MIB::mteHotTargetName.0 = STRING:
> DISMAN-EVENT-MIB::mteHotContextName.0 = STRING:
> DISMAN-EVENT-MIB::mteHotOID.0 = OID: UCD-SNMP-MIB::logMatchCurrentCount.1
> DISMAN-EVENT-MIB::mteHotValue.0 = INTEGER: 9 UCD-SNMP-MIB::logMatchName.1 =
> STRING: loginFailure UCD-SNMP-MIB::logMatchFilename.1 = STRING:
> /var/log/auth.log UCD-SNMP-MIB::logMatchCurrentCount.1 = INTEGER: 9
> UCD-SNMP-MIB::logMatchRegEx.1 = STRING: Failed password .*
>
> For the following config,
> logmatch loginFailure /var/log/auth.log 30 Failed password for .*
> and line in log fine as below
> Sep  5 19:51:43  sshd[23557]: Failed password for root from xx.xx.xx.xx
> port 41569 ssh2
>
> It will match the string but it will not print the username in the trap
> data. So, I was looking for any code changes that an be done to make it
> expand the pattern and then send that data in trap.
>
> REgards,
> Gowtham
>
> On Sat, Sep 7, 2019 at 2:26 AM Jeff Gehlbach <je...@opennms.com> wrote:
>
>> On 9/5/19 10:58 PM, Thommandra Gowtham wrote:
>>
>> > - How can we get more information in a logmatch trap other than the
>> > pattern matched?
>>
>> Making your pattern match more text should do the trick. For example:
>>
>> logmatch loginFailure /var/log/auth.log 30 Failed password for .*
>>
>> BTW, this kind of question isn't really what the net-snmp-coders list is
>> for. The net-snmp-users list is a better fit:
>>
>> https://sourceforge.net/projects/net-snmp/lists/net-snmp-users
>>
>> -jeff
>>
>>
>> _______________________________________________
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>

_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders






















					Reply via email to