Hi Jeff, Can I get a response for the request?
Thanks, Gowtham On Sat, Sep 7, 2019 at 9:23 AM Thommandra Gowtham <trgowtham...@gmail.com> wrote: > Jeff, > > Thanks for your reply. > > It was a deliberate mail to net-snmp-coders. Because, I knew about the > pattern matching but that would not suffice because we get a trap like > below when we give a '.*' in pattern > > DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3022) 0:00:30.22 > SNMPv2-MIB::snmpTrapOID.0 = OID: DISMAN-EVENT-MIB::mteTriggerFired > DISMAN-EVENT-MIB::mteHotTrigger.0 = STRING: Log Match > DISMAN-EVENT-MIB::mteHotTargetName.0 = STRING: > DISMAN-EVENT-MIB::mteHotContextName.0 = STRING: > DISMAN-EVENT-MIB::mteHotOID.0 = OID: UCD-SNMP-MIB::logMatchCurrentCount.1 > DISMAN-EVENT-MIB::mteHotValue.0 = INTEGER: 9 UCD-SNMP-MIB::logMatchName.1 = > STRING: loginFailure UCD-SNMP-MIB::logMatchFilename.1 = STRING: > /var/log/auth.log UCD-SNMP-MIB::logMatchCurrentCount.1 = INTEGER: 9 > UCD-SNMP-MIB::logMatchRegEx.1 = STRING: Failed password .* > > For the following config, > logmatch loginFailure /var/log/auth.log 30 Failed password for .* > and line in log fine as below > Sep 5 19:51:43 sshd[23557]: Failed password for root from xx.xx.xx.xx > port 41569 ssh2 > > It will match the string but it will not print the username in the trap > data. So, I was looking for any code changes that an be done to make it > expand the pattern and then send that data in trap. > > REgards, > Gowtham > > On Sat, Sep 7, 2019 at 2:26 AM Jeff Gehlbach <je...@opennms.com> wrote: > >> On 9/5/19 10:58 PM, Thommandra Gowtham wrote: >> >> > - How can we get more information in a logmatch trap other than the >> > pattern matched? >> >> Making your pattern match more text should do the trick. For example: >> >> logmatch loginFailure /var/log/auth.log 30 Failed password for .* >> >> BTW, this kind of question isn't really what the net-snmp-coders list is >> for. The net-snmp-users list is a better fit: >> >> https://sourceforge.net/projects/net-snmp/lists/net-snmp-users >> >> -jeff >> >> >> _______________________________________________ >> Net-snmp-coders mailing list >> Net-snmp-coders@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders >> >
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders