Honestly, I'd kick in a few bucks for this out of my own pocket (SNMP
receiver/forwarder).
The problem with snmptrapd is they added a feature which requires you to
list what community strings you want it to process/forward. If you're in
a large environment and have no control over the edge devices, there's
no way to use the product like that. You just can't know all the
community strings.
Sure, you can say something like "Standards!", or "Best Practices!", but
we all know that some days they're just words to some people ...
To have a respected, concrete product like rsyslog provide this ... like
I said, I'd kick in a few bucks.
Jacob
On 11/3/2013 10:49 AM, David Lang wrote:
by the way, net-snmp includes a program to receive SNMP traps and send
them to syslog, snmptrapd. so you may already have all the pieces
available to handle SNMP traps.
looking at netflow, it looks like a mess to parse, and current versions
use SCTP instead of UDP for their transport. This just means that
implementing input and output modules is probably more work than I was
thinking when I wrote the message below.
David Lang
On Sun, 3 Nov 2013, David Lang wrote:
Date: Sun, 3 Nov 2013 08:25:12 -0800 (PST)
From: David Lang <da...@lang.hm>
Reply-To: rsyslog-users <rsyslog@lists.adiscon.com>
To: rsyslog-users <rsyslog@lists.adiscon.com>
Subject: Re: [rsyslog] Question on 600$ dev cost.
First off to be clear, I don't work for Adiscon. They are Rainer's
employer and the primary sponsors of Rsyslog. That said, Rsyslog is
opensource, so you can hire anyone to write something for you, so you
could hire Pavel, me or anyone else to write something. Adiscon
professional services can probably write it faster than the rest of us
as they are the most familiar with the code, but you don't have to
limit yourself to them. It is nice to throw business their way to
thank them for their work, but if they are too backed up anything goes
:-)
There is already a onsnmp module, although it may need to be modified
to do what you are looking for.
Rainer and Adiscon tend to quote in Euros, not $, but you'll have to
wait and see what he has to say as far as the price goes, I think
you're asking for more items than a single ~$600 project, but we'll
have to see.
It sounds like what you are looking for is the following
an input module that will accept SNMP traps and convert them to syslog
messages
an output module that will convert specially formatted syslog messages
to SNMP traps (this may just be a modification/update of the existing
omsnmp module)
an input module that will accept netflow messages and convert them to
syslog messages
an output module that will convert messages to netflow format and send
them
netflow has a lot of different versions of the protocol, which
versions did you want to support? do you need to be able to accept
input in one format and send output in a different format?
what message rate are you thinking of in terms of netflow messages?
I would be thinking in terms of having the syslog message be a JSON
formatted message containing all the pieces needed to recreate the
original message, and the outputs looking for those specific tags.
Given that the inputs are UDP, and they are one message per packet, it
may not require full input modules, but rather just new parser modules
that can be run from the existing imudp module
I think I've seen comments that parser modules would be ~500 Euros for
Adiscon/Rainer to write.
David Lang
On Sun, 3 Nov 2013, Nick Syslog wrote:
Rainer/David,
I was curious if the 600$ development costs for an "open" effort
would be
possible for something like netflow/snmp inputs and outputs?
Have had a lot of conversations lately with co-workers about the
possibility of having SNMP and Netflow routed via rsyslog but I know
that
both of these aren't syslog either so I wanted to ultimately see what
the
viability of something like this is first.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
