Hi Javier, So, if i understand you properly, you need to send an snmp trap back, isn't it?
On this case, make a simple script (like the msg.sh) an adapt this solution to your case: snmptrap -v 1 TRAP_RECIPIENT COMMUNITY OID LOCAL_IP GENERIC_TRAP SPECIFIC_TRAP s "string goes here" .... e.g. sending from 10.1.1.1 (to 10.2.2.2): snmptrap -v 1 10.2.2.2 public .1.3.6.1.2.1.0 10.1.1.1 1 6 0 0.0.0 s "This is a test" By the way, this is for snmp v1, if you are going to use v2 check the man page of snmptrap. Regards, > Hi, > > i use snmptt to trap handle. Some of the traps that i receive, correlate > and > process with SEC with an determinate OID, i apply them a > 'SingleWithSuppress' rule and it seems to work fine. But i need to trap > back > to snmptt to show the last coincidance later and i don´t know how to do it > although i´ve seen that part in this link: > http://snmptt.sourceforge.net/docs/snmptt.shtml#SEC > > That´s how o got it: > > perl sec.pl -conf=my2.conf -input=/var/log/snmptt/snmptt.log > > my.conf: > #Show the same alert only one time in 5 minutes > type=SingleWithSuppress > ptype=RegExp > pattern=<OID_x> > desc=servicio > action=shellcmd /home/javier/msg.sh <- Only writes a log > window=300 > > > snmptt.conf: > ... > EVENT <TRAP TYPE> <OID_x> "Status Events" Normal > EXEC tail -1 /var/log/snmptt/snmptt.log | grep <OID_x> >> > /var/log/snmptt/snmptt.sec.log > FORMAT .... > > > snmptt.conf.sec: > ... > EVENT <TRAP TYPE> <OID_x> "Status Events" Normal > EXEC tail -1 /var/log/snmptt/snmptt.log | grep <OID_x> >> > /var/log/snmptt/snmptt.sec.log > FORMAT .... > > > And that´s the point where i find myself... a little bit lost. Any advice > changing or modifying any data of here, will be very appreciated. > > Thanks!! > ------------------------------------------------------------------------------ > > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > Gonzalo Rodrigo Sancho Dept. Bitácora EMail: grodr...@s21sec.com Messenger: grodr...@s21sec.com Salvo que se indique lo contrario, esta información es CONFIDENCIAL y contiene datos de carácter personal que han de ser tratados conforme a la legislación vigente en materia de protección de datos. Si usted no es destinatario original de este mensaje, le comunicamos que no está autorizado a revisar, reenviar, distribuir, copiar o imprimir la información en él contenida y le rogamos que proceda a borrarlo de sus sistemas. Antes de imprimir este mensaje valora si verdaderamente es necesario. De esta forma contribuimos a la preservación del Medio Ambiente. ------------------------------------------------------------------------------ _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
