[plug] syslog-ng
Ryan King
communist.goatherder at gmail.com
Thu Jul 3 18:17:04 WST 2008
On Thu, Jul 3, 2008 at 6:44 PM, Adam Hewitt <ahewitt at theozhewitts.com>
wrote:
> Hi All,
>
> I am trying to get snmptraps passed through to syslog-ng and then sent
> through an interpretor into Nagios. I have snmptrapd logging to syslog, and
> I have added the following lines to syslog-ng.conf:
>
> destination d_nagios { file("/tmp/test_file.txt"); };
> filter f_snmptrap { program("snmptrapd"); };
> log { source(s_sys); filter(f_snmptrap); destination(d_nagios); };
>
> sending it to the test_file was just to make sure I was actually catching
> the snmptrapd logs which I am not.
>
> I have tried a number of variations on the ("snmptrapd") such as
> ("snmptrapd\[.*\]") and none of them work.
>
> can anyone see where my logic has gone astray?
>
> cheers,
>
> Adam.
Hey Adam,
It's been a while, how's it going ;)
Can't see anything obviously wrong - but I am wondering about 'snmptrapd'
and if it's actually logging to the source you are using? Depending on the
version of snmptrapd / dist, you have to specify -Ls for it to use
syslog... But what does source s_sys look like?
What about just removing the filter and dumping source s_sys straight to
that temp file - just to make sure the messages are coming through that
source and to double check the program name?
That's where I'd start anyway.
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20080703/aa18b496/attachment.html>
More information about the plug
mailing list