How to send snmp trap when syslog is logged?

Question

I need to send snmp trap n number of host whenever any syslog is logged in /var/log/messages. How can I do this, can anybody give me any idea?

Depends on how complicated you're willing to go. you could look at something similar to the NAGIOS monitoring agents that can monitor and trap out when it picks something up. — Lawrence, Mar 04 '14 at 12:54

score 1 · Answer 1 · answered Mar 06 '14 at 11:40

1

If you use (or switch to) rsyslog, you can install the omsnmp module which can send syslog messages as SNMP traps.

answered Mar 06 '14 at 11:40

Flup

8,017
2
33
50

score 0 · Answer 2 · answered Mar 05 '14 at 16:11

LogZilla has the ability to send matched events from syslog to a trap receiver. You can download a demo from http://www.logzilla.net/index.php/download

To use the trap forwarding, login as admin and browse to Menu>Admin>Server Admin>Alerts and enable "Send Alerts to SNMP Trap Manager" and also set the SNMP Community and SNMP Destination values. Once you set those, HUP the syslog-ng daemon and enjoy :-)

Robert Calhoun · Answer 3 · 2014-08-14T19:54:05.040

0

inotify(7) is a system call that can be used to alert your process when the filesystem changes. inotifyd is a wrapper around inotify(). (inotifyd is in busybox but perhaps not in other distros.)

With inotifyd you make a script that does what you want, e.g. foo.sh

#!/bin/sh
echo "inotifyd passed me event=$1 file=$2"

Then tell inotifyd to run your script whenever the syslog changes:

$ inotifyd ~/foo.sh /var/log/syslog:c
inotifyd passed me event=c file=/var/log/syslog
inotifyd passed me event=c file=/var/log/syslog
...

edited Aug 14 '14 at 19:54

answered Aug 13 '14 at 21:11

Robert Calhoun

386
1
4

Can you expand on how one would do this? Perhaps adding an example? – slm Aug 13 '14 at 22:15

How to send snmp trap when syslog is logged?

3 Answers3