syslog-ng-users August 2011 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: [syslog-ng] snmptrapd to syslog-ng 3.1

[syslog-ng] snmptrapd to syslog-ng 3.1

From: Smart, Dan <SmartD_at_nospam>
Date: Wed Aug 17 2011 - 21:17:09 GMT
To: "" <>

My interest is in network device syslog and traps.
I'm trying to receive traps, and then process them in Simple Event Correlator (SEC). I've got SEC working fine with standard remote syslog.
After reading everything I could find, I found a discussion from 2008 about losing the source hostname when sending the trap to syslog.

I'm trying the source program method, and eliminating multi-line traps.
As I understand that syslog-ng is looking for Standard Out from the program, I specified -f in snmptrapd to stop forking, and -Lo to send output to standard output. I'm getting nothing in my d_debug file. Any suggestions?

There is also a web page with a filter and rewrite recipe for traps. Not sure why I need this if I am sending the trap directly to SEC.


========= syslog-ng.conf =================
options {

source s_program {
program("/usr/sbin/snmptrapd -a -f -Lo --disableAuthorization=yes", flags(no-multi-line));

destination d_debug {
   owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));

destination d_sec {
        program("/usr/local/bin/sec -input=\"-\" -conf=/usr/local/etc/sec.conf"
        flags(no-multi-line) );

log {
        destination(d_sec); destination(d_debug);

Member info: