Software version is 5.5, installed via RPM on CentOS 6.4:
net-snmp.x86_64 1:5.5-44.el6_4.4 @updates net-snmp-libs.x86_64 1:5.5-44.el6_4.4 @updates net-snmp-utils.x86_64 1:5.5-44.el6_4.4 @updates [root@mucnvmonpapc01 ucce-eventlog]# snmptrapd --version NET-SNMP Version: 5.5 Web: http://www.net-snmp.org/ Email: firstname.lastname@example.org
When I start snmptrapd with the 'log to syslog' option '-Ls4' (which should cause the log entries to be logged to the 'local4' facility), for each trap/inform received I get two log entries, the first one of which is actually logged to 'local4:info' and the second one of which invariably gets the 'user:notice' facility/severity information:
Nov 25 18:39:23 mucnvmonpapc01 <local4:info> snmptrapd: 2013-11-25 18:39:23 localhost [UDP: [127.0.0.1]:41853->[127.0.0.1]]: Nov 25 18:39:23 mucnvmonpapc01 <user:notice> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::snmpTrapOID.0 = OID: CISCO-CONTACT-CENTER-APPS-MIB::cccaIcmEvent [...]
This means that it is not possible to sensibly file the received traps into a specific log file using the facility/severity code.
It is also not very straightforward to log the traps as two syslog messages, with the second one lacking any 'program' field that could be used for filtering.