Software version is 5.5, installed via RPM on CentOS 6.4:
net-snmp.x86_64 1:5.5-44.el6_4.4 @updates net-snmp-libs.x86_64 1:5.5-44.el6_4.4 @updates net-snmp-utils.x86_64 1:5.5-44.el6_4.4 @updates [root@mucnvmonpapc01 ucce-eventlog]# snmptrapd --version NET-SNMP Version: 5.5 Web: http://www.net-snmp.org/ Email: firstname.lastname@example.org
When I start snmptrapd with the 'log to syslog' option '-Ls4' (which should cause the log entries to be logged to the 'local4' facility), for each trap/inform received I get two log entries, the first one of which is actually logged to 'local4:info' and the second one of which invariably gets the 'user:notice' facility/severity information:
Nov 25 18:39:23 mucnvmonpapc01 <local4:info> snmptrapd: 2013-11-25 18:39:23 localhost [UDP: [127.0.0.1]:41853->[127.0.0.1]]: Nov 25 18:39:23 mucnvmonpapc01 <user:notice> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::snmpTrapOID.0 = OID: CISCO-CONTACT-CENTER-APPS-MIB::cccaIcmEvent [...]
This means that it is not possible to sensibly file the received traps into a specific log file using the facility/severity code.
It is also not very straightforward to log the traps as two syslog messages, with the second one lacking any 'program' field that could be used for filtering.
Log in to post a comment.