Forum Discussion
Custom SNMP Trap Definition
First, I'm a bit confused at the regex that I should be using to match the log. An example syslog message is:
Certificate 'mywork.com' in file mywork.com.crt will expire on Fri Nov 11 23:59:59 2011 GMT
.. so, my thought is to create a regexp that will match something similar to "Certificate * in file * will expire on," but I haven't gotten this to work correctly yet. Here is what I tried using:
"Certificate \'[\w\.]+\' in file \'[\w\.]+\' will expire"
That did not work, so I'm guessing it is not correct. I was able to match it via "will expire on," but this is a bit too generic and I would rather match it more accurately.
Next, how do I name the trap like the pre-defined traps are. The trap is coming through to my NMS as something generic like "bigIpNotifications.300"
The log message is contained in bigipNotifyObjMsg, but is there a way that I can separate the variable fields (such as the certificate file name, date, etc) into separate fields like bigipSSLCertName, etc so I can parse them on my NMS? All of the pre-defined traps seem to be parsed separately like this.
Josh
- nitassEmployeei am not familiar with regex. this is mine.
[root@ve1023:Active] config cat user_alert.conf alert CERT_EXPIRE "Certificate (.*?w.*?) in file (.*?w.*?) will expire on (.*?)" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300" } [root@ve1023:Active] config logger -p local0.warning "Certificate 'mywork.com' in file mywork.com.crt will expire on Fri Nov 11 23:59:59 2011 GMT" [root@ve1023:Active] config tcpdump -nni 0.0 -s0 udp port 162 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes 19:08:13.288342 IP 172.28.65.150.44961 > 192.168.206.102.162: V2Trap(192) .1.3.6.1.2.1.1.3.0=10469 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.3375.2.4.0.300 .1.3.6.1.4.1.3375.2.4.1.1="Certificate 'mywork.com' in file mywork.com.crt will expire on Fri Nov 11 23:59:59 2011 GMT" .1.3.6.1.6.3.1.1.4.3.0=.1.3.6.1.4.1.3375.2.4 out slot1/tmm0 lis=
- Josh_41258NimbostratusThanks, I'll give your regex a try.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com