Usage¶
Syslog collector provides a Syslog messages matcher (for some regex you configure) and a SNMP Agent.
The SNMP Agent can be used as a standalone agent, or, in real use cases, it is referred by a master agent (i.e. snmpd by net-snmp) via proxy directive in snmpd.conf file.
The syslog messages matcher, match some regular expression you configure and keeps counter of what has been found and communicate results to SNMP Agent.
Ready to run !¶
In your host you have to set proxy directive in snmpd.conf as:
- proxy -v 1 -c public localhost:1161 .1.3.6.1.4.1
The OID put in proxy directive MUST exists.
Main configuration file is settings.py. You need to set:
SUBAGENT_BASE_OID to the root of the exported oids (which is an OID under the root OID set in the proxy directive of snmpd.conf)
MSG_REGEX_LIST with the list of tuples that represents regular expressions to match. For each tuple the first parameter is the entry title, the second is the regex to search for in log messages received, the third let the syslog_handler know if it must stop processing other entries if that one is matched successfully.
NOTE: order matters !
Example:
MSG_REGEX_LIST = [
('hello world', r'hello\ world'),
('startswith hello', r'hello.*'),
('cron messages', r'.*CRON.*', 1),
('syslogd restart', r'syslogd .* restart$'),
]
Now you can start syslog-agentX.py and let things flow !
You can retrieve values with snmpwalking your SUBAGENT_BASE_OID. In the oid SUBAGENT_BASE_OID + one of the following indexes + index of regex in MSG_REGEX_LIST + 1:
- 1 –> name as configured in MSG_REGEX_LIST
- 2 –> regex as configured in MSG_REGEX_LIST
- 3 –> exit_if_matched as configured in MSG_REGEX_LIST
- 4 –> last_matched
- 5 –> value (counter32: how many times regex matched)
Subagent also exports some system info in mib2.system
Next Step¶
Next step is Configuration which explain to you each configuration option.
