Issue
I'm facing a problem right now :
I have a first machine (we will call it A), on which i've installed a Zabbix server, to monitor some other servers.
I would like to monitor the syslog daemon. And then i found : omsnmp, a rsyslog module which is able to send SNMP traps to my Zabbix machine A.
But, the problem is that, the syslog is too much important, and i don't want to send every message (information, warning, critical, ...)
I would like to send only critical messages present in syslog.
But, i don't have any parameter in the module omsnmp to specify the filter.
I would like to know, using http://www.rsyslog.com/doc/rsyslog%255Fconf%255Ffilter.html this documentation, if i'm able to do something like :
if $severity== 'critical' then {
*.* action(type="omsnmp" parameters ??") <- i load the module with parameters
}
Any help would be appreciated,
Waiting for any answers, or tracks to follow
Thanks, sleakerz
Solution
There is the way for people who want to do the same task :
$ModLoad omsnmp
$actionsnmptransport udp
$actionsnmptarget 129.183.11.170
$actionsnmptargetport 162
$actionsnmpversion 1
$actionsnmpcommunity public
And now, use filters :
*.=alert :omsnmp:
*.=warning :omsnmp:
This will send SNMP traps only if the log is an alert or a warning, in fact, it will allow the module to then only these type of logs.
here are the filters available :
- emerg
- alert
- crit
- err
- warning
- notice
- info
- debug
Answered By - sleakerz