AnsweredAssumed Answered

SNMP log parser

Question asked by Nikolay Klender on Aug 2, 2017
Latest reply on Aug 3, 2017 by Maximiliano Cittadini

Log collector able to recieve snmp traps, but I have not found any documentation about snmp parser for logs  configuration.

There is sample log from cyberark (unfortunately such messages cyberark able to send via snmp only):

%TRAP [device_addr=192.168.1.2] [device_addr=192.168.1.2] [.1.3.6.1.2.1.1.3.0=14:10:17:33.00] [.1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.11536.3.6.1000] [.1.3.6.1.4.1.11536.1.1.1.1="italog"] [.1.3.6.1.4.1.11536.1.1.1.2=""] [.1.3.6.1.4.1.11536.1.1.1.3="02/08/2017 08:46:42 ITATS427W Safe PSMRecordings14 is nearly out of space. 17543MB out of 500000MB (3%) left. "]

 

What is a general aproach? May be you have any special parser like you have for CEF source?

Outcomes