Now that we have the LooperNG basics down, we can start toying with some of the SNMP modules. In the following example, we will create a circular LooperNG configuration... just because we can. A circular configuration implies an output module sending events to an input module. Circular configurations can be dangerous if not properly tested, and may result in endless loops.
We are going to build a simple syslog-to-trap generator. Instead of sending the traps to a management station, we will send them back to LooperNG's snmpd_in module which logs the trap to a log file.
Note: Since snmpd_in binds to port 162, which is a privelaged port, you will need to be root to run the below example.
# Uncomment the below line to use a rules file. rulesfile = '/opt/local/looper/conf/rules/snmpdemo.rules' # Set log level and location. The location can be overridden # with the --stderr switch. loglevel = '4' logfile = '/opt/local/looper/log/looper.log' # Set the listen port for the admin server (--port). port = '5400' # MD5 encrypted password. Use --md5 to generate a new password. password = 'cf79217d6d9da75c6605bffb8eeabb96' # New input module named syslog1. This module will be used to monitor # a syslog file for new events. input syslog_in1 { # Module file name as expected in $LOOPER_HOME/modules module = 'syslog_in' # Which file to monitor logfile = '/var/log/messages.1.bak' # The poll time for the file. sleeptime = '2' # tailstyle specifies where the monitoring begins. Set # to 0 for end-of-file. n for last n lines. Or -1 to # read entire file from beginning. # # Below we start reading from the last 10 lines. tailstyle = '10' # Where syslog_in debug messages go debugmessages = '/opt/local/looper/log/syslog_in.log' # syslog_in debug level debugmode = '4' } # Start an SNMP trap collector called snmpd_in1 input snmpd_in1 { # Module file name module = 'snmpd_in' debugmessages = '/opt/local/looper/log/snmpd_in.log' debugmode = '4' } # A new output module named logfile_out1. This module is used to # send events to a log file. Useful debugging aid. output logfile_out1 { module = 'logfile_out' # Name of file to send alerts to filename = '/opt/local/looper/log/logfile.out' # If set to 1 will append to existing file append = 0 debugmode = '4' debugmessages = '/opt/local/looper/log/logfile_out.log' } # An SNMP trap generator. output trapgen1 { module = 'snmptrap_out' # Where to send traps managementstation = '127.0.0.1' port = '162' community = 'public' version = '2' # SNMP Enterprise number to use (can be overriden in rules file) enterprise = '1.3.6.1.4.1.34555' # OID prefix. varbindoids = '1.3.5.1.4.1.34555.1' # String delimeter for varbinds varbinddelimeter = '::' debugmode = '4' debugmessages = '/opt/local/looper/log/trapgen1.log' } # A RAW trap forwarder output trapgen2 { __autostart = 'no' module = 'snmptrap_out' # Where to send traps to managementstation = '192.168.1.111' port = '162' community = 'public' # Setting rawmode to 1 tells it to blindly forward # the trap in $OUT{rawtrap} without rewriting it. $OUT{rawtrap} # should be a base64 encoded SNMP trap PDU. The snmpd_in # module delivers this token in $IN{rawtrap}. rawmode = '1' debugmode = '4' debugmessages = '/opt/local/looper/log/trapgen2.log' }
The module named trapgen2 does not serve any purpose in this example. It was put there to demonstrate a trap forwarder/exploder configuration. When snmpd_in sends an event, it encodes the raw trap PDU in a token called $IN{rawtrap}. If a snmptrap_out module runs with rawtrap set to 1, it uses $OUT{rawtrap} to forward the same trap to another destination.
%OUT = (); if ( $IN{__module} eq 'snmpd_in1' ) { LOG (4, "Got trap. Logging all tokens to file..."); %OUT = %IN; SEND ('logfile_out1'); } elsif ( $IN{__module} eq 'syslog_in1' ) { LOG (4, "Got Syslog message. Forwarding as trap..."); $OUT{generictrap} = 6; $OUT{specifictrap} = 1000; # Varbinds separated by '::' ... $OUT{varbinds} = "$IN{node} :: $IN{desc}"; SEND ('trapgen1'); }
./looperng -c conf/snmpdemo.conf --stderr --loglevel4
[root@grok log]# cd /opt/local/looper/log [root@grok log]# cat logfile.out ---SNIP--- Event at [Sun Sep 14 11:20:29 2003] __module = snmpd_in1 varbindOID1 = 1.3.5.1.4.1.34555.1.6.10001 enterprise = 1.3.6.1.4.1.34555 varbindOID0 = 1.3.5.1.4.1.34555.1.6.10000 __runpath = /opt/local/looper/modules/snmpd_in agentaddr = 192.168.0.51 rawtrap = MIGXAgEABAZwdWJsaWOkgYkGCCsGAQQBgo17QATAqAAzAgEGAgID6EMBZDBtMBoGDCsFAQQBgo17?AQbOEAQKbG9jYWxob3N0IDBPBgwrBQEEAYKNewEGzhEEPyBzdShwYW1fdW5peClbMjUxMTVdOiBz?ZXNzaW9uIG9wZW5lZCBmb3IgdXNlciByb290IGJ5ICh1aWQ9NTAwKQ==? varBindTotal = 2 __taskid = 4 varbindTag1 = 4 generic-trap = 6 community = public varbindTag0 = 4 __taskpid = 6374 varbind1 = su(pam_unix)[25115]: session opened for user root by (uid=500) varbind0 = localhost specific-trap = 1000 Event at [Sun Sep 14 11:20:29 2003] __module = snmpd_in1 varbindOID1 = 1.3.5.1.4.1.34555.1.6.10001 enterprise = 1.3.6.1.4.1.34555 varbindOID0 = 1.3.5.1.4.1.34555.1.6.10000 __runpath = /opt/local/looper/modules/snmpd_in agentaddr = 192.168.0.51 rawtrap = MG8CAQAEBnB1YmxpY6RiBggrBgEEAYKNe0AEwKgAMwIBBgICA+hDAWQwRjAaBgwrBQEEAYKNewEG?zhAECmxvY2FsaG9zdCAwKAYMKwUBBAGCjXsBBs4RBBggc3lzbG9nZCAxLjQuMTogcmVzdGFydC4=? varBindTotal = 2 __taskid = 4 varbindTag1 = 4 generic-trap = 6 community = public varbindTag0 = 4 __taskpid = 6374 varbind1 = syslogd 1.4.1: restart. varbind0 = localhost specific-trap = 1000 ---SNIP--- [root@grok log]#
The output above is a good example of all the tokens generated by the snmpd_in module. As you can see the SNMP variable bindings are stored in varbind0 and varbind1. They consist of the syslog hostname and description. The agent address has been masqueraded as another host. The rawtrap token is a Base64 encoded SNMP trap PDU.
Back to LooperNG Tutorial
lib/pear/DB/common.php:741: Notice[8]: Only variable references should be returned by reference
lib/pear/DB/common.php:741: Notice[8]: Only variable references should be returned by reference
lib/pear/DB/common.php:741: Notice[8]: Only variable references should be returned by reference
lib/Template.php:106: Notice[8]: Only variables should be assigned by reference
lib/Template.php:107: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'htmldump'?):106: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'htmldump'?):107: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):106: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):107: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):106: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):107: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):106: Notice[8]: Only variables should be assigned by reference
lib/Template.php(In template 'body'?)(In template 'htmldump'?):107: Notice[8]: Only variables should be assigned by reference