diff options
Diffstat (limited to 'plugins/omsnmp')
-rw-r--r-- | plugins/omsnmp/Makefile.am | 6 | ||||
-rw-r--r-- | plugins/omsnmp/mibs/ADISCON-MIB.txt | 38 | ||||
-rw-r--r-- | plugins/omsnmp/mibs/ADISCON-MONITORWARE-MIB.txt | 362 | ||||
-rw-r--r-- | plugins/omsnmp/omsnmp.c | 533 | ||||
-rw-r--r-- | plugins/omsnmp/omsnmp.h | 106 |
5 files changed, 1045 insertions, 0 deletions
diff --git a/plugins/omsnmp/Makefile.am b/plugins/omsnmp/Makefile.am new file mode 100644 index 00000000..f75fb091 --- /dev/null +++ b/plugins/omsnmp/Makefile.am @@ -0,0 +1,6 @@ +pkglib_LTLIBRARIES = omsnmp.la + +omsnmp_la_SOURCES = omsnmp.c omsnmp.h +omsnmp_la_CPPFLAGS = -I$(top_srcdir) $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) +omsnmp_la_LDFLAGS = -module -avoid-version +omsnmp_la_LIBADD = $(SNMP_LIBS) diff --git a/plugins/omsnmp/mibs/ADISCON-MIB.txt b/plugins/omsnmp/mibs/ADISCON-MIB.txt new file mode 100644 index 00000000..741ea84f --- /dev/null +++ b/plugins/omsnmp/mibs/ADISCON-MIB.txt @@ -0,0 +1,38 @@ +-- ***************************************************************** +-- ADISCON-RSYSLOG-MIB.txt: Adiscon RSyslog message MIB file +-- +-- March 2008, Andre Lorbach +-- +-- Copyright (c) 2008 by Adiscon GmbH +-- All rights reserved. +-- ***************************************************************** +-- +-- This is a basic MIB which defines our main enterprise OID + +ADISCON-MIB DEFINITIONS ::= BEGIN + +-- +-- Top-level infrastructure for the Adiscon enterprise MIB tree +-- + +IMPORTS + MODULE-IDENTITY, enterprises FROM SNMPv2-SMI; + +adiscon MODULE-IDENTITY + LAST-UPDATED "200803040000Z" + ORGANIZATION "www.adiscon.com" + CONTACT-INFO + "postal: Adiscon GmbH + Mozartstrasse 21 + D-97950 Großrinderfeld + Deutschland + + email: info@adiscon.com" + DESCRIPTION + "Top-level infrastructure for the Adiscon enterprise MIB tree" + REVISION "200803040000Z" + DESCRIPTION + "First draft" + ::= { enterprises 19406} + +END diff --git a/plugins/omsnmp/mibs/ADISCON-MONITORWARE-MIB.txt b/plugins/omsnmp/mibs/ADISCON-MONITORWARE-MIB.txt new file mode 100644 index 00000000..d26d7746 --- /dev/null +++ b/plugins/omsnmp/mibs/ADISCON-MONITORWARE-MIB.txt @@ -0,0 +1,362 @@ +-- ***************************************************************** +-- ADISCON-MONITORWARE-MIB.txt: Adiscon Monitorware message MIB file +-- +-- March 2008, Andre Lorbach +-- +-- Copyright (c) 2008 by Adiscon GmbH +-- All rights reserved. +-- ***************************************************************** +-- +-- This MIB defines traps and variables to wrap syslog messages into +-- snmp traps. + +ADISCON-MONITORWARE-MIB DEFINITIONS ::= BEGIN + +IMPORTS + enterprises, + MODULE-IDENTITY, OBJECT-TYPE, Integer32, + NOTIFICATION-TYPE FROM SNMPv2-SMI, + adiscon FROM ADISCON-MIB +; + +monitorware MODULE-IDENTITY + LAST-UPDATED "200803050000Z" + ORGANIZATION "www.adiscon-com" + CONTACT-INFO + "postal: Adiscon GmbH + Mozartstrasse 21 + D-97950 Großrinderfeld + Deutschland + + email: info@adiscon.com" + DESCRIPTION + "This MIB defines traps and variables to wrap syslog messages into snmp traps." + REVISION "200803040000Z" + DESCRIPTION + "Added a few new variables for the representation of MonitorWare properties. Also added a few new traps." + REVISION "200803050000Z" + DESCRIPTION + "First draft" + ::= { adiscon 1 } + +-- Printable string, using the ISO 8859-1 character set. +DisplayString ::= OCTET STRING (SIZE (0..255)) +SmallString ::= OCTET STRING (SIZE (0..64)) +-- + +-- +-- top level structure +-- +-- adiscon OBJECT IDENTIFIER ::= { enterprises 19406 } +monitorware OBJECT IDENTIFIER ::= { adiscon 1 } +monitorwarevars OBJECT IDENTIFIER ::= { monitorware 1 } +monitorwaretraps OBJECT IDENTIFIER ::= { monitorware 2 } +genericvars OBJECT IDENTIFIER ::= { monitorwarevars 1 } +syslogvars OBJECT IDENTIFIER ::= { monitorwarevars 2 } +eventlogvars OBJECT IDENTIFIER ::= { monitorwarevars 3 } +filemonvars OBJECT IDENTIFIER ::= { monitorwarevars 4 } +ntservicemonvars OBJECT IDENTIFIER ::= { monitorwarevars 5 } + +-- ***************************************************************** +-- Trap variables +-- ***************************************************************** + +syslogMsg OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Syslog Message, this will contain the full + syslog message including the full syslog header" + ::= { syslogvars 1 } + +syslogSeverity OBJECT-TYPE + SYNTAX INTEGER { + emergency (0), + alert (1), + critical (2), + error (3), + warning (4), + notice (5), + info (6), + debug (7) + } + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Syslog severity(priority)." + DEFVAL { 5 } + ::= { syslogvars 2 } + +syslogFacility OBJECT-TYPE + SYNTAX INTEGER { + kern (0), + user (1), + mail (2), + daemon (3), + auth (4), + syslog (5), + lpr (6), + news (7), + uucp (8), + cron (9), + local0 (16), + local1 (17), + local2 (18), + local3 (19), + local4 (20), + local5 (21), + local6 (22), + local7 (23) + } + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Syslog facility." + DEFVAL { 16 } + ::= { syslogvars 3 } + +syslogTag OBJECT-TYPE + SYNTAX SmallString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Contains the SyslogTag Value." + ::= { syslogvars 4 } + +genCustomerID OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Generic Property CustomerID." + ::= { genericvars 1 } + +genSystemID OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Generic Property SystemID." + ::= { genericvars 2 } + +genSource OBJECT-TYPE + SYNTAX SmallString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Generic Source Property." + ::= { genericvars 3 } + +genTimereported OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Timestamp of when the event was reported." + ::= { genericvars 4 } + +genTimegenerated OBJECT-TYPE + SYNTAX TimeTicks + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Timestamp of when the event was generated." + ::= { genericvars 5 } + +genIut OBJECT-TYPE + SYNTAX INTEGER { + Unknown (0), + Syslog (1), + Heartbeat (2), + NTEventReport (3), + SNMPTrap (4), + FileMonitor (5), + PingProbe (8), + PortProbe (9), + NTServiceMonitor (10), + DiskSpaceMonitor (11), + DBMonitor (12), + SerialMonitor (13), + CPUMonitor (14), + AliveMonRequest (16), + SMTPProbe (17), + FTPProbe (18), + HTTPProbe (19), + POP3Probe (20), + IMAPProbe (21), + NNTPProbe (22), + WEVTMONV2 (23), + SMTPLISTENER (24), + SNMPMONITOR (25), + AliveMonECHO (1999998) + } + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "InfoUnit TypeID, defines from which Source the event is derived from." + DEFVAL { 0 } + ::= { genericvars 6 } + +genMsg OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Generic Message for this event" + ::= { genericvars 7 } + +eventlogEventID OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "EventID of the EventLog Entry" + ::= { eventlogvars 1 } + +eventlogEventType OBJECT-TYPE + SYNTAX SmallString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "EventLog Type of the EventLog Entry (Like Application, Security or System)" + ::= { eventlogvars 2 } + +eventlogEventSource OBJECT-TYPE + SYNTAX SmallString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "EventLog Source of the EventLog Entry" + ::= { eventlogvars 3 } + +eventlogEventCategoryID OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Event Category number of the EventLog Entry" + ::= { eventlogvars 4 } + +eventlogEventCategoryName OBJECT-TYPE + SYNTAX SmallString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Event Category name of the EventLog Entry" + ::= { eventlogvars 5 } + +eventlogEventUser OBJECT-TYPE + SYNTAX SmallString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Event User of the EventLog Entry" + ::= { eventlogvars 6 } + +filemonGenericFilename OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Generic Filename template used to create the filename" + ::= { filemonvars 1 } + +filemonGeneratedFilename OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Generated Filename, the source file of this event." + ::= { filemonvars 2 } + +filemonMsgseperator OBJECT-TYPE + SYNTAX SmallString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "The message seperator which was used." + ::= { filemonvars 3 } + +ntserviceServiceName OBJECT-TYPE + SYNTAX SmallString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Internal Name of the monitored service." + ::= { ntservicemonvars 1 } + +ntserviceServiceDisplayName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Display Name of the monitored service." + ::= { ntservicemonvars 2 } + + +-- ***************************************************************** +-- Trap definitions +-- ***************************************************************** + +syslogtrap NOTIFICATION-TYPE + OBJECTS { syslogMsg, + syslogSeverity, + syslogFacility + } + STATUS current + DESCRIPTION + "Syslogmessage Trap." +::= { monitorwaretraps 1 } + +monitorwaretrap NOTIFICATION-TYPE + OBJECTS { genMsg, + genSource, + genTimegenerated, + genIut + } + STATUS current + DESCRIPTION + "Generic Trap from monitorware events." +::= { monitorwaretraps 2 } + +eventmontrap NOTIFICATION-TYPE + OBJECTS { genMsg, + genSource, + eventlogEventID, + eventlogEventType, + eventlogEventSource, + eventlogEventCategoryID, + eventlogEventCategoryName, + eventlogEventUser + } + STATUS current + DESCRIPTION + "Trap generated by the EventLog Monitor." +::= { monitorwaretraps 3 } + +filemontrap NOTIFICATION-TYPE + OBJECTS { genMsg, + genSource, + genTimegenerated, + filemonGenericFilename, + filemonGeneratedFilename + } + STATUS current + DESCRIPTION + "Trap generated by the FileMonitor." +::= { monitorwaretraps 4 } + +ntservicetrap NOTIFICATION-TYPE + OBJECTS { genMsg, + genSource, + genTimegenerated, + ntserviceServiceName, + ntserviceServiceDisplayName + } + STATUS current + DESCRIPTION + "Trap generated by the NT Service Monitor." +::= { monitorwaretraps 5 } + +END diff --git a/plugins/omsnmp/omsnmp.c b/plugins/omsnmp/omsnmp.c new file mode 100644 index 00000000..72fa8d64 --- /dev/null +++ b/plugins/omsnmp/omsnmp.c @@ -0,0 +1,533 @@ +/* omsnmp.c + * + * This module sends an snmp trap. + * + * NOTE: read comments in module-template.h to understand how this file + * works! + * + * Copyright 2007 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of rsyslog. + * + * Rsyslog is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Rsyslog is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Rsyslog. If not, see <http://www.gnu.org/licenses/>. + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + */ +#include "config.h" +#include "rsyslog.h" +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> +#include <netinet/in.h> +#include <sys/time.h> +#include <sys/socket.h> +#include <netdb.h> +#include <ctype.h> +#include <assert.h> +#include "dirty.h" +#include "syslogd-types.h" +#include "cfsysline.h" +#include "module-template.h" + +#include <net-snmp/net-snmp-config.h> +#include <net-snmp/net-snmp-includes.h> +#include "omsnmp.h" +#include "errmsg.h" + +MODULE_TYPE_OUTPUT + +/* internal structures + */ +DEF_OMOD_STATIC_DATA +DEFobjCurrIf(errmsg) + +/* Default static snmp OID's */ +/*unused +static oid objid_enterprise[] = { 1, 3, 6, 1, 4, 1, 3, 1, 1 }; +static oid objid_sysdescr[] = { 1, 3, 6, 1, 2, 1, 1, 1, 0 }; +*/ +static oid objid_snmptrap[] = { 1, 3, 6, 1, 6, 3, 1, 1, 4, 1, 0 }; +static oid objid_sysuptime[] = { 1, 3, 6, 1, 2, 1, 1, 3, 0 }; + +static uchar* pszTransport = NULL; /* default transport */ +static uchar* pszTarget = NULL; +/* note using an unsigned for a port number is not a good idea from an IPv6 point of view */ +static int iPort = 0; +static int iSNMPVersion = 1; /* 0 Means SNMPv1, 1 Means SNMPv2c */ +static uchar* pszCommunity = NULL; +static uchar* pszEnterpriseOID = NULL; +static uchar* pszSnmpTrapOID = NULL; +static uchar* pszSyslogMessageOID = NULL; +static int iSpecificType = 0; +static int iTrapType = SNMP_TRAP_ENTERPRISESPECIFIC;/*Default is SNMP_TRAP_ENTERPRISESPECIFIC */ +/* + Possible Values + SNMP_TRAP_COLDSTART (0) + SNMP_TRAP_WARMSTART (1) + SNMP_TRAP_LINKDOWN (2) + SNMP_TRAP_LINKUP (3) + SNMP_TRAP_AUTHFAIL (4) + SNMP_TRAP_EGPNEIGHBORLOSS (5) + SNMP_TRAP_ENTERPRISESPECIFIC (6) +*/ + +typedef struct _instanceData { + uchar szTransport[OMSNMP_MAXTRANSPORLENGTH+1]; /* Transport - Can be udp, tcp, udp6, tcp6 and other types supported by NET-SNMP */ + uchar *szTarget; /* IP/hostname of Snmp Target*/ + uchar *szTargetAndPort; /* IP/hostname + Port,needed format for SNMP LIB */ + uchar szCommunity[OMSNMP_MAXCOMMUNITYLENGHT+1]; /* Snmp Community */ + uchar szEnterpriseOID[OMSNMP_MAXOIDLENGHT+1]; /* Snmp Enterprise OID - default is (1.3.6.1.4.1.3.1.1 = enterprises.cmu.1.1) */ + uchar szSnmpTrapOID[OMSNMP_MAXOIDLENGHT+1]; /* Snmp Trap OID - default is (1.3.6.1.4.1.19406.1.2.1 = ADISCON-MONITORWARE-MIB::syslogtrap) */ + uchar szSyslogMessageOID[OMSNMP_MAXOIDLENGHT+1]; /* Snmp OID used for the Syslog Message: + * default is 1.3.6.1.4.1.19406.1.1.2.1 - ADISCON-MONITORWARE-MIB::syslogMsg + * You will need the ADISCON-MONITORWARE-MIB and ADISCON-MIB mibs installed on the receiver + * side in order to decode this mib. + * Downloads of these mib files can be found here: + * http://www.adiscon.org/download/ADISCON-MONITORWARE-MIB.txt + * http://www.adiscon.org/download/ADISCON-MIB.txt + */ + int iPort; /* Target Port */ + int iSNMPVersion; /* SNMP Version to use */ + int iTrapType; /* Snmp TrapType or GenericType */ + int iSpecificType; /* Snmp Specific Type */ + + netsnmp_session *snmpsession; /* Holds to SNMP Session, NULL if not initialized */ +} instanceData; + +BEGINcreateInstance +CODESTARTcreateInstance +ENDcreateInstance + + +BEGINdbgPrintInstInfo +CODESTARTdbgPrintInstInfo + dbgprintf("SNMPTransport: %s\n", pData->szTransport); + dbgprintf("SNMPTarget: %s\n", pData->szTarget); + dbgprintf("SNMPPort: %d\n", pData->iPort); + dbgprintf("SNMPTarget+PortStr: %s\n", pData->szTargetAndPort); + dbgprintf("SNMPVersion (0=v1, 1=v2c): %d\n", pData->iSNMPVersion); + dbgprintf("Community: %s\n", pData->szCommunity); + dbgprintf("EnterpriseOID: %s\n", pData->szEnterpriseOID); + dbgprintf("SnmpTrapOID: %s\n", pData->szSnmpTrapOID); + dbgprintf("SyslogMessageOID: %s\n", pData->szSyslogMessageOID); + dbgprintf("TrapType: %d\n", pData->iTrapType); + dbgprintf("SpecificType: %d\n", pData->iSpecificType); +ENDdbgPrintInstInfo + + +BEGINisCompatibleWithFeature +CODESTARTisCompatibleWithFeature + /* we are not compatible with repeated msg reduction feature, so do not allow it */ +ENDisCompatibleWithFeature + +/* Exit SNMP Session + * alorbach, 2008-02-12 + */ +static rsRetVal omsnmp_exitSession(instanceData *pData) +{ + DEFiRet; + + if(pData->snmpsession != NULL) { + dbgprintf( "omsnmp_exitSession: Clearing Session to '%s' on Port = '%d'\n", pData->szTarget, pData->iPort); + snmp_close(pData->snmpsession); + pData->snmpsession = NULL; + } + + RETiRet; +} + +/* Init SNMP Session + * alorbach, 2008-02-12 + */ +static rsRetVal omsnmp_initSession(instanceData *pData) +{ + DEFiRet; + netsnmp_session session; + + /* should not happen, but if session is not cleared yet - we do it now! */ + if (pData->snmpsession != NULL) + omsnmp_exitSession(pData); + + dbgprintf( "omsnmp_initSession: ENTER - Target = '%s' on Port = '%d'\n", pData->szTarget, pData->iPort); + + putenv(strdup("POSIXLY_CORRECT=1")); + + snmp_sess_init(&session); + session.version = pData->iSNMPVersion; + session.callback = NULL; /* NOT NEEDED */ + session.callback_magic = NULL; + session.peername = (char*) pData->szTargetAndPort; + + /* Set SNMP Community */ + if (session.version == SNMP_VERSION_1 || session.version == SNMP_VERSION_2c) + { + session.community = (unsigned char *) pData->szCommunity; + session.community_len = strlen((char*) pData->szCommunity); + } + + pData->snmpsession = snmp_open(&session); + if (pData->snmpsession == NULL) { + errmsg.LogError(0, RS_RET_SUSPENDED, "omsnmp_initSession: snmp_open to host '%s' on Port '%d' failed\n", pData->szTarget, pData->iPort); + /* Stay suspended */ + iRet = RS_RET_SUSPENDED; + } + + RETiRet; +} + +static rsRetVal omsnmp_sendsnmp(instanceData *pData, uchar *psz) +{ + DEFiRet; + + netsnmp_pdu *pdu = NULL; + oid enterpriseoid[MAX_OID_LEN]; + size_t enterpriseoidlen = MAX_OID_LEN; + oid oidSyslogMessage[MAX_OID_LEN]; + size_t oLen = MAX_OID_LEN; + int status; + char *trap = NULL; + const char *strErr = NULL; + + /* Init SNMP Session if necessary */ + if (pData->snmpsession == NULL) { + CHKiRet(omsnmp_initSession(pData)); + } + + /* String should not be NULL */ + ASSERT(psz != NULL); + dbgprintf( "omsnmp_sendsnmp: ENTER - Syslogmessage = '%s'\n", (char*)psz); + + /* If SNMP Version1 is configured !*/ + if ( pData->snmpsession->version == SNMP_VERSION_1) + { + pdu = snmp_pdu_create(SNMP_MSG_TRAP); + + /* Set enterprise */ + if (!snmp_parse_oid( (char*) pData->szEnterpriseOID, enterpriseoid, &enterpriseoidlen )) + { + strErr = snmp_api_errstring(snmp_errno); + errmsg.LogError(0, RS_RET_DISABLE_ACTION, "omsnmp_sendsnmp: Parsing EnterpriseOID failed '%s' with error '%s' \n", pData->szSyslogMessageOID, strErr); + + ABORT_FINALIZE(RS_RET_DISABLE_ACTION); + } + pdu->enterprise = (oid *) malloc(enterpriseoidlen * sizeof(oid)); + memcpy(pdu->enterprise, enterpriseoid, enterpriseoidlen * sizeof(oid)); + pdu->enterprise_length = enterpriseoidlen; + + /* Set Traptype */ + pdu->trap_type = pData->iTrapType; + + /* Set SpecificType */ + pdu->specific_type = pData->iSpecificType; + + /* Set Updtime */ + pdu->time = get_uptime(); + } + /* If SNMP Version2c is configured !*/ + else if (pData->snmpsession->version == SNMP_VERSION_2c) + { + long sysuptime; + char csysuptime[20]; + + /* Create PDU */ + pdu = snmp_pdu_create(SNMP_MSG_TRAP2); + + /* Set uptime */ + sysuptime = get_uptime(); + snprintf( csysuptime, sizeof(csysuptime) , "%ld", sysuptime); + trap = csysuptime; + snmp_add_var(pdu, objid_sysuptime, sizeof(objid_sysuptime) / sizeof(oid), 't', trap); + + /* Now set the SyslogMessage Trap OID */ + if ( snmp_add_var(pdu, objid_snmptrap, sizeof(objid_snmptrap) / sizeof(oid), 'o', (char*) pData->szSnmpTrapOID ) != 0) + { + strErr = snmp_api_errstring(snmp_errno); + errmsg.LogError(0, RS_RET_DISABLE_ACTION, "omsnmp_sendsnmp: Adding trap OID failed '%s' with error '%s' \n", pData->szSnmpTrapOID, strErr); + ABORT_FINALIZE(RS_RET_DISABLE_ACTION); + } + } + + /* SET TRAP PARAMETER for SyslogMessage! */ +/* dbgprintf( "omsnmp_sendsnmp: SyslogMessage '%s'\n", psz );*/ + + /* First create new OID object */ + if (snmp_parse_oid( (char*) pData->szSyslogMessageOID, oidSyslogMessage, &oLen)) + { + int iErrCode = snmp_add_var(pdu, oidSyslogMessage, oLen, 's', (char*) psz); + if (iErrCode) + { + const char *str = snmp_api_errstring(iErrCode); + errmsg.LogError(0, RS_RET_DISABLE_ACTION, "omsnmp_sendsnmp: Invalid SyslogMessage OID, error code '%d' - '%s'\n", iErrCode, str ); + ABORT_FINALIZE(RS_RET_DISABLE_ACTION); + } + } + else + { + strErr = snmp_api_errstring(snmp_errno); + errmsg.LogError(0, RS_RET_DISABLE_ACTION, "omsnmp_sendsnmp: Parsing SyslogMessageOID failed '%s' with error '%s' \n", pData->szSyslogMessageOID, strErr); + + ABORT_FINALIZE(RS_RET_DISABLE_ACTION); + } + + /* Send the TRAP */ + status = snmp_send(pData->snmpsession, pdu) == 0; + if (status) + { + /* Debug Output! */ + int iErrorCode = pData->snmpsession->s_snmp_errno; + errmsg.LogError(0, RS_RET_SUSPENDED, "omsnmp_sendsnmp: snmp_send failed error '%d', Description='%s'\n", iErrorCode*(-1), api_errors[iErrorCode*(-1)]); + + /* Clear Session */ + omsnmp_exitSession(pData); + + ABORT_FINALIZE(RS_RET_SUSPENDED); + } + +finalize_it: + if(iRet != RS_RET_OK) { + if(pdu != NULL) { + snmp_free_pdu(pdu); + } + } + + dbgprintf( "omsnmp_sendsnmp: LEAVE\n"); + RETiRet; +} + + +BEGINtryResume +CODESTARTtryResume + iRet = omsnmp_initSession(pData); +ENDtryResume + +BEGINdoAction +CODESTARTdoAction + /* Abort if the STRING is not set, should never happen */ + if (ppString[0] == NULL) { + ABORT_FINALIZE(RS_RET_INVALID_PARAMS); + } + + /* This will generate and send the SNMP Trap */ + iRet = omsnmp_sendsnmp(pData, ppString[0]); +finalize_it: +ENDdoAction + +BEGINfreeInstance +CODESTARTfreeInstance + /* free snmp Session here */ + omsnmp_exitSession(pData); + + if(pData->szTarget != NULL) + free(pData->szTarget); + if(pData->szTargetAndPort != NULL) + free(pData->szTargetAndPort); + +ENDfreeInstance + + +BEGINparseSelectorAct + uchar szTargetAndPort[MAXHOSTNAMELEN+128]; /* work buffer for specifying a full target and port string */ +CODESTARTparseSelectorAct +CODE_STD_STRING_REQUESTparseSelectorAct(1) + if(!strncmp((char*) p, ":omsnmp:", sizeof(":omsnmp:") - 1)) { + p += sizeof(":omsnmp:") - 1; /* eat indicator sequence (-1 because of '\0'!) */ + } else { + ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED); + } + + /* ok, if we reach this point, we have something for us */ + if((iRet = createInstance(&pData)) != RS_RET_OK) + FINALIZE; + + /* Check Transport */ + if (pszTransport == NULL) { + /* + * Default transport is UDP. Other values supported by NETSNMP are possible as well + */ + strncpy( (char*) pData->szTransport, "udp", sizeof("udp") ); + } else { + /* Copy Transport */ + strncpy( (char*) pData->szTransport, (char*) pszTransport, strlen((char*) pszTransport) ); + } + + /* Check Target */ + if (pszTarget == NULL) { + ABORT_FINALIZE( RS_RET_PARAM_ERROR ); + } else { + /* Copy Target */ + CHKmalloc(pData->szTarget = (uchar*) strdup((char*)pszTarget)); + } + + /* Copy Community */ + if (pszCommunity == NULL) /* Failsave */ + strncpy( (char*) pData->szCommunity, "public", sizeof("public") ); + else /* Copy Target */ + strncpy( (char*) pData->szCommunity, (char*) pszCommunity, strlen((char*) pszCommunity) ); + + /* Copy Enterprise OID */ + if (pszEnterpriseOID == NULL) /* Failsave */ + strncpy( (char*) pData->szEnterpriseOID, "1.3.6.1.4.1.3.1.1", sizeof("1.3.6.1.4.1.3.1.1") ); + else /* Copy Target */ + strncpy( (char*) pData->szEnterpriseOID, (char*) pszEnterpriseOID, strlen((char*) pszEnterpriseOID) ); + + /* Copy SnmpTrap OID */ + if (pszSnmpTrapOID == NULL) /* Failsave */ + strncpy( (char*) pData->szSnmpTrapOID, "1.3.6.1.4.1.19406.1.2.1", sizeof("1.3.6.1.4.1.19406.1.2.1") ); + else /* Copy Target */ + strncpy( (char*) pData->szSnmpTrapOID, (char*) pszSnmpTrapOID, strlen((char*) pszSnmpTrapOID) ); + + + /* Copy SyslogMessage OID */ + if (pszSyslogMessageOID == NULL) /* Failsave */ + strncpy( (char*) pData->szSyslogMessageOID, "1.3.6.1.4.1.19406.1.1.2.1", sizeof("1.3.6.1.4.1.19406.1.1.2.1") ); + else /* Copy Target */ + strncpy( (char*) pData->szSyslogMessageOID, (char*) pszSyslogMessageOID, strlen((char*) pszSyslogMessageOID) ); + + /* Copy Port */ + if ( iPort == 0) /* If no Port is set we use the default Port 162 */ + pData->iPort = 162; + else + pData->iPort = iPort; + + /* Set SNMPVersion */ + if ( iSNMPVersion < 0 || iSNMPVersion > 1) /* Set default to 1 if out of range */ + pData->iSNMPVersion = 1; + else + pData->iSNMPVersion = iSNMPVersion; + + /* Copy SpecificType */ + if ( iSpecificType == 0) /* If no iSpecificType is set, we use the default 0 */ + pData->iSpecificType = 0; + else + pData->iSpecificType = iSpecificType; + + /* Copy TrapType */ + if ( iTrapType < 0 && iTrapType >= 6) /* Only allow values from 0 to 6 !*/ + pData->iTrapType = SNMP_TRAP_ENTERPRISESPECIFIC; + else + pData->iTrapType = iTrapType; + + /* Create string for session peername! */ + snprintf((char*)szTargetAndPort, sizeof(szTargetAndPort), "%s:%s:%d", pData->szTransport, pData->szTarget, pData->iPort); + CHKmalloc(pData->szTargetAndPort = (uchar*)strdup((char*)szTargetAndPort)); + + /* Print Debug info */ + dbgprintf("SNMPTransport: %s\n", pData->szTransport); + dbgprintf("SNMPTarget: %s\n", pData->szTarget); + dbgprintf("SNMPPort: %d\n", pData->iPort); + dbgprintf("SNMPTarget+PortStr: %s\n", pData->szTargetAndPort); + dbgprintf("SNMPVersion (0=v1, 1=v2c): %d\n", pData->iSNMPVersion); + dbgprintf("Community: %s\n", pData->szCommunity); + dbgprintf("EnterpriseOID: %s\n", pData->szEnterpriseOID); + dbgprintf("SnmpTrapOID: %s\n", pData->szSnmpTrapOID); + dbgprintf("SyslogMessageOID: %s\n", pData->szSyslogMessageOID); + dbgprintf("TrapType: %d\n", pData->iTrapType); + dbgprintf("SpecificType: %d\n", pData->iSpecificType); + + /* process template */ + CHKiRet(cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, (uchar*) "RSYSLOG_TraditionalForwardFormat")); + + /* Init NetSNMP library and read in MIB database */ + init_snmp("rsyslog"); + + /* Set some defaults in the NetSNMP library */ + netsnmp_ds_set_int(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DEFAULT_PORT, pData->iPort ); + + /* Init Session Pointer */ + pData->snmpsession = NULL; +CODE_STD_FINALIZERparseSelectorAct +ENDparseSelectorAct + + +/* Reset config variables for this module to default values. + */ +static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal) +{ + DEFiRet; + + if (pszTarget != NULL) + free(pszTarget); + pszTarget = NULL; + + if (pszCommunity != NULL) + free(pszCommunity); + pszCommunity = NULL; + + if (pszEnterpriseOID != NULL) + free(pszEnterpriseOID); + pszEnterpriseOID = NULL; + + if (pszSnmpTrapOID != NULL) + free(pszSnmpTrapOID); + pszSnmpTrapOID = NULL; + + if (pszSyslogMessageOID != NULL) + free(pszSyslogMessageOID); + pszSyslogMessageOID = NULL; + + iPort = 0; + iSNMPVersion = 1; + iSpecificType = 0; + iTrapType = SNMP_TRAP_ENTERPRISESPECIFIC; + + RETiRet; +} + + +BEGINmodExit +CODESTARTmodExit + if (pszTarget != NULL) + free(pszTarget); + if (pszCommunity != NULL) + free(pszCommunity); + if (pszEnterpriseOID != NULL) + free(pszEnterpriseOID); + if (pszSnmpTrapOID != NULL) + free(pszSnmpTrapOID); + if (pszSyslogMessageOID != NULL) + free(pszSyslogMessageOID); + + /* release what we no longer need */ + objRelease(errmsg, CORE_COMPONENT); +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_OMOD_QUERIES +ENDqueryEtryPt + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */ +CODEmodInit_QueryRegCFSLineHdlr + CHKiRet(objUse(errmsg, CORE_COMPONENT)); + + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmptransport", 0, eCmdHdlrGetWord, NULL, &pszTransport, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmptarget", 0, eCmdHdlrGetWord, NULL, &pszTarget, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmptargetport", 0, eCmdHdlrInt, NULL, &iPort, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmpversion", 0, eCmdHdlrInt, NULL, &iSNMPVersion, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmpcommunity", 0, eCmdHdlrGetWord, NULL, &pszCommunity, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmpenterpriseoid", 0, eCmdHdlrGetWord, NULL, &pszEnterpriseOID, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmptrapoid", 0, eCmdHdlrGetWord, NULL, &pszSnmpTrapOID, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmpsyslogmessageoid", 0, eCmdHdlrGetWord, NULL, &pszSyslogMessageOID, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmpspecifictype", 0, eCmdHdlrInt, NULL, &iSpecificType, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"actionsnmptraptype", 0, eCmdHdlrInt, NULL, &iTrapType, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr( (uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID)); +ENDmodInit +/* + * vi:set ai: + */ diff --git a/plugins/omsnmp/omsnmp.h b/plugins/omsnmp/omsnmp.h new file mode 100644 index 00000000..be3eb2a2 --- /dev/null +++ b/plugins/omsnmp/omsnmp.h @@ -0,0 +1,106 @@ +/* omsnmp.h + * These are the definitions for the build-in MySQL output module. + * + * File begun on 2007-07-13 by RGerhards (extracted from syslogd.c) + * + * Copyright 2007 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of rsyslog. + * + * Rsyslog is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Rsyslog is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Rsyslog. If not, see <http://www.gnu.org/licenses/>. + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + */ +#ifndef OMSNMP_H_INCLUDED +#define OMSNMP_H_INCLUDED 1 + +#define OMSNMP_MAXTRANSPORLENGTH 10 +#define OMSNMP_MAXPORTLENGHT 5 +#define OMSNMP_MAXCOMMUNITYLENGHT 255 +#define OMSNMP_MAXOIDLENGHT 255 + + +#endif /* #ifndef OMMYSQL_H_INCLUDED */ +/* + * vi:set ai: + */ + +#include <net-snmp/library/snmp_api.h> + +static const char *api_errors[-SNMPERR_MAX + 1] = { + "No error", /* SNMPERR_SUCCESS */ + "Generic error", /* SNMPERR_GENERR */ + "Invalid local port", /* SNMPERR_BAD_LOCPORT */ + "Unknown host", /* SNMPERR_BAD_ADDRESS */ + "Unknown session", /* SNMPERR_BAD_SESSION */ + "Too long", /* SNMPERR_TOO_LONG */ + "No socket", /* SNMPERR_NO_SOCKET */ + "Cannot send V2 PDU on V1 session", /* SNMPERR_V2_IN_V1 */ + "Cannot send V1 PDU on V2 session", /* SNMPERR_V1_IN_V2 */ + "Bad value for non-repeaters", /* SNMPERR_BAD_REPEATERS */ + "Bad value for max-repetitions", /* SNMPERR_BAD_REPETITIONS */ + "Error building ASN.1 representation", /* SNMPERR_BAD_ASN1_BUILD */ + "Failure in sendto", /* SNMPERR_BAD_SENDTO */ + "Bad parse of ASN.1 type", /* SNMPERR_BAD_PARSE */ + "Bad version specified", /* SNMPERR_BAD_VERSION */ + "Bad source party specified", /* SNMPERR_BAD_SRC_PARTY */ + "Bad destination party specified", /* SNMPERR_BAD_DST_PARTY */ + "Bad context specified", /* SNMPERR_BAD_CONTEXT */ + "Bad community specified", /* SNMPERR_BAD_COMMUNITY */ + "Cannot send noAuth/Priv", /* SNMPERR_NOAUTH_DESPRIV */ + "Bad ACL definition", /* SNMPERR_BAD_ACL */ + "Bad Party definition", /* SNMPERR_BAD_PARTY */ + "Session abort failure", /* SNMPERR_ABORT */ + "Unknown PDU type", /* SNMPERR_UNKNOWN_PDU */ + "Timeout", /* SNMPERR_TIMEOUT */ + "Failure in recvfrom", /* SNMPERR_BAD_RECVFROM */ + "Unable to determine contextEngineID", /* SNMPERR_BAD_ENG_ID */ + "No securityName specified", /* SNMPERR_BAD_SEC_NAME */ + "Unable to determine securityLevel", /* SNMPERR_BAD_SEC_LEVEL */ + "ASN.1 parse error in message", /* SNMPERR_ASN_PARSE_ERR */ + "Unknown security model in message", /* SNMPERR_UNKNOWN_SEC_MODEL */ + "Invalid message (e.g. msgFlags)", /* SNMPERR_INVALID_MSG */ + "Unknown engine ID", /* SNMPERR_UNKNOWN_ENG_ID */ + "Unknown user name", /* SNMPERR_UNKNOWN_USER_NAME */ + "Unsupported security level", /* SNMPERR_UNSUPPORTED_SEC_LEVEL */ + "Authentication failure (incorrect password, community or key)", /* SNMPERR_AUTHENTICATION_FAILURE */ + "Not in time window", /* SNMPERR_NOT_IN_TIME_WINDOW */ + "Decryption error", /* SNMPERR_DECRYPTION_ERR */ + "SCAPI general failure", /* SNMPERR_SC_GENERAL_FAILURE */ + "SCAPI sub-system not configured", /* SNMPERR_SC_NOT_CONFIGURED */ + "Key tools not available", /* SNMPERR_KT_NOT_AVAILABLE */ + "Unknown Report message", /* SNMPERR_UNKNOWN_REPORT */ + "USM generic error", /* SNMPERR_USM_GENERICERROR */ + "USM unknown security name (no such user exists)", /* SNMPERR_USM_UNKNOWNSECURITYNAME */ + "USM unsupported security level (this user has not been configured for that level of security)", /* SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL */ + "USM encryption error", /* SNMPERR_USM_ENCRYPTIONERROR */ + "USM authentication failure (incorrect password or key)", /* SNMPERR_USM_AUTHENTICATIONFAILURE */ + "USM parse error", /* SNMPERR_USM_PARSEERROR */ + "USM unknown engineID", /* SNMPERR_USM_UNKNOWNENGINEID */ + "USM not in time window", /* SNMPERR_USM_NOTINTIMEWINDOW */ + "USM decryption error", /* SNMPERR_USM_DECRYPTIONERROR */ + "MIB not initialized", /* SNMPERR_NOMIB */ + "Value out of range", /* SNMPERR_RANGE */ + "Sub-id out of range", /* SNMPERR_MAX_SUBID */ + "Bad sub-id in object identifier", /* SNMPERR_BAD_SUBID */ + "Object identifier too long", /* SNMPERR_LONG_OID */ + "Bad value name", /* SNMPERR_BAD_NAME */ + "Bad value notation", /* SNMPERR_VALUE */ + "Unknown Object Identifier", /* SNMPERR_UNKNOWN_OBJID */ + "No PDU in snmp_send", /* SNMPERR_NULL_PDU */ + "Missing variables in PDU", /* SNMPERR_NO_VARS */ + "Bad variable type", /* SNMPERR_VAR_TYPE */ + "Out of memory (malloc failure)", /* SNMPERR_MALLOC */ + "Kerberos related error", /* SNMPERR_KRB5 */ +}; |