SNMP Trap: Large Log Files

A trap is generated when large log files are detected in /var/log/.

Identification

  • The originating IP / hostname is used to identify the system generating the traps

  • The NMS is responsible for associating traps with each managed system, along with clearing of alarms and escalation to the relevant system operator

  • The trap OID is generic for various SNMP events monitored by the system

  • The SNMP system name is included as part of the variable binding to assist identification:

    .iso.org.dod.internet.mgmt.mib-2.system.sysName.0 = standalone

Trap OID

.iso.org.dod.internet.mgmt.mib-2.dismanEventMIB.dismanEventMIBNotificationPrefix. dismanEventMIBNotifications.mteTriggerFired

Variable Bindings - large log files detected.

  • .iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 = 2 minutes (12065)
  • snmpTrapOID = mteTriggerFired
  • .iso.org.dod.internet.mgmt.mib-2.dismanEventMIB.dismanEventMIBNotificationPrefix. dismanEventMIBNotificationObjects.mteHotTrigger.0 = ‘ERROR: Log files larger than 1Gig found in /var/log’
  • .iso.org.dod.internet.mgmt.mib-2.dismanEventMIB.dismanEventMIBNotificationPrefix. dismanEventMIBNotificationObjects.mteHotValue.0 = 1
  • .iso.org.dod.internet.mgmt.mib-2.system.sysName.0 = standalone

Severity Messages:

  • Info : INFO: /var/log rotated
  • Urgent : ERROR: Log files larger than 1Gig found in /var/log

Severity: Info Trap Example

Message: INFO: /var/log rotated

Notification message from (1, 3, 6, 1, 6, 1, 1):('192.22.21.124', 25035):
Var-binds:
1.3.6.1.2.1.1.3.0 = 24804740
1.3.6.1.6.3.1.1.4.1.0 = 1.3.6.1.2.1.88.2.0.1
1.3.6.1.2.1.88.2.1.1.0 = INFO: /var/log rotated
1.3.6.1.2.1.88.2.1.3.0 = /var/log rotated
1.3.6.1.2.1.88.2.1.5.0 = 0
1.3.6.1.2.1.1.5.0 = UN1-192.22.21.124

Severity: Urgent Trap Example

Message: ERROR: Log files larger than 1Gig found in /var/log

Notification message from (1, 3, 6, 1, 6, 1, 1):('192.22.21.124', 51928):
Var-binds:
1.3.6.1.2.1.1.3.0 = 52324087
1.3.6.1.6.3.1.1.4.1.0 = 1.3.6.1.2.1.88.2.0.1
1.3.6.1.2.1.88.2.1.1.0 = ERROR: Log files larger than 1Gig found in /var/log
1.3.6.1.2.1.88.2.1.3.0 = Logrotation was executed to rotate the \
  following logs: /var/log/some.log: 7.3G
1.3.6.1.2.1.88.2.1.5.0 = 1
1.3.6.1.2.1.1.5.0 = UN1-192.22.21.124