SNMP Trap: Large Log Files -------------------------- A trap is generated when large log files are detected in ``/var/log/``. Identification * The originating IP / hostname is used to identify the system generating the traps * The NMS is responsible for associating traps with each managed system, along with clearing of alarms and escalation to the relevant system operator * The trap OID is generic for various SNMP events monitored by the system * The SNMP system name is included as part of the variable binding to assist identification: .iso.org.dod.internet.mgmt.mib-2.system.sysName.0 = standalone Trap OID .iso.org.dod.internet.mgmt.mib-2.dismanEventMIB.dismanEventMIBNotificationPrefix. dismanEventMIBNotifications.mteTriggerFired Variable Bindings - large log files detected. * .iso.org.dod.internet.mgmt.mib-2.system.sysUpTime.0 = 2 minutes (12065) * snmpTrapOID = mteTriggerFired * .iso.org.dod.internet.mgmt.mib-2.dismanEventMIB.dismanEventMIBNotificationPrefix. dismanEventMIBNotificationObjects.mteHotTrigger.0 = 'ERROR: Log files larger than 1Gig found in /var/log' * .iso.org.dod.internet.mgmt.mib-2.dismanEventMIB.dismanEventMIBNotificationPrefix. dismanEventMIBNotificationObjects.mteHotValue.0 = 1 * .iso.org.dod.internet.mgmt.mib-2.system.sysName.0 = standalone Severity Messages: * Info : INFO: /var/log rotated * Urgent : ERROR: Log files larger than 1Gig found in /var/log Severity: Info Trap Example ........................... Message: INFO: /var/log rotated :: Notification message from (1, 3, 6, 1, 6, 1, 1):('192.22.21.124', 25035): Var-binds: 1.3.6.1.2.1.1.3.0 = 24804740 1.3.6.1.6.3.1.1.4.1.0 = 1.3.6.1.2.1.88.2.0.1 1.3.6.1.2.1.88.2.1.1.0 = INFO: /var/log rotated 1.3.6.1.2.1.88.2.1.3.0 = /var/log rotated 1.3.6.1.2.1.88.2.1.5.0 = 0 1.3.6.1.2.1.1.5.0 = UN1-192.22.21.124 Severity: Urgent Trap Example .............................. Message: ERROR: Log files larger than 1Gig found in /var/log :: Notification message from (1, 3, 6, 1, 6, 1, 1):('192.22.21.124', 51928): Var-binds: 1.3.6.1.2.1.1.3.0 = 52324087 1.3.6.1.6.3.1.1.4.1.0 = 1.3.6.1.2.1.88.2.0.1 1.3.6.1.2.1.88.2.1.1.0 = ERROR: Log files larger than 1Gig found in /var/log 1.3.6.1.2.1.88.2.1.3.0 = Logrotation was executed to rotate the \ following logs: /var/log/some.log: 7.3G 1.3.6.1.2.1.88.2.1.5.0 = 1 1.3.6.1.2.1.1.5.0 = UN1-192.22.21.124