redirect all other messages to /var/log/messages
snmptrapd is listening on udp port 162
syslogd is listening on udp port 514
--> /etc/dhcpd.conf
>>> log-facility local7;
--> /etc/syslog.conf
>>> *.info;mail.none;authpriv.none;cron.none;local7.none \
/var/log/messages
>>>local7.* /var/log/boot.log
--> /etc/sysconfig/syslog
>>> SYSLOGD_OPTIONS="-m 0 -r"
# service dhcpd restart
# service syslog restart
# tail -f /var/log/messages
find the process name who is using port 162:
netstat -nlp | grep ":162"
netstat -nlp | awk '/:162 / {split($6,t,"/"); print t[2]}'
@echo off
for /F "usebackq tokens=4" %%f in (`netstat -ano ^| find ":%1"`) do call :process %%f
for /F "usebackq tokens=5" %%f in (`netstat -ano ^| find ":%1"`) do call :process %%f
goto :eof
:process
tasklist /FI "PID eq %1" /NH
configure syslog and snmptrap in baystack
(config)# logging remote address 192.168.80.10
(config)# logging remote level critical
(config)# logging remote level serious
(config)# logging remote level informational
(config)# logging remote enable
(config)# show logging config
Remote Logging: Enabled
Remote Logging Address: 192.168.80.10
Event Types To Log Remotely: Critical, Serious, Informational
(config)# snmp-server community public ro
(config)# snmp-server community private rw
(config)# show snmp-server view
(config)# snmp-server community humble read-view nncli \
write-view nncli notify-view nncli
(config)# show snmp-server community
(config)# snmp-server host 192.168.80.10 v2c humble
(config)# snmp-server enable
configure syslog and snmptrap in WC-8180
WC8180(config)# logging remote address 192.168.80.10
WC8180(config)# logging remote level critical
WC8180(config)# logging remote level serious
WC8180(config)# logging remote level informational
WC8180(config)# logging remote enable
WC8180(config)#show logging system config
Event Logging: Enabled
Volatile Logging Option: Overwrite
Event Types To Log: Critical, Serious, Informational
Event Types To Log To NV Storage: Critical
Remote Logging: Disabled
Remote Logging Address: 192.168.80.10
Secondary Remote Logging Address: 0.0.0.0
Event Types To Log Remotely: Critical, Serious, Informational
WC8180(config)# snmp-server community ro
>> public
WC8180(config)# snmp-server community rw
>> private
WC8180(config)# show snmp-server view
WC8180(config)# snmp-server community read-view nncli \
write-view nncli notify-view nncli
>> humble
(config)# snmp-server host 192.168.80.10 v2c humble
(config)# snmp-server enable
configure SNMP Trap Server:
--> vi /etc/snmp/snmptrapd.conf
>>> disableAuthorization yes
//snmptrapd -f -Le
service snmptrapd restart
send fake SNMP Trap to SNMP Trap Server:
#!/usr/bin/perl
use SNMP_util "0.54"; # load BER and SNMP_Session
# /usr/lib/perl5/vendor_perl/5.8.8/SNMP_Session.pm
# snmptrap($host, $ent, $agent, $gen, $spec, @vars);
snmptrap("public\@localhost:162", ".1.3.6.1.4.1.2789",
"192.168.80.115", "6", "3301",
".1.3.6.1.4.1.2789.3301.1", "int", "4278475",
".1.3.6.1.4.1.2789.3301.2", "string", "DB Stopped");
snmptrap -Ddumph_send,dumpv_send -v 2c -c public \
localhost:162 3 0 \
.1.3.6.1.4.1.2789.3301.1 i 4278475 \
.1.3.6.1.4.1.2789.3301.2 s "DB Stopped"
Reference:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog
http://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch10_03.htm
http://www.rekk.de/bloggy/2007/find-process-id-by-port-number
No comments:
Post a Comment