This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

SNMP log parser

NikolayKlender
Contributor
Contributor

‎2017-08-02 03:21 AM

Log collector able to recieve snmp traps, but I have not found any documentation about snmp parser for logs  configuration.

There is sample log from cyberark (unfortunately such messages cyberark able to send via snmp only):

%TRAP [device_addr=192.168.1.2] [device_addr=192.168.1.2] [.1.3.6.1.2.1.1.3.0=14:10:17:33.00] [.1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.11536.3.6.1000] [.1.3.6.1.4.1.11536.1.1.1.1="italog"] [.1.3.6.1.4.1.11536.1.1.1.2=""] [.1.3.6.1.4.1.11536.1.1.1.3="02/08/2017 08:46:42 ITATS427W Safe PSMRecordings14 is nearly out of space. 17543MB out of 500000MB (3%) left. "]

 

What is a general aproach? May be you have any special parser like you have for CEF source?

0 Likes
1 REPLY 1

MaximilianoCitt
Frequent Contributor
Frequent Contributor

‎2017-08-03 09:12 AM

As far as I know, the log decoder doesn't accept SNMP MIB as log parser, so you have to write your own custom parser based on the MIB.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.