I think I have followed all of the steps correctly, but I am not seeing the SNMP traps I am expecting. To write the additions to the syslog config, I used these resources:
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=155
http://sial.org/howto/logging/syslog-ng/
The addition looks like this:
destination d_em {
file(
"/var/log/em"
create_dirs(yes)
template("$DATE $HOST <$FACILITY.$PRIORITY> $MSG\n")
template_escape(no)
);
};
This does change what is recorded to the em log. If I run the logger command:
logger -p local1.alert "testing"
The following is recorded to the em file:
Sep 23 17:04:39 local alert jeremy: testing
My alert definition looks like this:
alert BIGIP_CUSTOM_ALL_LOCAL1 "(.*?) snmptrap OID=".1.3.6.1.4.1.3375.1.1.110.205"
}
Using WireShark, I don't see any SNMP traps with that OID come out of the BIG-IP. Other traps are working, but this one is not.
Does the match string only match on the $MSG portion of the log line? If so, I don't see how I can use just the syslog config to trigger an SNMP trap. For, I don't think I can modify the $MSG variable.