PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000940PacketFencepublic2010-04-01 08:272011-01-26 15:38
Reportermaikel 
Assigned Toobilodeau 
PrioritynormalSeveritytweakReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.8.7 
Target VersionFixed in Version1.9.0 
fixed in git revision
fixed in mtn revisionbc2b66c425ad68f2097994016d2348f5db657801
Summary0000940: Net-snmp 5.4 traps not regonized
DescriptionParse Trap doesnt recoginize net-snmp 5.4 traps
Steps To Reproduce
Additional InformationFix:
451c451,452
< =~ /^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|(?:UDP: \[)?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?:\]:\d+)?\|([^|]*)\|(.+)$/
---
> #=~ /^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|(?:UDP: \[)?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?:\]:\d+)?\|([^|]*)\|(.+)$/
> =~ /^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|(?:UDP: \[)?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?:\]:\d+)\]?\-\>\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\|([^|]*)\| (.+)$/
593c594,595
< if ( $trapLine =~ /^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|(?:UDP: \[)?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?:\]:\d+)?\|([^|]*)\|(.+)$/ ) {
---
> # if ( $trapLine =~ /^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|(?:UDP: \[)?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?:\]:\d+)\]?\|([^|]*)\|(.+)$/ ) {
> if ( $trapLine =~ /^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|(?:UDP: \[)?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?:\]:\d+)\]?\-\>\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\|([^|]*)\|(.+)$/ ) {
TagsNo tags attached.
Relationships
Attached Filespatch pfsetvlan.patch (1,684) 2010-04-01 09:34
https://www.packetfence.org/bugs/file_download.php?file_id=54&type=bug
Issue History
Date ModifiedUsernameFieldChange
2010-04-01 08:27maikelNew Issue
2010-04-01 09:19obilodeauStatusnew => assigned
2010-04-01 09:19obilodeauAssigned To => obilodeau
2010-04-01 09:25obilodeauNote Added: 0001502
2010-04-01 09:34maikelFile Added: pfsetvlan.patch
2010-04-01 09:37maikelNote Added: 0001503
2010-05-05 16:53obilodeaumtn revision => bc2b66c425ad68f2097994016d2348f5db657801
2010-05-05 16:53obilodeauNote Added: 0001555
2010-05-05 16:53obilodeauStatusassigned => resolved
2010-05-05 16:53obilodeauResolutionopen => fixed
2010-05-05 16:53obilodeauCategory1.8.7 => regression
2010-05-05 16:53obilodeauFixed in Version => 1.9.0
2011-01-26 15:38obilodeauStatusresolved => closed

Notes
(0001502)
obilodeau   
2010-04-01 09:25   
Hi Maikel,

Thanks for the finding and letting us know.

Can you attach a `diff -u` to the bug instead of in the bug because the wrapping is making this thing harder to read than it should.

and don't you think it would be more preferable to change the format in conf/snmptrapd.log instead of the code?
(0001503)
maikel   
2010-04-01 09:37   
see the log:
2010-04-01|13:32:16|UDP: [127.0.0.1]:33469->[127.0.0.1]|217.117.225.53|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.29464.1.1|.1.3.6.1.2.1.2.2.1.1.5 = INTEGER: 5 END VARIABLEBINDINGS


the problem is that net-snmp 5.4 adds an extra ip again
Its now like [switch]:port->[destination]

The older(CentOS) net-snmp doesnt set the destination ip. So i think its now up to you to see if this new regexp is better, or changing the logformat.
(0001555)
obilodeau   
2010-05-05 16:53   
After all, this portion is the result of %b in snmptrapd format so I can't really modify the config, I had to change the regexp like you did.

I modified your regexp a little bit since it wasn't working on the old trap format I had here.

I also took the opportunity to comment it and avoid code duplication.

Here's the end result (not so sure what wrapping will do):
my $TRAP_PATTERN = qr/
    ^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|             # date|time
    (?:UDP:\ \[)?                                       # Optional "UDP: [" (since v2 traps 
I think)
    (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})                # network device ip address
    (?:\]:\d+)?                                         # Optional "]:port" (since v2 traps 
I think)
    (?:\-\>\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\])?     # Optional "->[ip address]" (since 
net-snmp 5.4)
    \|([^|]*)\|                                         # Used to carry network device ip if it's a local 
trap
    (.+)$                                               # Trap message
/x;


This will make upcoming 1.9.0rc1