You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28 lines
1012 B
28 lines
1012 B
######
|
|
# Splunk includes file
|
|
######
|
|
case ".1.2.3.4.5.6.7.8":
|
|
switch($specific-trap) {
|
|
case "9": ###-Splunk Alert
|
|
$hostname = $1
|
|
$username = $2
|
|
$alertkey = $3
|
|
$alertmessage = $4
|
|
$splunkapp = $5
|
|
$severity = $6
|
|
$escalation = $7
|
|
$splunksearch = $8
|
|
$message = $9
|
|
@Node = $hostname
|
|
$RealHost = extract($2, "^([A-Za-z0-9-]+)")
|
|
$RealUser = extract($2, " ([A-Za-z0-9-]+)")
|
|
log(DEBUG, "Splunk trap real node " + $RealHost + " by " + $RealUser)
|
|
@AlertGroup = $splunkapp
|
|
@AlertKey = $alertkey
|
|
@Identifier = @Node + " " + @AlertGroup + " " + @AlertKey
|
|
@Summary = $alertmessage
|
|
@ServiceIdentifier = $escalation
|
|
@MonitorModule = "SPLUNK"
|
|
@Severity = $severity
|
|
}
|