Linksys Syslog software captures SNMP trap messages from a Linksys router and stores them in syslog.
After reading through the specs, I decided to return this device to our customer/partner. However, he insisted that I could keep it if I found a use for it. I was thrilled to have it because it has a 4 ports 100Mb/sec switch, and I was still using a 16-port hub at home. I upgraded the firmware to support MXSTREAM/PPTP and proceeded to configure the router. I was keen on setting up logging for all incoming and outgoing traffic, like I did with my FreeBSD ipfw and ipf firewall. As I tried to switch on Logging to my FreeBSD box, I noticed that I couldn't set the syslog facility and warning level, so it didn't seem like syslog. A quick sniff with tcpdump revealed that the Linksys router uses snmptrap to send the log requests.
Using Ethereal, I reviewed the packet to determine the layout of the snmptrap packet. I narrowed down to the data starting from char 73 to the rest of the packet. Linksys Syslog is simple and straightforward. It opens a UDP socket and binds it to port 162, the snmptrap port. The program waits for data to be read in a loop. When data fills the read buffer, it is parsed by setting the string pointer to the 73 character. Then the program sends it to the syslog using syslog(). For the BSD version, I used the SECURITY facility, while for the non-BSD, I opted for the DAEMON facility. The server is not multi-client, which is not necessary for this application. There's no need for forking new processes, spawning threads or handling accepts asynchronously to the actual client handler. The handling is lightning-fast, and since it is UDP, data is efficiently stored in the receive buffer by the IP stack. Overall, Linksys Syslog is an excellent program and serves as an effective tool for capturing snmp trap messages from Linksys routers into syslog.
Version 1.0: N/A