Is there anyway to forwards traps from Zenoss Core to another system for further processing? I'd like to have zenoss forward all traps, post processing/transforming (if possible), to our Splunk server further correlation, etc. Is this possible without using the trapforward zenpack with comes with Zenoss enterprise?
I've done similar things to this.
Go to the "event manager" then click commands. Here you can format your command, and give it conditions on which to run. this can take the incoming event, you do some magic to format the snmptrap command to forward elsewhere.
if forum (i don't remeber where) i saw a guide on how collect event with splunk and forward to zenoss.
you to see it on splunk forum maybe
the problem come when you want to filter out "not waring" event-- you've to lower the wmi log level and you start to have too many log ....
(for example if i wan to see logon/logoff user domain session)