Hi,
Can anyone please let me know how to collect the snmp traps from windows system using CentOS machine for every 5minutes using Logstash?
Also i needs to know how to get trap by mentioning the OID using Logstash?
Please anyone give me the clarification on this.
Thanks in advance
You can't poll traps, you can only accept them - https://www.elastic.co/guide/en/logstash/current/plugins-inputs-snmptrap.html
Hi,
I have the issue while uploading traps into ES. I'm using ES 2.0, Logstash 2.1.1, Cent OS-7.Please find the below and provide the solution.
My Config File is as follows
input{snmptrap{type => "snmptrap"community => "public"port => 162yamlmibdir => "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/data/ruby/snmp/mibs"}}output{stdout{}elasticsearch {}}
Error
Failed action. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2016.01.12", :_type=>"snmptrap", :_routing=>nil}, .... "SNMPv2-MIB::snmpTrapOID.0"]}>>], :response=>{"create"=>{"_index"=>"logstash-2016.01.12", "_type"=>"snmptrap", "_id"=>"AVI0USPPp6YsUwkp_39O", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"Field name [SNMPv2-MIB::snmpTrapOID.0] cannot contain '.'"}}}, :level=>:warn}
I found the solution from one Blog..
. should be replaced into another acceptable character in ES field names.
Replaced . as _ in the field names and finally got the solution for this issue
filter{
ruby {
code => "
event.to_hash.keys.each { |k| event[ k.gsub('.','_') ] = event.remove(k) if k.include?'.' }
"
}
}
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.