Logstash: parsing snmp traps ( continue...)

Robert.I · November 27, 2017, 11:15am

Hello all,

I would like to share my solution with my problem parsing traps.

I my problem is described in this topic: https://discuss.elastic.co/t/logstash-parsing-snmp-traps/103208.

The solution was :

List item

Change the filter:

filter {
mutate {
replace => { "message" => %{SNMPv2-SMI::enterprises.2.6.212.10.1.5} : "EVENT_NAME:%{SNMPv2-SMI::enterprises.2.6.212.10.1.7} MESSAGE:%{SNMPv2-SMI::enterprises.2.6.212.10.1.8} NODE:%{SNMPv2-SMI::enterprises.2.6.212.10.1.9} ENTITY_NAME:%{SNMPv2-SMI::enterprises.2.6.212.10.1.3} " }
}
}

Change the output file:

if [SNMPv2-SMI::enterprises.2.6.212.10.1.5] =="ERROR" {
file {
path => "/mydirectory/logstash/snmp.log"
codec => line { format=> "ERROR: %{message}"}
}

Thanks a lot for your help.

Best regards,

guyboertje · November 27, 2017, 11:33am

Can't mark the original message as a solution. Doing it here.

system · December 25, 2017, 11:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.