Logstash: parsing snmp traps ( continue...)


(Roberto ) #1

Hello all,

I would like to share my solution with my problem parsing traps.

I my problem is described in this topic: https://discuss.elastic.co/t/logstash-parsing-snmp-traps/103208.

The solution was :

  • List item

Change the filter:

filter {
mutate {
replace => { "message" => %{SNMPv2-SMI::enterprises.2.6.212.10.1.5} : "EVENT_NAME:%{SNMPv2-SMI::enterprises.2.6.212.10.1.7} MESSAGE:%{SNMPv2-SMI::enterprises.2.6.212.10.1.8} NODE:%{SNMPv2-SMI::enterprises.2.6.212.10.1.9} ENTITY_NAME:%{SNMPv2-SMI::enterprises.2.6.212.10.1.3} " }
}
}

  • Change the output file:

if [SNMPv2-SMI::enterprises.2.6.212.10.1.5] =="ERROR" {
file {
path => "/mydirectory/logstash/snmp.log"
codec => line { format=> "ERROR: %{message}"}
}

Thanks a lot for your help.

Best regards,


(Guy Boertje) #2

Can't mark the original message as a solution. Doing it here.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.