Logstash - SNMP Input - Trouble Converting / Using MIB Files

Sinnott · April 29, 2020, 1:13pm

Hi Elastic-Forum,

I am trying to use the Logstash SNMP Input plugin to use OID's from a MIB file but am having trouble.

I have tried to follow the guide below and can make standard OID calls, but not device specific ones contained in a MIB file:
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-snmp.html

I believe this may be something around declaring the MIB path(s) or how they are being read in: (https://www.elastic.co/guide/en/logstash/current/plugins-inputs-snmp.html#plugins-inputs-snmp-mib_paths)

MIB Files: https://bigip_ip/docs/mibs/mibs_f5.tar.gz

I converted my MIB files to dictionary files using the OSS libsmi library and placed them in a folder "/etc/logstash/dictionaries/".

I am currently using:
SNMP.conf

input {
snmp {
get => ["**1.1.3.6.1.4.1.3375.2.2.10.13.2.1.1.17.47.67.111.109**"]
hosts => [{host => "udp:WW.XX.YY.ZZ/161" community => "..." version => "..." mib_paths => "/etc/logstash/dictionaries/"}]
id => "F5_snmp"
}

Error Message within the index in Elasticsearch:

{
"_index" : "...",
"_type" : "doc",
"_id" : "...",
"_score" : 1.0,
"_source" : {
"**iso.1.3.6.1.4.1.3375.2.2.10.13.2.1.1.17.47.67.111.109**" : **"error: no such instance currently exists at this OID"**,
"@timestamp" : "...",
"host" : "WW.XX.YY.ZZ",
"@version" : "1"
}
}

All help greatly appreciated!

Sinnott · April 30, 2020, 11:46am

Update:

I've done some digging and it appears that my conversion of the MIB files to DIC files didn't go to plan. There seems to be an issue using the OSS smidump to convert some SNMPv2 files:
Logstash Input SNMP

Using the OSS libsmi library (https://www.ibr.cs.tu-bs.de/projects/libsmi/) tool as follows:
smidump --level=6 -k -f python F5-BIGIP-LOCAL-MIB.txt > F5-BIGIP-LOCAL-MIB.dic

I get the following errors:

F5-BIGIP-LOCAL-MIB.txt:13: failed to locate MIB module `SNMPv2-SMI'
F5-BIGIP-LOCAL-MIB.txt:16: failed to locate MIB module `RFC1155-SMI'
F5-BIGIP-LOCAL-MIB.txt:19: failed to locate MIB module `SNMPv2-TC'
F5-BIGIP-LOCAL-MIB.txt:22: failed to locate MIB module `SNMPv2-CONF'
F5-BIGIP-LOCAL-MIB.txt:25: failed to locate MIB module `INET-ADDRESS-MIB'
F5-BIGIP-LOCAL-MIB.txt:28: failed to locate MIB module `F5-BIGIP-COMMON-MIB'

Has anyone been able to overcome this or know how to go about it?

Manuel_Laurent_Oband · May 4, 2020, 5:31pm

I use this tool> https://www.ibr.cs.tu-bs.de/projects/libsmi/tools/, but i still have problems..

elasticforme · May 4, 2020, 7:24pm

I used snmp long time ago about year ago. I still have that config file. It was pain in...

it was just testing and never used it after that.

input {
    snmp {
          hosts => [ {host => "udp:pdu13/161" community => "public" version => "2c" },
                     {host => "udp:pdu14/161" community => "public" version => "2c" },
                     {host => "udp:pdu15/161" community => "public" version => "2c" },
                     {host => "udp:pdu16/161" community => "public" version => "2c" },
                     {host => "udp:pdu17/161" community => "public" version => "2c" },
                     {host => "udp:pdu18/161" community => "public" version => "2c" }]
        interval => 10
          get => [ "1.3.6.1.4.1.318.1.1.26.4.1.1.4.1","1.3.6.1.4.1.318.1.1.12.1.4.0","1.3.6.1.4.1.318.1.1.26.2.1.8.1",
                   "1.3.6.1.4.1.318.1.1.26.2.1.6.1","1.3.6.1.4.1.318.1.1.26.4.1.1.8.1","1.3.6.1.4.1.318.1.1.26.4.1.1.9.1",
                   "1.3.6.1.4.1.318.1.1.26.4.3.1.5.1","1.3.6.1.4.1.318.1.1.26.4.1.1.3.1" ]
          mib_paths => [ "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-snmp-1.0.1/lib/mibs/ietf/" ]
       }
}

I do not remember how I generated this files

ls /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-snmp-1.0.1/lib/mibs/ietf/
apcMIB.dic  check_apc.pl  Dell_rPDU.dic

Sinnott · May 8, 2020, 10:09am

Thanks Manuel and Sachin for your help!

I was able to use the web tool and link in all of the dependencies to generate a dictionary file.

For anyone doing this in the future, the output using the web tool is the "python" option when creating a dictionary file. Then you save the output as a txt file and then rename file to a dic file. Make sure you open up your MIB file to find it's dependencies which are listed at the top of the file for it to generate completely. If your dependency has another dependency keep going until it has all types declared).

system · June 5, 2020, 10:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.