Logstash - Translate Use custom MIBS (OEM - Oracle Enterprise Manager)

Tal1 · October 23, 2025, 11:47am

Greetings Experts,

I hope someone will be able to help me with that issue.

I’ve installed Logstash version 9.1.4 on linux redhat machine (version 9.5).

logstash is up and running on port 162 receiving snmp trap v3 - everything working perfectly!

my conf file looks like this:

input {

  snmptrap {

    port => 162

    supported_versions => ['3']

    security_name => ""

    auth_protocol => "md5"

    auth_pass => ''

    priv_protocol => "aes"

    priv_pass => ''

    security_level => "authPriv"

    codec => plain

    use_provided_mibs => true

    mib_paths => "/usr/share/snmp/mibs"

    oid_mapping_format => "ruby_snmp"

  }

}

 

filter {

  mutate {

    add_field => { "raw_event" => "%{message}" }

  }

}

 

output {

  file {

   path => "/tmp/snmptrap.txt"

    codec => line { format => "%{message}"}

  }

}

I’ve also installed libsmi, however I cannot make the trap to be translated according to the mib.

Does anyone know how make logstash use the custom mib?

Thanks in Advance!

Rios · October 23, 2025, 1:17pm

Does
logstash user has access to mib_paths => "/usr/share/snmp/mibs"?

Tal1 · October 23, 2025, 1:40pm

yes it has. the thing is, under the logs i dont see it mention this path.

Badger · October 23, 2025, 1:53pm

The input will log an info message if it tries to load the MIB. If it is not logging that then it is not loading the MIB.

Tal1 · October 23, 2025, 2:15pm

Ive just managed to load it, however it’s not reading it and nothing mention in the log file, do i need to use: smidump -k -f python /path/to/omstrap.v1 > /usr/share/logstash/vendor/bundle/.../mibs/custom/ORACLE-ENTERPRISE-MANAGER-4-MIB.dic
or just use it as .txt file?

Rios · October 23, 2025, 2:45pm

Here is a sample, for input&output. Also you can rename the original field based on MIBs in meaningful name for instance: ""SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2" -> chAlarmVarString . You can get MIB database from online.

Also use debug in the output, provide us with more details.
stdout { codec => rubydebug{}}

Tal1 · October 23, 2025, 4:03pm

hello Rios

thanks for the reply, i have no problem with making the Traps to work, just like i said traps arriving and being written into the logfile, however when you need to translate the OIDs into names it just doesnt load it from the mib i provided.

btw the ORA mib link you provided contains 400 lines mine is offical from ORACLE and it contains 1400 lines.

Badger · October 23, 2025, 4:15pm

I expect it needs to be in the same format as the bundled MIBs.

Tal1 · October 23, 2025, 4:18pm

correct thats why i’ve installed libsmi and ran smidump --level=1 -k -f python /tmp/omstrap.v1 > /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/logstash-integration-snmp-4.0.7-java/lib/mibs/custom/ORACLE-ENTERPRISE-MANAGER-4-MIB.dic
why ORACLE-ENTERPRISE-MANAGER-4-MIB?

because inside the mib i received there was this line: ORACLE-ENTERPRISE-MANAGER-4-MIB DEFINITIONS ::= BEGIN

Topic		Replies	Views
How to import my Vendor's MIBs? Logstash	3	3128	July 6, 2017
How to disable mib translation Logstash	1	611	June 7, 2017
IMPORT .mib to Logstash snmptrap input Logstash	1	653	May 1, 2020
MIB OID Translation Logstash	33	19156	November 4, 2022
Logstash-input-snmptrap and vendor mibs import Logstash	1	303	July 1, 2019

Logstash - Translate Use custom MIBS (OEM - Oracle Enterprise Manager)

Related topics