Hello,
I am new to this forum, so please bear with me.
I am using Logstash 6.4.1 image with a bit more changes using Dockerfile to customise it.
I am using Logstash to receive SNMP trap from devices.
Using tcpdump I can see that traps are received. The log stash logs also show that trap input is initialised when I start the container as I see in logs "It's a Trap" message.
However I can't see any errors in logs or trace of what happens to the traps after it is received on the trap port 1062. Here is my logstash.config. Also can snmptrap plugin only process v1 traps? Note that I even successfully converted a Juniper mib using the import.rb into yaml, for now I have commented out the yamlmibdir.
Please let me know if you need further info.
input {
snmptrap {
type => "snmptrap"
community => "public"
port => 1062
# yamlmibdir => "/opt/logstash/vendor/bundle/jruby/2.3.0/gems/snmp-1.3.1/data/ruby/snmp/mibs/"
}
}
output {
file {
path => "/var/log/logstash/%{host}_trap.log"
codec => line { format => "custom format: %{message}"}
}
}