Logstash6.4.1 docker container receives traps but doesn't process


#1

Hello,

I am new to this forum, so please bear with me.
I am using Logstash 6.4.1 image with a bit more changes using Dockerfile to customise it.
I am using Logstash to receive SNMP trap from devices.
Using tcpdump I can see that traps are received. The log stash logs also show that trap input is initialised when I start the container as I see in logs "It's a Trap" message.

However I can't see any errors in logs or trace of what happens to the traps after it is received on the trap port 1062. Here is my logstash.config. Also can snmptrap plugin only process v1 traps? Note that I even successfully converted a Juniper mib using the import.rb into yaml, for now I have commented out the yamlmibdir.

Please let me know if you need further info.

input {
    snmptrap {
        type => "snmptrap"
        community => "public"
        port => 1062
 #        yamlmibdir => "/opt/logstash/vendor/bundle/jruby/2.3.0/gems/snmp-1.3.1/data/ruby/snmp/mibs/"
    }
}
output {
 file {
   path => "/var/log/logstash/%{host}_trap.log"
   codec => line { format => "custom format: %{message}"}
 }
}

#2

Further to my investigation to ensure my config file is picked up correctly by log stash. I used udp as in plugin to check if the traps are received and I did receive trap in log file. So the problem seems to be with snmptrap plugin, unless I am missing something in the config.

input {
    snmptrap {
        type => "snmptrap"
        community => "public"
        port => 1062
        yamlmibdir => "/opt/logstash/vendor/bundle/jruby/2.3.0/gems/snmp-1.3.1/data/ruby/snmp/mibs/"
    }
#    udp {
#        port => 1062
#    }
}
output {
 file {
   path => "/var/log/logstash/%{host}_trap.log"
   codec => line { format => "custom format: %{message}"}
 }
 stdout {
 }
}

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.