SNMP input plugin - SNMP V3 still Not Working

Thelmo_Henrique_Sant · May 27, 2020, 12:22pm

Hi ,

I am new with ELK and I'm trying to configure my logstash to get SNMP V3 information from my devices, but unfortunately, I don't know what I am doing wrong.

I followed the procedures from the SNMP input plugin page:

https://www.elastic.co/guide/en/logstash/current/plugins-inputs-snmp.html

First, I generated a .DIC file:

root@my-PC# smidump --level=1 -k -f python Device-MIB.mib > Device-MIB.dic
Device-MIB.mib:6: failed to locate MIB module `SNMPv2-SMI'
Device-MIB.mib:8: failed to locate MIB module `SNMPv2-TC'
Device-MIB.mib:17: unknown object identifier label `enterprises'
smidump: module `Device-MIB.mib' contains errors, expect flawed output

I saved the .DIC file at the this path:

/etc/logstash/MIB/Device-MIB.dic

This is my logstash-inputsnmpv3.conf configuration file:

input {
  snmp {
    hosts => [{host => "udp:10.10.10.212/161" version => "3"}]
    get => ["1.3.6.1.4.1.41263.1"]
    mib_paths => ["/etc/logstash/MIB/"]
    security_name => "snmp_user"
    auth_protocol => "sha"
    auth_pass => "secret"
    priv_protocol => "aes"
    priv_pass => "secret"
    security_level => "authPriv"
    type => "snmp"
  }
}

And this is the output that I have:

[root@ELK-SERVER bin]# ./logstash -f /etc/logstash/conf.d/ -l /var/log/logstash/
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2020-04-16 01:37:21.184 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2020-04-16 01:37:21.195 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"7.6.0"}
[INFO ] 2020-04-16 01:37:22.977 [Converge PipelineAction::Create<main>] Reflections - Reflections took 34 ms to scan 1 urls, producing 20 keys and 40 values 
[WARN ] 2020-04-16 01:37:23.456 [[main]-pipeline-manager] LazyDelegatingGauge - A gauge metric of an unknown type (org.jruby.RubyArray) has been create for key: cluster_uuids. This may result in invalid serialization.  It is recommended to log an issue to the responsible developer/development team.
[INFO ] 2020-04-16 01:37:23.463 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["/etc/logstash/conf.d/logstash-inputsnmpv3.conf"], :thread=>"#<Thread:0xf63e716 run>"}
[INFO ] 2020-04-16 01:37:23.532 [[main]-pipeline-manager] snmp - using plugin provided MIB path /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/mibs/logstash
[INFO ] 2020-04-16 01:37:23.553 [[main]-pipeline-manager] snmp - using plugin provided MIB path /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/mibs/ietf
[INFO ] 2020-04-16 01:37:25.407 [[main]-pipeline-manager] snmp - using user provided MIB path /etc/logstash/MIB/
[INFO ] 2020-04-16 01:37:25.582 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
[INFO ] 2020-04-16 01:37:25.638 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2020-04-16 01:37:25.831 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[ERROR] 2020-04-16 01:37:28.655 [[main]<snmp] snmp - error invoking get operation on 10.10.10.212 for OIDs: ["1.3.6.1.4.1.41263.1"], ignoring {:exception=>#<LogStash::SnmpClientError: timeout sending snmp get request to target 10.10.10.212/161>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/logstash/inputs/snmp/base_client.rb:60:in `get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/logstash/inputs/snmp.rb:171:in `block in run'", "org/jruby/RubyArray.java:1814:in `each'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/logstash/inputs/snmp.rb:167:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:328:in `inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:320:in `block in start_input'"]}

I don't understand what I am doing wrong.

With SNMP V2 ,logstash works properly (using snmp trap plugin). I tried to search some tutorial explaining how to configure it, but I didn't found it.

Please, can someone help me with this issue?

Thanks in advanced.

Thelmo Henrique

ptamba · May 27, 2020, 3:17pm

are you able query the target device using snmp? you can use snmpwalk utility to test.

snmp trap is different than snmp poll. with snmp poll, you query the device, while with snmp trap you wait for the device to send you message

system · June 24, 2020, 3:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SNMP input plugin - SNMP V3 not working Logstash	1	1458	May 13, 2020
Logstash - SNMP Input - Trouble Converting / Using MIB Files Logstash	5	3889	June 5, 2020
Plugin-input-snmptrap broken in 5.6? Logstash	2	785	October 13, 2017
SNMP input (how to configure) Logstash	8	3816	June 25, 2019
SNMP input with MIB Logstash	3	704	January 19, 2022

SNMP input plugin - SNMP V3 still Not Working

Related topics