Has anyone implemented an SNMP trap action for the X-pack watcher to allow SNMP traps to be sent out if thresholds are crossed?
Our customer uses HP openview and traps to monitor all nodes and would like to integrate the watcher notifications also.
just to make sure I understand the use case. Does watcher need to be able to receive SNMP data in this one or does it need to be able to send SNMP traps on crossed thresholds?
Watcher does not have any SNMP capabilities per se, but you might be able to utilize the logstash snmptrap input plugin and the logstash exec output and call the linux snmp CLI tools directory. If the latter would be a solution, you could use this in combination with watcher sending a webhook to the logstash http input plugin.
Hi,
I'm referring to the trigger action - i.e. if the watcher is setup to trigger an action when above a certain value, I want to send an SNMP trap to a monitoring system.
So basically, it would go from X-pack watcher to logstash input and then logstash exec output?
yes, that would be the way to go! Watcher action webhook -> logstash http input -> logstash exec output with snmp* cli tools. As watcher is running inside of Elasticsearch, it is also bound to the same security restrictions, which means there is no chance of forking processes.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.