Hi,
I am getting below error while using snmptrap plugin.
[2022-08-29T10:20:54,371][INFO ][logstash.inputs.snmptrap ][snmptrap][aef6e9ad69b62db067a46e53d1b0e0b15b5d216cd954b6f321afcb5a16300adc] It's a Trap! {:Port=>1062, :Community=>["XXXXX"], :Host=>"165.113.xx.xx", :MibDir=>"/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snmp-1.3.2/data/ruby/snmp/mibs/", :MibModules=>["DOCS-IETF-BPI2-MIB", "ACCOUNTING-CONTROL-MIB", "DS0BUNDLE-MIB", "ADSL-LINE-EXT-MIB", "FC-MGMT-MIB", "ADSL-LINE-MIB", "FCIP-MGMT-MIB", "ADSL-TC-MIB", "FDDI-SMT73-MIB", "ADSL2-LINE-MIB", "DS0-MIB", "IPOA-MIB", "ADSL2-LINE-TC-MIB", "FIBRE-CHANNEL-FE-MIB", "AGENTX-MIB", "FLOW-METER-MIB", "AGGREGATE-MIB", "FRSLD-MIB", "ALARM-MIB", "IGMP-STD-MIB", "APM-MIB", "FR-MFR-MIB", "APPC-MIB", "FRAME-RELAY-DTE-MIB", "APPLETALK-MIB", "FRNETSERV-MIB", "APPLICATION-MIB", "Finisher-MIB", "APPN-DLUR-MIB", "GMPLS-LSR-STD-MIB", "APPN-MIB", "GMPLS-LABEL-STD-MIB", "APPN-TRAP-MIB", "IP-FORWARD-MIB", "APS-MIB", "IPMCAST-MIB", "ARC-MIB", "DOT3-EPON-MIB", "IPV6-MIB", "ATM-ACCOUNTING-INFORMATION-MIB", "IP-MIB", "ATM-MIB", "GMPLS-TC-STD-MIB", "ATM-TC-MIB", "GMPLS-TE-STD-MIB", "ATM2-MIB", "HC-ALARM-MIB", "BGP4-MIB", "GSMP-MIB", "BLDG-HVAC-MIB", "HCNUM-TC", "BRIDGE-MIB", "HC-PerfHist-TC-MIB", "CHARACTER-MIB", "HC-RMON-MIB", "CIRCUIT-IF-MIB", "HOST-RESOURCES-MIB", "CLNS-MIB", "HDSL2-SHDSL-LINE-MIB", "COFFEE-POT-MIB", "HOST-RESOURCES-TYPES", "COPS-CLIENT-MIB", "HPR-MIB", "DECNET-PHIV-MIB", "DS1-MIB", "ISDN-MIB", "DIAL-CONTROL-MIB", "DS3-MIB", "ISIS-MIB", "DIFFSERV-CONFIG-MIB", "DSA-MIB", "ISNS-MIB", "DIFFSERV-DSCP-TC", "HPR-IP-MIB", "DIFFSERV-MIB", "DSMON-MIB", "DIRECTORY-SERVER-MIB", "EBN-MIB", "L2TP-MIB", "DISMAN-EVENT-MIB", "EFM-CU-MIB", "DISMAN-EXPRESSION-MIB", "ENTITY-MIB", "DISMAN-NSLOOKUP-MIB", "IF-CAP-STACK-MIB", "DISMAN-PING-MIB", "ENTITY-SENSOR-MIB", "DISMAN-SCHEDULE-MIB", "ENTITY-STATE-MIB", "DISMAN-SCRIPT-MIB", "ENTITY-STATE-TC-MIB", "DISMAN-TRACEROUTE-MIB", "IANA-ITU-ALARM-TC-MIB", "DLSW-MIB", "ETHER-CHIPSET-MIB", "DNS-RESOLVER-MIB", "IF-INVERTED-STACK-MIB", "DNS-SERVER-MIB", "INET-ADDRESS-MIB", "DOCS-BPI-MIB", "ETHER-WIS", "DOCS-CABLE-DEVICE-MIB", "DOT12-IF-MIB", "IPATM-IPMC-MIB", "DOCS-IETF-CABLE-DEVICE-NOTIFICATION-MIB", "FR-ATM-PVC-SERVICE-IWF-MIB", "DOCS-IETF-QOS-MIB", "EtherLike-MIB", "DOCS-IETF-SUBMGT-MIB", "IF-MIB", "DOCS-IF-MIB", "IFCP-MGMT-MIB", "DOT3-OAM-MIB", "LMP-MIB", "T11-FC-FABRIC-LOCK-MIB", "SSPM-MIB", "INTEGRATED-SERVICES-GUARANTEED-MIB", "PTOPO-MIB", "INTEGRATED-SERVICES-MIB", "PerfHist-TC-MIB", "INTERFACETOPN-MIB", "Printer-MIB", "IPMROUTE-STD-MIB", "RFC1285-MIB", "IPS-AUTH-MIB", "RFC1316-MIB", "IPSEC-SPD-MIB", "Q-BRIDGE-MIB", "IPV6-FLOW-LABEL-MIB", "RFC1381-MIB", "IPV6-ICMP-MIB", "RFC1382-MIB", "IPV6-MLD-MIB", "RFC1414-MIB", "IPV6-TCP-MIB", "RIPv2-MIB", "IPV6-UDP-MIB", "RMON-MIB", "ISCSI-MIB", "RMON2-MIB", "ITU-ALARM-MIB", "RADIUS-ACC-CLIENT-MIB", "ITU-ALARM-TC-MIB", "RADIUS-ACC-SERVER-MIB", "Job-Monitoring-MIB", "ROHC-MIB", "LANGTAG-TC-MIB", "ROHC-RTP-MIB", "MALLOC-MIB", "SNA-NAU-MIB", "MAU-MIB", "ROHC-UNCOMPRESSED-MIB", "MIDCOM-MIB", "RS-232-MIB", "MIOX25-MIB", "SNA-SDLC-MIB", "MIP-MIB", "RSTP-MIB", "MOBILEIPV6-MIB", "RADIUS-AUTH-CLIENT-MIB", "MPLS-FTN-STD-MIB", "RADIUS-AUTH-SERVER-MIB", "MPLS-L3VPN-STD-MIB", "RADIUS-DYNAUTH-CLIENT-MIB", "MPLS-LC-ATM-STD-MIB", "RADIUS-DYNAUTH-SERVER-MIB", "MPLS-LC-FR-STD-MIB", "RAQMON-MIB", "MPLS-LDP-ATM-STD-MIB", "PPP-IP-NCP-MIB", "TCP-MIB", "MPLS-LDP-FRAME-RELAY-STD-MIB", "PPP-LCP-MIB", "TE-MIB", "MPLS-LDP-GENERIC-STD-MIB", "RDBMS-MIB", "MPLS-LDP-STD-MIB", "RFC1065-SMI", "MPLS-LSR-STD-MIB", "RSVP-MIB", "MPLS-TC-STD-MIB", "RTP-MIB", "MPLS-TE-STD-MIB", "SCSI-MIB", "MSDP-MIB", "SNMP-MPD-MIB", "MTA-MIB", "SCTP-MIB", "Modem-MIB", "SNMP-PROXY-MIB", "NAT-MIB", "RFC1155-SMI", "NETWORK-SERVICES-MIB", "SFLOW-MIB", "NHRP-MIB", "RFC1158-MIB", "NOTIFICATION-LOG-MIB", "SIP-COMMON-MIB", "OPT-IF-MIB", "SIP-MIB", "OSPF-MIB", "SIP-SERVER-MIB", "OSPF-TRAP-MIB", "SIP-TC-MIB", "P-BRIDGE-MIB", "SIP-UA-MIB", "PARALLEL-MIB", "SNMP-TARGET-MIB", "PIM-MIB", "SLAPM-MIB", "PIM-STD-MIB", "SMON-MIB", "PINT-MIB", "RFC1213-MIB", "PKTC-IETF-MTA-MIB", "RFC1269-MIB", "PKTC-IETF-SIG-MIB", "PPP-SEC-MIB", "TRIP-MIB", "POLICY-BASED-MANAGEMENT-MIB", "RFC1271-MIB", "POWER-ETHERNET-MIB", "PPP-BRIDGE-NCP-MIB", "UDP-MIB", "SNMP-COMMUNITY-MIB", "SNMP-FRAMEWORK-MIB", "SNMP-NOTIFICATION-MIB", "SNMP-REPEATER-MIB", "SNMP-USER-BASED-SM-MIB", "SNMP-USM-AES-MIB", "SNMP-USM-DH-OBJECTS-MIB", "SNMP-VIEW-BASED-ACM-MIB", "SNMPv2-MIB", "SNMPv2-SMI", "SNMPv2-TM", "SNMPv2-USEC-MIB", "SONET-MIB", "SOURCE-ROUTING-MIB", "SYSAPPL-MIB", "T11-FC-FABRIC-ADDR-MGR-MIB", "T11-FC-FABRIC-CONFIG-SERVER-MIB", "T11-FC-FSPF-MIB", "T11-FC-NAME-SERVER-MIB", "T11-FC-ROUTE-MIB", "T11-FC-RSCN-MIB", "T11-FC-VIRTUAL-FABRIC-MIB", "T11-FC-ZONE-SERVER-MIB", "T11-TC-MIB", "TCP-ESTATS-MIB", "TCPIPX-MIB", "TE-LINK-STD-MIB", "TIME-AGGREGATE-MIB", "TN3270E-MIB", "TN3270E-RT-MIB", "TOKEN-RING-RMON-MIB", "TOKENRING-MIB", "TOKENRING-STATION-SR-MIB", "TRANSPORT-ADDRESS-MIB", "TRIP-TC-MIB", "TUNNEL-MIB", "UCD-SNMP-MIB", "UDPLITE-MIB", "UPS-MIB", "URI-TC-MIB", "VDSL-LINE-EXT-MCM-MIB", "VDSL-LINE-EXT-SCM-MIB", "VDSL-LINE-MIB", "VPN-TC-STD-MIB", "VRRP-MIB", "WWW-MIB", "VMWARE-PRODUCTS-MIB", "VMWARE-ROOT-MIB", "VMWARE-VC-EVENT-MIB"]}
[2022-08-29T10:20:54,372][WARN ][logstash.inputs.snmptrap ][snmptrap][aef6e9ad69b62db067a46e53d1b0e0b15b5d216cd954b6f321afcb5a16300adc] SNMP Trap listener died {:exception=>#<Errno::EADDRINUSE: Address already in use - bind(2) for "165.113.xx.xx" port 1062>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:200:in `bind'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snmp-1.3.2/lib/snmp/manager.rb:544:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snmp-1.3.2/lib/snmp/manager.rb:590:in `create_transport'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snmp-1.3.2/lib/snmp/manager.rb:622:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmptrap-3.0.6/lib/logstash/inputs/snmptrap.rb:75:in `build_trap_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmptrap-3.0.6/lib/logstash/inputs/snmptrap.rb:79:in `snmptrap_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmptrap-3.0.6/lib/logstash/inputs/snmptrap.rb:54:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:409:in `inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:400:in `block in start_input'"]}
Here is my config file.
input {
snmptrap {
host => "165.xx.xx.xx" # Logstash server IP
type => 'snmptrap'
port => 1062
community => ["xxxxxx"]
yamlmibdir => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snmp-1.3.2/data/ruby/snmp/mibs"
}
}
output {
elasticsearch {
hosts => ["https://xx.xx.xx.xx:xxxx"]
cacert => "/etc/logstash/certs/xxx.crt"
user => "xxxxx"
password => "xxxxxx"
index => "snmptrap"
}
}
Note: Above mentioned error is encountering only when I am using "yamlmibdir" parameter in the input section. when I remove this, everything is working fine.
Any help on this would be highly appreciated.
Thanks!