SNMP Trap Monitoring with Logstash

swasheck · January 9, 2018, 6:11pm

Currently running ELK 6.1.1 (Docker sebp/elk) and trying to get SNMP trap monitoring functional. My current config is as follows:

input { 
    snmptrap { 
        type => "snmptrap" 
        host => "0.0.0.0" 
        port => 1062         
    }
} 
output { 
    elasticsearch { 
        hosts => ["127.0.0.1:9200"] 
    } 
    stdout { codec => rubydebug } 
}

I do see the input is functioning

[2018-01-09T17:39:45,442][INFO ][logstash.inputs.snmptrap ] It's a Trap! {:Port=>1062, :Community=>["public"], :Host=>"0.0.0.0"}

However, all of my attempts to get a response from within the container end up with timeouts/no reponse

snmpwalk -v2c -c public localhost:1062

Timeout: No Response from localhost:1062

snmpwalk -v2c -c public 127.0.0.1:1062

Timeout: No Response from 127.0.0.1:1062

What am I missing?

murlin99 · January 9, 2018, 9:00pm

You will not get an snmpwalk response from an snmptrap input. To test it you need to send a test trap using the snmptrap command.

system · February 6, 2018, 9:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Snmptrap input Logstash	5	6253	July 6, 2017
Logstash snmptrap Logstash	13	401	July 4, 2024
Logstash6.4.1 docker container receives traps but doesn't process Logstash	2	572	November 19, 2018
SNMPTrap not reading snmp traffic through logstash Logstash	12	4753	July 6, 2017
How to view SNMP Traps with Logstash /Filebeat configuration Logstash	1	1708	January 19, 2019

SNMP Trap Monitoring with Logstash

Related Topics