Snmp v3 logstash not working in pipeline


I'm struggling with a strange problem with Logstash.

I've created a config to query a few switches with SNMP v3 et get targeted interfaces statistics

When I run logstash with the config file, everything works fine and stats are recorded in Elasticsearch.

When I run Logstash with pipelines, I get the following error message in log file :

[2020-11-10T16:06:49,605][ERROR][logstash.inputs.snmp     ][snmp-internet][5d41df0387c45d5ccebabff9fa11b376f3b257f17839184aea1eb33c26a8659c] error invoking get operation on for OIDs: ["", "", ""], ignoring {:exception=>org.snmp4j.MessageException: Message processing model 3 returned error: Unknown security name, :backtrace=>["org.snmp4j.MessageDispatcherImpl.sendPdu(org/snmp4j/", "org.snmp4j.Snmp.sendMessage(org/snmp4j/", "org.snmp4j.Snmp.send(org/snmp4j/", "org.snmp4j.Snmp.send(org/snmp4j/", "jdk.internal.reflect.GeneratedMethodAccessor98.invoke(jdk/internal/reflect/GeneratedMethodAccessor98)", "jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(jdk/internal/reflect/", "java.lang.reflect.Method.invoke(java/lang/reflect/", "org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/", "org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.base_client.get(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp/base_client.rb:44)", "usr.share.logstash.vendor.bundle.jruby.$", "org.jruby.RubyArray.each(org/jruby/", "usr.share.logstash.vendor.bundle.jruby.$", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.RUBY$method$run$0$__VARARGS__(usr/share/logstash/vendor/bundle/jruby/$2_dot_5_dot_0/gems/logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2/lib/logstash/inputs//usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.inputworker(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:345)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$inputworker$0$__VARARGS__(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.start_input(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:336)", "", ""]}

Here is a redacted configuration file :

input {
        snmp {
                hosts => [ { host => "udp:" version => "3" } ]
                get => [ "","","" ]
                type => "snmp-internet"
                security_name => "SNMPV3_DES"
                auth_pass => "secretpassword"
                priv_pass => "anothersecretpassword"
                security_level => "authPriv"
                auth_protocol => "sha"
                priv_protocol => "des"

filter {
        mutate {
                rename => { "" => "OutOctets" }
                rename => { "" => "InOctets" }
                rename => { "" => "Description" }

output {
        if [type] == "snmp-internet" {
        elasticsearch {
                hosts => [ "localhost:9200"]
                index => "procurve-%{+YYYY.MM.dd}"

Can somebody help me with this problem ?

Thanks a lot !

Are you saying that the exact same input configuration works when it is run using -f, but if it is run using pipelines.yml it gets that exception? Even when it is the only entry in pipelines.yml? If not, are there any other snmp inputs when you use pipelines? (Wondering if there is a thread safety issue.)

I use several snmp input in differents pipelines yes. All with different snmp parameters.

OK, can you try running a single input as a pipeline and see if that ever gets this error.

I tried it this morning and I don't get the error if I comment out all the others snmp polling pipelines.

I tried to left active only the one that was not working initialy, and it is working perfectly.

Please note that I'm running Logstash 7.8.0 and did not tried upgrading the packages.

Well, as it's a day off today but I'm at work for a big upgrade of an IBM AIX system, I updated the elastic suite and everything seems to work fine now, all the snmp polling are working.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.