Snmp v3 logstash not working in pipeline

BenoitSERRA · November 10, 2020, 3:51pm

Hello,

I'm struggling with a strange problem with Logstash.

I've created a config to query a few switches with SNMP v3 et get targeted interfaces statistics

When I run logstash with the config file, everything works fine and stats are recorded in Elasticsearch.

When I run Logstash with pipelines, I get the following error message in log file :


[2020-11-10T16:06:49,605][ERROR][logstash.inputs.snmp     ][snmp-internet][5d41df0387c45d5ccebabff9fa11b376f3b257f17839184aea1eb33c26a8659c] error invoking get operation on 192.168.251.2 for OIDs: ["1.3.6.1.2.1.31.1.1.1.10.1", "1.3.6.1.2.1.31.1.1.1.6.1", "1.3.6.1.2.1.2.2.1.2.1"], ignoring {:exception=>org.snmp4j.MessageException: Message processing model 3 returned error: Unknown security name, :backtrace=>["org.snmp4j.MessageDispatcherImpl.sendPdu(org/snmp4j/MessageDispatcherImpl.java:524)", "org.snmp4j.Snmp.sendMessage(org/snmp4j/Snmp.java:1089)", "org.snmp4j.Snmp.send(org/snmp4j/Snmp.java:983)", "org.snmp4j.Snmp.send(org/snmp4j/Snmp.java:963)", "jdk.internal.reflect.GeneratedMethodAccessor98.invoke(jdk/internal/reflect/GeneratedMethodAccessor98)", "jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(jdk/internal/reflect/DelegatingMethodAccessorImpl.java:43)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:566)", "org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:486)", "org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/JavaMethod.java:341)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.base_client.get(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp/base_client.rb:44)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.run(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp.rb:171)", "org.jruby.RubyArray.each(org/jruby/RubyArray.java:1809)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.run(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp.rb:167)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.RUBY$method$run$0$__VARARGS__(usr/share/logstash/vendor/bundle/jruby/$2_dot_5_dot_0/gems/logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2/lib/logstash/inputs//usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.inputworker(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:345)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$inputworker$0$__VARARGS__(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.start_input(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:336)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:318)", "java.lang.Thread.run(java/lang/Thread.java:834)"]}

Here is a redacted configuration file :

input {
        snmp {
                hosts => [ { host => "udp:192.168.251.2/161" version => "3" } ]
                get => [ "1.3.6.1.2.1.31.1.1.1.10.1","1.3.6.1.2.1.31.1.1.1.6.1","1.3.6.1.2.1.2.2.1.2.1" ]
                type => "snmp-internet"
                security_name => "SNMPV3_DES"
                auth_pass => "secretpassword"
                priv_pass => "anothersecretpassword"
                security_level => "authPriv"
                auth_protocol => "sha"
                priv_protocol => "des"

        }
}
filter {
        mutate {
                rename => { "iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCOutOctets.1" => "OutOctets" }
                rename => { "iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.1" => "InOctets" }
                rename => { "iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.1" => "Description" }
        }

}
output {
        if [type] == "snmp-internet" {
        elasticsearch {
                hosts => [ "localhost:9200"]
                index => "procurve-%{+YYYY.MM.dd}"
        }
        }
}

Can somebody help me with this problem ?

Thanks a lot !

Badger · November 10, 2020, 5:26pm

Are you saying that the exact same input configuration works when it is run using -f, but if it is run using pipelines.yml it gets that exception? Even when it is the only entry in pipelines.yml? If not, are there any other snmp inputs when you use pipelines? (Wondering if there is a thread safety issue.)

BenoitSERRA · November 10, 2020, 5:40pm

I use several snmp input in differents pipelines yes. All with different snmp parameters.

Badger · November 10, 2020, 5:46pm

OK, can you try running a single input as a pipeline and see if that ever gets this error.

BenoitSERRA · November 11, 2020, 6:53am

I tried it this morning and I don't get the error if I comment out all the others snmp polling pipelines.

I tried to left active only the one that was not working initialy, and it is working perfectly.

Please note that I'm running Logstash 7.8.0 and did not tried upgrading the packages.

BenoitSERRA · November 11, 2020, 9:48am

Well, as it's a day off today but I'm at work for a big upgrade of an IBM AIX system, I updated the elastic suite and everything seems to work fine now, all the snmp polling are working.

system · December 9, 2020, 9:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error when trying to use snmp trap with Logstash Logstash	1	488	December 30, 2019
SNMP Pipeline didn't work Logstash	1	199	October 21, 2022
SNMP with Logstash (Pipeline Error) Logstash	3	285	December 4, 2023
Problems to run Logstash Logstash	1	277	April 8, 2019
Logstash snmptrap Logstash	13	544	July 4, 2024

Snmp v3 logstash not working in pipeline

Related topics