I'm experimenting with the snmptrap input plugin. I've been able to receive data from snmptrap, but Logstash doesn't seem to be giving me anything useful as output.
I could just not know how to read the snmp output, or I might not be running the proper snmptrap commands?
Anyway, below is my config and what I've tried. Any suggestions would be appreciated
I'm running the logstash 2.4 tarball on an Ubuntu 14.04 vagrant vm.
My config:
output {
stdout { }
#stdout { codec => "rubydebug" }
}
input {
snmptrap {
port => 162
yamlmibdir => "/home/vagrant/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/data/ruby/snmp/mibs"
community => "public"
}
stdin { }
}
When starting logstash, I get this http://pastebin.com/pJhQWMqc There are a bunch of odd startup messages. So many discourse would not let me post them...
On another vagrant vm, running Ubuntu 12.04, I run these snmptrap commands:
root@vm:~# snmptrap -v 2c -c public vm.trusty.lab '' hrDiskStorageTable
root@vm:~# snmptrap -v 2c -c public vm.trusty.lab '' hrSystemDate
root@vm:~# snmptrap -v 2c -c public vm.trusty.lab '' netSnmpExampleString
The logstash stdout gives me:
2016-09-01T22:27:59.675Z 192.168.99.4 #<SNMP::SNMPv2_Trap:0x3ea75851 @error_index=0, @varbind_list=[#<SNMP::VarBind:0x518045ec @value=#<SNMP::TimeTicks:0x3c6eb2c1 @value=1116914>, @name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0x799bbe6 @value=[1.3.6.1.2.1.25.3.6], @name=[1.3.6.1.6.3.1.1.4.1.0]>], @error_status=0, @request_id=540816967, @source_ip="192.168.99.4">
2016-09-01T22:28:04.658Z 192.168.99.4 #<SNMP::SNMPv2_Trap:0x152ff879 @error_index=0, @varbind_list=[#<SNMP::VarBind:0x1863c8ed @value=#<SNMP::TimeTicks:0x3f1c4c1d @value=1117413>, @name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0x5ac92449 @value=[1.3.6.1.2.1.25.1.2], @name=[1.3.6.1.6.3.1.1.4.1.0]>], @error_status=0, @request_id=1673913755, @source_ip="192.168.99.4">
2016-09-01T22:28:15.267Z 192.168.99.4 #<SNMP::SNMPv2_Trap:0x1fa15f92 @error_index=0, @varbind_list=[#<SNMP::VarBind:0x5ec728c0 @value=#<SNMP::TimeTicks:0x654485dc @value=1118474>, @name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0x75b06274 @value=[1.3.6.1.4.1.8072.2.1.3], @name=[1.3.6.1.6.3.1.1.4.1.0]>], @error_status=0, @request_id=2102756750, @source_ip="192.168.99.4">
If I turn on the rubydebug codec, the snmptrap commands give me:
{
"message" => "#<SNMP::SNMPv2_Trap:0x50362ea3 @error_index=0, @varbind_list=[#<SNMP::VarBind:0x61dacd @value=#<SNMP::TimeTicks:0x1863c8ed @value=1129719>, @name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0x3f1c4c1d @value=[1.3.6.1.2.1.25.3.6], @name=[1.3.6.1.6.3.1.1.4.1.0]>], @error_status=0, @request_id=754904243, @source_ip=\"192.168.99.4\">",
"host" => "192.168.99.4",
"@version" => "1",
"@timestamp" => "2016-09-01T22:30:07.717Z",
"DISMAN-EXPRESSION-MIB::sysUpTimeInstance" => "03:08:17.19",
"SNMPv2-MIB::snmpTrapOID.0" => "HOST-RESOURCES-MIB::hrDiskStorageTable"
}
{
"message" => "#<SNMP::SNMPv2_Trap:0x5dcdfc98 @error_index=0, @varbind_list=[#<SNMP::VarBind:0x2d8bfa3f @value=#<SNMP::TimeTicks:0x40da5575 @value=1129993>, @name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0x3e209596 @value=[1.3.6.1.2.1.25.1.2], @name=[1.3.6.1.6.3.1.1.4.1.0]>], @error_status=0, @request_id=1316566120, @source_ip=\"192.168.99.4\">",
"host" => "192.168.99.4",
"@version" => "1",
"@timestamp" => "2016-09-01T22:30:10.448Z",
"DISMAN-EXPRESSION-MIB::sysUpTimeInstance" => "03:08:19.93",
"SNMPv2-MIB::snmpTrapOID.0" => "HOST-RESOURCES-MIB::hrSystemDate"
}
{
"message" => "#<SNMP::SNMPv2_Trap:0x72f99d1b @error_index=0, @varbind_list=[#<SNMP::VarBind:0x5e46a652 @value=#<SNMP::TimeTicks:0x705181d8 @value=1130536>, @name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0x7723c583 @value=[1.3.6.1.4.1.8072.2.1.3], @name=[1.3.6.1.6.3.1.1.4.1.0]>], @error_status=0, @request_id=457031415, @source_ip=\"192.168.99.4\">",
"host" => "192.168.99.4",
"@version" => "1",
"@timestamp" => "2016-09-01T22:30:15.880Z",
"DISMAN-EXPRESSION-MIB::sysUpTimeInstance" => "03:08:25.36",
"SNMPv2-MIB::snmpTrapOID.0" => "SNMPv2-SMI::enterprises.8072.2.1.3"
}
I did install the snmp-mibs-downloader on the 12.04 box.