Snmptrap input plugin fails as Error parsing xml with XmlSimple

Elastic Stack Logstash
1

Using Elastic/logstash version 6.2.3

After configuring SNMPTRAP, while the trap is generated, seeing error as

2018-08-12T20:04:53,651][WARN ][logstash.filters.xml     ] Error parsing xml with XmlSimple {:source=>"message", :value=>"#<SNMP::SNMPv2_Trap:0x6db125f @request_id=1740379336, @error_index=0, @error_status=0, @source_ip=\"10.9.9.7\", @varbind_list=[#<SNMP::VarBind:0x9e8c257 @name=[1.3.6.1.2.1.1.3.0], @value=#<SNMP::TimeTicks:0x7fb1257a @value=4991889>>, #<SNMP::VarBind:0x21a69939 @name=[1.3.6.1.6.3.1.1.4.1.0], @value=[1.3.6.1.6.3.1.1.5.5]>, #<SNMP::VarBind:0x48d7de7e @name=[1.3.6.1.6.3.1.1.4.3.0], @value=[1.3.6.1.2.1.11]>]>", :exception=>#<REXML::ParseException: malformed XML: missing tag start
Line: 1
Position: 408
Last 80 unconsumed characters:
<SNMP::SNMPv2_Trap:0x6db125f @request_id=1740379336, @error_index=0, @error_statu>, :backtrace=>["uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rexml/parsers/baseparser.rb:375:in `pull_event'", "uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rexml/parsers/baseparser.rb:185:in `pull'", "uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rexml/parsers/treeparser.rb:23:in `parse'", "uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rexml/document.rb:288:in `build'", "uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rexml/document.rb:45:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/xml-simple-1.1.5/lib/xmlsimple.rb:971:in `parse'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/xml-simple-1.1.5/lib/xmlsimple.rb:164:in `xml_in'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/xml-simple-1.1.5/lib/xmlsimple.rb:203:in `xml_in'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-filter-xml-4.0.5/lib/logstash/filters/xml.rb:182:in `filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:145:in `do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:164:in `block in multi_filter'", "org/jruby/RubyArray.java:1734:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:161:in `multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filter_delegator.rb:47:in `multi_filter'", "(eval):1381:in `block in filter_func'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:447:in `filter_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:426:in `worker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:385:in `block in start_workers'"]}

SNMP conf is as below.

input {
  snmptrap {
        community => "testO12"
	port => 1062
	type => "snmp_trap"
	yamlmibdir => "/etc/logstash/mibs"
  }
}

output {
            elasticsearch {
                    hosts => ["10.9.10.1:9200"]
                    sniffing => true
                    manage_template => false
                    index => "snmptrap-%{+YYYY.MM.dd}"
                    user => elastic
                    password => elastic
                    }
}
2

any @admin can help on this?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.