Hi,
I am trying out Logstash's snmptrap input plugin to send snmptrap messages to Elasticsearch. I don't have SNMP agent installed on my machine. But, I am trying to generate sample SNMP trap messages using Netcat, but this is causing errors.
Below are my configs:
- Logstash (version 5.4.0 -> running as root):
snmptrap {type => "snmptrap" community => "public" host => "0.0.0.0" port => 162 yamlmibdir => "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/data/ruby/snmp/mibs" }
- Sending sample UDP message using netcat (I got this sample message from here):
echo -n '1999-11-12 23:26:07 localhost [127.0.0.1] UCD-TRAP-TEST-MIB::demotraps: Enterprise Specific Trap (demoTrap) Uptime: 1 day, 5:34:06 SNMPv2-MIB::sysLocation.0 = "Just here"' | nc -4u -w1 localhost 162
Logstash was unable to process this sample message, below is the error:
Error handling trap: 50
/usr/share/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/ber.rb:190:in `decode_sequence'
/usr/share/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/pdu.rb:49:in `decode'
/usr/share/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:707:in `process_traps'
org/jruby/RubyKernel.java:1479:in `loop'
/usr/share/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:704:in `process_traps'
/usr/share/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:631:in `initialize'
Received data:
"2017-10-06 23:26:07 localhost [127.0.0.1] TRAP-TEST-MIB::demotraps:Enterprise Specific Trap (demo-trap) Uptime: 1 day, 5:34:06SNMPv2-MIB::sysLocation.0 = \\\"Just here\\\" "
I also tried to send sample message that was posted here. But, got same error.
Any help on how to produce a sample snmptrap messages which could be parsed by logstash snmptrap input plugin?