Here is the log I get using snmptrap plugin.
The Mac address in "message" is @value="|\x0E\xCE\xCD\x8F0".
And logstash automatically convert it into a strange string, like this: "|\u000eÎÍ0".
The Mac address in snmptrap is encoded by OctetString, but how can I decode it in a human-readable way?
Thanks in advance.
{
"message": "#<SNMP::SNMPv2_Trap:0x74148ceb @error_index=0, @varbind_list=[#<SNMP::VarBind:0x7afcc0a7 @value=#<SNMP::TimeTicks:0x67cc5305 @value=587520900>, @name=[1.3.6.1.2.1.1.3.0]>, #<SNMP::VarBind:0x175ea280 @value=[1.3.6.1.4.1.14179.2.6.3.53], @name=[1.3.6.1.6.3.1.1.4.1.0]>, #<SNMP::VarBind:0x45fe8d7c @value="|\x0E\xCE\xCD\x8F0", @name=[1.3.6.1.4.1.14179.2.6.2.35.0]>, #<SNMP::VarBind:0x4afaebca @value=#<SNMP::Integer:0x1f8e413b @value=0>, @name=[1.3.6.1.4.1.14179.2.6.2.36.0]>, #<SNMP::VarBind:0x345c98ac @value=#<SNMP::IpAddress:0x2b2b5f0f @value="\n\x01T\xED">, @name=[1.3.6.1.4.1.14179.2.6.2.43.0]>, #<SNMP::VarBind:0x2c6de7ed @value="8\\xE0\\xED\\x0E5\", @name=[1.3.6.1.4.1.14179.2.6.2.34.0]>, #<SNMP::VarBind:0x63958f64 @value=\"\", @name=[1.3.6.1.4.1.14179.2.6.2.39.0]>, #<SNMP::VarBind:0x6ff9214f @value=\"AP58f3.9ce0.6ec4\", @name=[1.3.6.1.4.1.14179.2.2.1.1.3.0]>], @error_status=0, @request_id=4402448, @source_ip=\"10.1.4.5\">", "host": "10.1.4.5", "@version": "1", "@timestamp": "2017-07-11T23:09:44.578Z", "type": "snmptrap", "CW_metricname": "trap_count", "CW_namespace": "LogMetrics", "CW_dimensions": [ "siteid", "janedev0000", "hostname", "syslog-a.janedev0000" ], "AIRESPACE-WIRELESS-MIB::bsnStationAPMacAddr.0": "|\u000eÎÍ0", "AIRESPACE-WIRELESS-MIB::bsnStationAPIfSlotId.0": "0", "AIRESPACE-WIRELESS-MIB::bsnUserIpAddress.0": "10.1.84.237", "AIRESPACE-WIRELESS-MIB::bsnStationMacAddress.0": "8àí\u000e5",
"AIRESPACE-WIRELESS-MIB::bsnStationUserName.0": "",
"AIRESPACE-WIRELESS-MIB::bsnAPName.0": "AP58f3.9ce0.6ec4",
"snmpTrapOID": "AIRESPACE-WIRELESS-MIB::bsnTraps.53",
"sysUpTime": "68 days, 00:00:09.00",
"tags": [
"_grokparsefailure"
]
}