Snmptrap

Elastic Stack Logstash
1

Hi Elastic team.
Withe below config, i am successuflly able to start logstash and snmptrap on 1062. WHen i tried to covert Cisco mib file to yaml. i am getting below error. And SNMP TRAP output in Kibana discover showed as below.
How do i make it work SNMP traps and SNMP of logstash input? WHile converting mib to .dic also throwing errors.

++++++++++++++++++++++++++++++
input {
snmptrap {
port => 1062
community => 'HotStar'
type => 'snmptrap'
tags => ["INHY", "SNMPTRAPS"]
yamlmibdir => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/snmp-1.3.2/data/ruby/snmp/mibs"
}
beats {
port => 5044
}
}
filter {
if "METRIC" in [tags] {
mutate { add_field => { "[@metadata][target_index]" => "metric-%{+YYYY.MM.dd}" } }
} else if "FILE" in [tags] {
mutate { add_field => { "[@metadata][target_index]" => "file-%{+YYYY.MM.dd}" } }
} else if "TRAPS" in [tags] {
mutate { add_field => { "[@metadata][target_index]" => "net-%{+YYYY.MM.dd}" }}
mutate {
rename => ["host", "nwhost"]
convert => {"nwhost" => "string"}}
} else {
mutate { add_field => { "[@metadata][target_index]" => "unknown-%{+YYYY.MM.dd}" } }
}
}
output {
elasticsearch {
hosts => ["10.252.10.76:9200"]
manage_template => "false"
index => "%{[@metadata][target_index]}"
}
}

++++++++++++++++++++++++++++
root@USLA-PAPP-ELK02 conf.d]# cd /usr/share/logstash/vendor/bundle/jruby/2.5.0/gem s/snmp-1.3.2/
/usr/share/logstash/bin/ruby import.rb data/ruby/snmp/mibs/

data/ruby/snmp/mibs//CISCO-IP-IF-MIB.mib
smidump: module `data/ruby/snmp/mibs//CISCO-IP-IF-MIB.mib' contains errors, expect flawed output
*** No nodes defined in: data/ruby/snmp/mibs//CISCO-IP-IF-MIB.mib *
++++++++++++++++++++++++++++++++++++++++++++++++++++
Below is the message in kibana discover:
#<SNMP::SNMPv2_Trap:0x1997a02d @request_id=863, @error_index=0, @error_status=0, @source_ip="10.252.10.1", @varbind_list=[#<SNMP::VarBind:0x6a92c473 @name=[1.3.6.1.2.1.1.3.0], @value=#<SNMP::TimeTicks:0x4d703d2 @value=678447862>>, #<SNMP::VarBind:0x20654dad @name=[1.3.6.1.6.3.1.1.4.1.0], @value=[1.3.6.1.4.1.9.9.43.2.0.1]>, #<SNMP::VarBind:0x3d65b16 @name=[1.3.6.1.4.1.9.9.43.1.1.6.1.3.48], @value=#<SNMP::Integer:0x7f9bb643 @value=1>>, #<SNMP::VarBind:0x436ef3f1 @name=[1.3.6.1.4.1.9.9.43.1.1.6.1.4.48], @value=#<SNMP::Integer:0x49ecc614 @value=3>>, #<SNMP::VarBind:0x78532ad4 @name=[1.3.6.1.4.1.9.9.43.1.1.6.1.5.48], @value=#<SNMP::Integer:0x5a58b233 @value=4>>]>

+++++++++++++++++++++++++++++++

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.