Hi all,
I have a question about my configuration :
-
snmptrapd.conf
authCommunity log,execute,net public
forward default localhost:1062 -
logstash
input {
snmptrap {
type => snmptrap
port => 1062
}
}
filter{
ruby {
code => "event.to_hash.keys.each { |k| event[ k.gsub('.','_') ] = event.remove(k) if k.include?'.' }"
}
}
output {
elasticsearch {
hosts => ['localhost:9200']
}
}
And message in Kibana :
<SNMP::SNMPv2_Trap:0x61a6cec1 @request_id=14556, @error_index=0,
@error_status=0, @source_ip="127.0.0.1", ...
My problem is that I do not have the IP address of snmp trap agent but the local machine.
For me it's a big problem because I have a lot of element in my network and I want to get the IP address to find out which element generates this trap.
I used tcpdump for understanding what append, when the trap arrived, the source_ip is correct but after the forward default localhost:1062, the source_ip become 127.0.0.1...
Thanks for your help.