Using Kibana to forward events as SNMP traps


I'm new to Kibana, but I've been asked to find a solution where syslogs sent into Kibana are forwarded on to CA Spectrum as SNMP traps. This is to simplify a convoluted solution we have right now where syslog messages are centralised in a handler, saved in a database, and then i) sent on to Kibana, and ii) formatted as SNMP traps and sent to CA Spectrum.

My question is, if we reconfigured all devices to send their syslogs direct to Kibana, how could we then forward each event as a trap from Kibana? Can this be set up in Kibana natively? Or would this work best as a plugin? Or would it need some code outside Kibana to retrieve the event data and generate the traps separately? Is there a way to execute a piece of code from Kibana on receipt of a syslog message?

The process of generating the traps will of course need some mapping between the syslog message and all the normal trap contents, such as OIDs.

The volume of syslog data will be quite high, so ideally I'd like to go for an option that gives efficiency and scaleability.

Thanks for your help.

Kibana is really not the tool for formatting and forwarding data to other sources. You really want a tool such as Logstash to do that for you.

Logstash might already have a plugin to do what you need it to do, and when the event data is formatted you can have a pipeline with multiple outputs for sending it to an Elasticsearch index to consume with Kibana, and sending it to another source as well.

Logstash might be able to handle your pipelines in an efficient scalable way out-of-the-box, but if you need more scalability you could look into adding a message queueing systems like Kafka into the pipeline.

Hi Tim,

Thanks for your reply. I will investigate how we can use Logstash (and possibly Kafka) to get this done.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.