SNMP V3 not working #77
Assignees
Labels
help wanted
Extra attention is needed
Comments
|
@thelmosantos new versions of the plugin has been released with improvements for SNMPv3 I suggest you upgrade to latest and try again. Also note that under v3 timeout errors like this are typically indicative of some authentication problems and unfortunately result in timeout errors reported by the snmp4j library. |
|
Did you manage to resolve this in the end? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi ,
I am new with ELK and I'm trying to configure my logstash to get SNMP V3 information from my devices, but unfortunately, I don't know what I am doing wrong.
I followed the procedures from the SNMP input plugin page:
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-snmp.html
First, I generated a .DIC file:
root@my-PC# smidump --level=1 -k -f python Device-MIB.mib > Device-MIB.dic
Device-MIB.mib:6: failed to locate MIB module
SNMPv2-SMI' Device-MIB.mib:8: failed to locate MIB moduleSNMPv2-TC'Device-MIB.mib:17: unknown object identifier label
enterprises' smidump: moduleDevice-MIB.mib' contains errors, expect flawed outputI saved the .DIC file at the this path:
/etc/logstash/MIB/Device-MIB.dic
This is my logstash-inputsnmpv3.conf configuration file:
input {
snmp {
hosts => [{host => "udp:10.10.10.212/161" version => "3"}]
get => ["1.3.6.1.4.1.41263.1"]
mib_paths => ["/etc/logstash/MIB/"]
security_name => "snmp_user"
auth_protocol => "sha"
auth_pass => "secret"
priv_protocol => "aes"
priv_pass => "secret"
security_level => "authPriv"
type => "snmp"
}
}
And this is the output that I have:
[root@ELK-SERVER bin]# ./logstash -f /etc/logstash/conf.d/ -l /var/log/logstash/
] Reflections - Reflections took 34 ms to scan 1 urls, producing 20 keys and 40 valuesWARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2020-04-16 01:37:21.184 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2020-04-16 01:37:21.195 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"7.6.0"}
[INFO ] 2020-04-16 01:37:22.977 [Converge PipelineAction::Create
[WARN ] 2020-04-16 01:37:23.456 [[main]-pipeline-manager] LazyDelegatingGauge - A gauge metric of an unknown type (org.jruby.RubyArray) has been create for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team.
[INFO ] 2020-04-16 01:37:23.463 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["/etc/logstash/conf.d/logstash-inputsnmpv3.conf"], :thread=>"#<Thread:0xf63e716 run>"}
[INFO ] 2020-04-16 01:37:23.532 [[main]-pipeline-manager] snmp - using plugin provided MIB path /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/mibs/logstash
[INFO ] 2020-04-16 01:37:23.553 [[main]-pipeline-manager] snmp - using plugin provided MIB path /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/mibs/ietf
[INFO ] 2020-04-16 01:37:25.407 [[main]-pipeline-manager] snmp - using user provided MIB path /etc/logstash/MIB/
[INFO ] 2020-04-16 01:37:25.582 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
[INFO ] 2020-04-16 01:37:25.638 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2020-04-16 01:37:25.831 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[ERROR] 2020-04-16 01:37:28.655 [[main]<snmp] snmp - error invoking get operation on 10.10.10.212 for OIDs: ["1.3.6.1.4.1.41263.1"], ignoring {:exception=>#<LogStash::SnmpClientError: timeout sending snmp get request to target 10.10.10.212/161>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/logstash/inputs/snmp/base_client.rb:60:in
get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/logstash/inputs/snmp.rb:171:inblock in run'", "org/jruby/RubyArray.java:1814:ineach'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.1/lib/logstash/inputs/snmp.rb:167:inrun'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:328:ininputworker'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:320:inblock in start_input'"]}I don't understand what I am doing wrong.
With SNMP V2 ,logstash works properly (using snmp trap plugin). I tried to search some tutorial explaining how to configure it, but I didn't found it.
Please, can someone help me with this issue?
Thanks in advanced.
Thelmo Henrique
The text was updated successfully, but these errors were encountered: