snmp config for udp6 and port 16100 #83
Comments
|
To add on this issue, using udp6 fails silently (notice the I believe this is due to the HOST_REGEX that parses the hosts: HOST_REGEX = /^(?<host_protocol>udp|tcp):(?<host_address>.+)\/(?<host_port>\d+)$/iwhich should be something like: HOST_REGEX = /^(?<host_protocol>(:?udp|tcp)[46]?):(?<host_address>.+)\/(?<host_port>\d+)$/i@tushar-umbarkar any change you can change this line in your snmp.rb to check that your first example works? |
|
Modified the regex pattern for HOST and host_details from ?:udp|tcp to (:?udp|tcp)[46]? Then got below error - [ERROR] 2020-08-25 18:08:54.305 [[main]-pipeline-manager] javapipeline - Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<LogStash::SnmpClientError: invalid transport protocol specified 'udp6', expecting 'udp' or 'tcp'>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp/base_client.rb:32:in [INFO ] 2020-08-25 18:08:54.563 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600} [INFO ] 2020-08-25 18:08:59.621 [LogStash::Runner] runner - Logstash shut down. [root@ip-10-5-99-101 conf.d]# vi /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp.rb [root@ip-10-5-99-101 conf.d]# |
|
right, you can change the code in https://github.com/logstash-plugins/logstash-input-snmp/blob/v1.2.2/lib/logstash/inputs/snmp/base_client.rb#L26-L33 to: transport = case protocol.to_s
when "udp", "udp6"
DefaultUdpTransportMapping.new
when "tcp"
DefaultTcpTransportMapping.new
else
raise(SnmpClientError, "invalid transport protocol specified '#{protocol.to_s}', expecting 'udp', 'udp6' or 'tcp'")
end |
|
I have created a preliminary PR to add udp6 support, but I need to find a way to test this #88 |
|
#87 should help with the testing! |
|
Modified the file https://github.com/logstash-plugins/logstash-input-snmp/blob/v1.2.2/lib/logstash/inputs/snmp/base_client.rb#L26-L33 as per the changes you suggested. Got new error - [2020-09-07T07:25:40,091][ERROR][logstash.javapipeline ][pipeline_1] Pipeline aborted due to error {:pipeline_id=>"pipeline_1", :exception=>java.lang.IllegalArgumentException: Address type udp6 unknown, :backtrace=>["org.snmp4j.smi.GenericAddress.parse(org/snmp4j/smi/GenericAddress.java:213)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:426)", "org.jruby.javasupport.JavaMethod.invokeStaticDirect(org/jruby/javasupport/JavaMethod.java:358)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.client.build_target(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp/client.rb:39)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.client.RUBY$method$build_target$0$VARARGS(usr/share/logstash/vendor/bundle/jruby/$2_dot_5_dot_0/gems/logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2/lib/logstash/inputs/snmp//usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp/client.rb)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.client.initialize(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp/client.rb:21)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.client.RUBY$method$initialize$0$VARARGS(usr/share/logstash/vendor/bundle/jruby/$2_dot_5_dot_0/gems/logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2/lib/logstash/inputs/snmp//usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp/client.rb)", "org.jruby.RubyClass.newInstance(org/jruby/RubyClass.java:915)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(org/jruby/RubyClass$INVOKER$i$newInstance.gen)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.register(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib logstash/inputs/snmp.rb:158)", "org.jruby.RubyArray.each(org/jruby/RubyArray.java:1814)", "org.jruby.RubyArray$INVOKER$i$0$0$each.call(org/jruby/RubyArray$INVOKER$i$0$0$each.gen)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.register(/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp.rb:123)", "usr.share.logstash.vendor.bundle.jruby.$2_dot_5_dot_0.gems.logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2.lib.logstash.inputs.snmp.RUBY$method$register$0$VARARGS(usr/share/logstash/vendor/bundle/jruby/$2_dot_5_dot_0/gems/logstash_minus_input_minus_snmp_minus_1_dot_2_dot_2/lib/logstash/inputs//usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-snmp-1.2.2/lib/logstash/inputs/snmp.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.register_plugins(/usr/share logstash/logstash-core/lib/logstash/java_pipeline.rb:200)", "org.jruby.RubyArray.each(org/jruby/RubyArray.java:1814)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.register_plugins(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:199)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$register_plugins$0$VARARGS(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.start_inputs(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:310)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$start_inputs$0$VARARGS(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.start_workers(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:270)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$start_workers$0$VARARGS(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.run(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:154)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$run$0$VARARGS(usr/share/logstash/logstash_minus_core/lib/logstash//usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.start(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:109)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:274)", "java.lang.Thread.run(java/lang/Thread.java:748)"], "pipeline.sources"=>["/etc/logstash/conf.d/logstash_snmp.conf"], :thread=>"#<Thread:0x701bd66e run>"} |
|
looking at so I believe
please undo any plugin changes and use |
|
@tushar-umbarkar if I was to guess based on your original stack-trace (mentioned above ^^^) I am no way near being a SNMP expert, but if we're stuck here the next step will be to enable logging so we can attempt to decode the payload. if you could somehow capture the udp payload coming in externally please share the bits here. |
|
We are using SNMP 2c. I have captured the udp dump. Please find the attached file. Thanks and Regards, |
|
I've locally tried connecting to a local snmp server through udp over ipv6, and using the notation mentioned by @kares, it all seems to work well: Started snmp server from a docker image: I can see request/responses over ipv6 on wireshark:
|
|
have also tried a setup as I had a concern for potentially the IPv6 encoded addresses being problematic (beyond |
|
also I've tried walking |
|
I tried walking walk => ['1.3.6.1.4.1.19808.2.1.14'] its failing with error - Then I tried walking for walk => ['1.3.6.1.4.1.19808.2.1.10'] its working fine. But interestingly normal snmpwalk command is working for both the OIDS 1.3.6.1.4.1.19808.2.1.14 and 1.3.6.1.4.1.19808.2.1.10 so the latest status is like -
|
|
I wonder if data for that tree takes too long to process/send over, and if increasing the timeout from 1000 ms (1 second) to 10000 ms (10 seconds) would help: |
|
Tried with timeout => 10000, and 30000 still getting same request timed out error. |
|
@tushar-umbarkar than something changed about the setup since the original report - you want to get back here:
|
|
I've looked into the original issue we hit - went ahead and started decoding the SNMP packet manually and it seems valid here's the packet I managed to decode (the last one), from:
it's proper SNMP v2c data with there's the before hitting the problematic 5th one: where the encoded value ( the SNMP v2 specification list these types : the tag for the problematic variable indicates a the working for LS disabling the validation would be problematic as that would mean maintaining a fork of the underlying library, and since using a separate SNMP library proved to hit the same issue I do not think the problem is on LS's end. p.s. sorry for not sharing a better SNMP decoding experience but I did the whole manually as I failed to use some of the decoders tried. also maybe to be slightly concerned by the SNMP server side are the following warnings: |
|
@kares I think the setup and error is same Configuration ERROR - Sep 15 14:40:22 poc.gmv.dispc.rhino2.er1 logstash[21097]: [2020-09-15T14:40:22,117][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600} |
Hi ,
The snmp is running with udp6 protocol and port 16100
I configured snmp input plugin logstash as -
input {
snmp {
walk => ["1.3.6.1.4.1.19808.2.1.14"]
hosts => [{host => "udp6:host ip/16100" community => "public"}]
}
}
its giving me the error -
:ConfigurationError: invalid format for host option 'udp6:host ip/16100'>,
Here it looks like udp6 is not supported here.
Then I tried with udp instead of udp6 -
input {
snmp {
walk => ["1.3.6.1.4.1.19808.2.1.14"]
hosts => [{host => "udp:host ip/16100" community => "public"}]
}
}
Then got below error -
[INFO ] 2020-08-18 15:53:11.963 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
java.io.IOException: Only 32bit unsigned integers are supported at position 237
at org.snmp4j.asn1.BER.decodeUnsignedInteger(BER.java:762)
at org.snmp4j.smi.UnsignedInteger32.decodeBER(UnsignedInteger32.java:83)
at org.snmp4j.smi.AbstractVariable.createFromBER(AbstractVariable.java:173)
at org.snmp4j.smi.VariableBinding.decodeBER(VariableBinding.java:191)
at org.snmp4j.PDU.decodeBER(PDU.java:584)
at org.snmp4j.mp.MPv2c.prepareDataElements(MPv2c.java:201)
at org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:278)
at org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:387)
at org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:347)
at org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(AbstractTransportMapping.java:76)
at org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(DefaultUdpTransportMapping.java:430)
at java.lang.Thread.run(Thread.java:748)
java.io.IOException: Only 32bit unsigned integers are supported at position 237
at org.snmp4j.asn1.BER.decodeUnsignedInteger(BER.java:762)
at org.snmp4j.smi.UnsignedInteger32.decodeBER(UnsignedInteger32.java:83)
at org.snmp4j.smi.AbstractVariable.createFromBER(AbstractVariable.java:173)
at org.snmp4j.smi.VariableBinding.decodeBER(VariableBinding.java:191)
at org.snmp4j.PDU.decodeBER(PDU.java:584)
at org.snmp4j.mp.MPv2c.prepareDataElements(MPv2c.java:201)
at org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:278)
at org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:387)
at org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:347)
at org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(AbstractTransportMapping.java:76)
at org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(DefaultUdpTransportMapping.java:430)
at java.lang.Thread.run(Thread.java:748)
[ERROR] 2020-08-18 15:53:14.788 [[main]<snmp] snmp - error invoking walk operation on OID: 1.3.6.1.4.1.19808.2.1.14, ignoring {:exception=>#<LogStash::SnmpClientError: error sending snmp walk request to target host ip/16100: Request timed out.>,
Any Idea how this can be fixed ?
Thanks and Regards,
Tushar
The text was updated successfully, but these errors were encountered: