0

We are trying to implement logstash with snmptrap, but the logs are not coming in logstash, in netstat the logstash udp port is not open for all can that be the issue.

logstash.conf

input {
  snmptrap {
   type => "snmptrap"
   community => "public"
   port => "1062"
 }
}

snmptrapd.conf

authCommunity log,net public
forward default localhost:1062

Is there any issue with the configuration ? Netstat output

udp        0      0 0.0.0.0:162                 0.0.0.0:*                               
udp        0      0 :::1062                     :::*
user3355434
  • 92
  • 9
  • What's the Logstash output configuration? You're only showing your input configuration. – Magnus Bäck Jan 27 '15 at 06:32
  • @MagnusBäck input { snmptrap { type => "snmptrap" community => "public" port => "1062" } } output { elasticsearch { host => localhost } stdout { codec => rubydebug } } – user3355434 Jan 27 '15 at 07:36
  • @MagnusBäck : We were able to make it work by achanging the port in client side, our bad, thanks anyways. Need to ask you though, is there anyway to translate snmptrap output for logstash – user3355434 Jan 27 '15 at 08:58
  • Judging by [its documentation](http://logstash.net/docs/1.4.2/inputs/snmptrap) it places text in the message field so you should be able to use standard filters like grok to parse it into fields. – Magnus Bäck Jan 27 '15 at 09:29

0 Answers0