I would like to send traps retrieved via the snmptrap service on RHEL 8 to logstash to store them on Elasticsearch.
As the snmptrap input module does not support v3, I installed snmptrapd on the logstash server to retrieve the traps. I then want to redirect these logs traps to logstash to dump them into elasticsearch.
How to proceed ?
Thank you for your feedback,
I thought of transferring the logs traps received in snmpv2 to the input logstash module snmptrapd or transform the traps logs in file and transfer them to the input logstash module.
In these two situations I don't know how to proceed. For the first case via the snmptrapd input module would this configuration be good ? snmptrapd.conf
#Logstash traps forward
authCommunity net logstash
forward default 10.10.4.135 logstash
conf.d/snmptrapd.conf
input {
snmptrap {
community => logstash
host => 10.10.4.135
port => 1062
}
For the transfer situation via the logstash file module I don't know how to proceed in snmptrapd.conf
Thanks for your feedback,
Diego
