search

logstash-plugins / logstash-integration-snmp

Logstash Integration Plugin for SNMP, including SNMP input and SNMP Trap Plugins
Apache License 2.0
0 stars 3 forks source link

Support SNMP Trap Templates #44

Open wiibaa opened 9 years ago

wiibaa commented 9 years ago

Migrated from LOGSTASH-2231

SNMP traps are not always cut and dry strings of data, there should be a way to handle the data in a meaningful way. Example Trap:

"CISCO-MAC-NOTIFICATION::cmnHistMacChangedMsg.38" => "\x02\x00\x01\x00\x19\xFDK\x1C\xEC\x00/\x00"

This maps to the following (from http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=cmnHistMacChangedMsg )

"This object contains the information of a MAC change notification event. It consists of several tuples packed together in the format of '...'.

Each tuple consist of 11 octets in the format of '' where

is of size 1 octet and supports the following values 0 - End of MIB object. 1 - MAC learnt. 2 - MAC removed.

is VLAN number of the VLAN which the MAC address is belonged to and has size of 2 octet.

is the Layer2 Mac Address and has size of 6 octets.

is the value of dot1dBasePort for the interface from which the MAC address is learnt and has size of 2 octets." As such, there should be a simple way to write definitions for these that break out the data and create events based on the contained data.