dstracha
commented
2 years ago Did this ever get resolved? having the same issue.
Open jkrishnak opened 5 years ago
dstracha
commented
2 years ago Did this ever get resolved? having the same issue.
edmocosta
commented
4 months ago Hey there,
We've moved this issue into this new SNMP integration plugin, which combines the logstash-input-snmp and logstash-input-snmptrap plugins into one.
Considering we've switched the underline library from ruby-snmp to snmp4j, I'd suggest you to upgrade to this integration plugin (migration guide) and try it again.
Please note that the new plugin introduced a few breaking changes compared to individual one, for example, your grok filter won't work as expected, as the message field format has changed. As an alternative, you could get those values from the metadata fields (SNMPv1 only): [@metadata][input][snmptrap][pdu][agent_addr], [@metadata][input][snmptrap][pdu][enterprise], [@metadata][input][snmptrap][pdu][generic_trap], [@metadata][input][snmptrap][pdu][specific_trap], and so on, e.g:
input {
snmptrap {
...
add_field => {
"agent_address" => "%{[@metadata][input][snmptrap][pdu][agent_addr]}"
"generic_trap" => "%{[@metadata][input][snmptrap][pdu][generic_trap]}"
...
}
}
}
When trying to extract fields of SNMPv1 trap from logstash output. Here is my pipeline:
And This is what I see in output:
Here, agent address is coming as combination of hexadecimal and ASCII value.
"agent_address" => ""\xFFA\xFFA""
I need agent address in IP Address format( like 1.1.1.1) .