Fatal编程技术网
  • logstash/
  • 无法使snmptrap与logstash一起工作

无法使snmptrap与logstash一起工作

logstash snmp

无法使snmptrap与logstash一起工作,logstash,snmp,Logstash,Snmp,我试图让snmptrap输入与logstash一起工作。我最初以root用户身份启动logstash,因为我希望在更改端口之前确保它能够正常工作。我还将本地计算机用于SNMP,因为我认为这个世界更容易启动。使用端口161时,出现“SNMP陷阱侦听器死机”错误。如果我切换到端口162,我没有得到错误,但没有数据。如果我指向一个不存在的服务器,我还会在任何端口上得到SNMP陷阱侦听器死机错误。我相信应该是161号港口,但我可能错了 如果我使用不同的输入,Logstash会工作。我最终希望输出到gra

我试图让snmptrap输入与logstash一起工作。我最初以root用户身份启动logstash,因为我希望在更改端口之前确保它能够正常工作。我还将本地计算机用于SNMP,因为我认为这个世界更容易启动。使用端口161时,出现“SNMP陷阱侦听器死机”错误。如果我切换到端口162,我没有得到错误,但没有数据。如果我指向一个不存在的服务器,我还会在任何端口上得到SNMP陷阱侦听器死机错误。我相信应该是161号港口,但我可能错了

如果我使用不同的输入,Logstash会工作。我最终希望输出到graphite,这也适用于不同的输入

我有什么配置错误的吗?即使我以root身份运行并且所有内容都在同一台机器上,是否存在可能导致问题的权限问题

谢谢你的帮助

这是我的.conf文件:

input {
snmptrap {
 host => "127.0.0.1"
 community => "public"
 port => "161"
 type => "snmp_trap"
  }
}
output {
 stdout { codec => rubydebug }
}

snmpwalk -mAll -v1 -cpublic 127.0.0.1:161
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (7218152) 20:03:01.52

root@lab-graphite:~# netstat -lpn | grep snmp
udp   0   0  127.0.0.1:161     0.0.0.0:*       43559/snmpd
udp   0   0  0.0.0.0:54155     0.0.0.0:*       43559/snmpd
unix  2      [ ACC ]     STREAM     LISTENING     2593117  43559/snmpd         /var/agentx/master

SNMP Trap listener died {:exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:in `bind'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:540:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:585:in `create_transport'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:618:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:74:in `build_trap_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:78:in `snmptrap_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:53:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:342:in `inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:336:in `start_input'"], :level=>:warn}
这是snmpwalk局部搜索的部分结果:

input {
snmptrap {
 host => "127.0.0.1"
 community => "public"
 port => "161"
 type => "snmp_trap"
  }
}
output {
 stdout { codec => rubydebug }
}

snmpwalk -mAll -v1 -cpublic 127.0.0.1:161
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (7218152) 20:03:01.52

root@lab-graphite:~# netstat -lpn | grep snmp
udp   0   0  127.0.0.1:161     0.0.0.0:*       43559/snmpd
udp   0   0  0.0.0.0:54155     0.0.0.0:*       43559/snmpd
unix  2      [ ACC ]     STREAM     LISTENING     2593117  43559/snmpd         /var/agentx/master

SNMP Trap listener died {:exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:in `bind'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:540:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:585:in `create_transport'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:618:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:74:in `build_trap_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:78:in `snmptrap_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:53:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:342:in `inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:336:in `start_input'"], :level=>:warn}
这是netstat:

input {
snmptrap {
 host => "127.0.0.1"
 community => "public"
 port => "161"
 type => "snmp_trap"
  }
}
output {
 stdout { codec => rubydebug }
}

snmpwalk -mAll -v1 -cpublic 127.0.0.1:161
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (7218152) 20:03:01.52

root@lab-graphite:~# netstat -lpn | grep snmp
udp   0   0  127.0.0.1:161     0.0.0.0:*       43559/snmpd
udp   0   0  0.0.0.0:54155     0.0.0.0:*       43559/snmpd
unix  2      [ ACC ]     STREAM     LISTENING     2593117  43559/snmpd         /var/agentx/master

SNMP Trap listener died {:exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:in `bind'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:540:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:585:in `create_transport'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:618:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:74:in `build_trap_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:78:in `snmptrap_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:53:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:342:in `inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:336:in `start_input'"], :level=>:warn}
这是完整的错误消息:

input {
snmptrap {
 host => "127.0.0.1"
 community => "public"
 port => "161"
 type => "snmp_trap"
  }
}
output {
 stdout { codec => rubydebug }
}

snmpwalk -mAll -v1 -cpublic 127.0.0.1:161
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (7218152) 20:03:01.52

root@lab-graphite:~# netstat -lpn | grep snmp
udp   0   0  127.0.0.1:161     0.0.0.0:*       43559/snmpd
udp   0   0  0.0.0.0:54155     0.0.0.0:*       43559/snmpd
unix  2      [ ACC ]     STREAM     LISTENING     2593117  43559/snmpd         /var/agentx/master

SNMP Trap listener died {:exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:in `bind'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:540:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:585:in `create_transport'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:618:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:74:in `build_trap_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:78:in `snmptrap_listener'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:53:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:342:in `inputworker'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:336:in `start_input'"], :level=>:warn}

SNMP陷阱监听器死亡{:异常=>#,:backtrace=>[“org/jruby/ext/socket/rubydpsocket.java:160:in`bind'”、/opt/logstash/vendor/bundle/jruby/1.9/gems/SNMP/SNMP-1.2.0/lib/SNMP/manager.rb:540:in`initialize'、/opt/logstash/vendor/bundle/jruby/1.9/gems/SNMP-1.2.0/lib/SNMP/manager.rb:585:in`createĂĂĂĂ,“/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/lib/snmp/manager.rb:618:in‘initialize’”、/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:74:in‘build\u trap\u listener’”/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/snmptrap.rb:78:in‘snmptrap_listener’,“/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-snmptrap-2.0.4/lib/logstash/inputs/inputs/snmptrap.rb:53:in‘run’”/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:342:in‘inputworker’,/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.2-java/lib/logstash/pipeline.rb:336:in‘开始输入’,:level=>:warn}
在.conf文件中,“host”参数表示运行logstash的计算机的ip地址或主机名。如果您要从外部世界源接收snmp陷阱,则它不应是localhost(127.0.0.1)。不过,对于本地安装测试也可以

正如注释中已经提到的,默认的snmptrap端口是162(并且没有理由在设置中更改它)。 另外,由于netstat显示snmpd正在运行,并且它侦听udp端口161,因此不允许您的日志存储绑定到同一端口161

`snmpwalk` is not the right way to test your setup (it actually polls snmpd daemon on port 161) - it is `snmptrap` command that will send trap to your logstash input. For example,

`snmptrap -v1 -c public 127.0.0.1 .1.3 i 0 123456780 127.0.0.1 0 .1.3.6 i 12345`
您还可以以root用户身份运行
tcpdump端口162
,以检查
snmptrap
是否在127.0.0.1:162向目标发送数据包

(这里127.0.0.1是下面logstash.conf中使用的主机地址)

因此,对于本地测试使用

`snmptrap {
 host => "127.0.0.1"
 community => "public"
 port => "162"
 type => "snmp_trap"
  }
}`
我使用的是SNMPTRAP输入,但希望它能像普通的SNMP get一样工作。它确实在工作,但没有发送陷阱。

FYI。SNMP陷阱的默认端口是162/UDP。它不会在远程计算机上侦听。您可能希望将配置中的主机绑定到其实际物理地址,而不是环回。I已使用名称、本地IP地址和环回但未成功。我想我将在同一网络上配置一个简单的远程snmp服务器。尝试读取本地snmp服务器可能会导致问题。我相信问题在于这是一个snmptrap输入插件(如文档所示)。我假设捕获到的唯一消息是从没有陷阱的snmp服务器发送的陷阱。因此它一直在工作☺ 我正在寻找的是一种使用logstash定期查询snmp并将其发送到graphite输出插件的方法。