graylog-labs / graylog-plugin-snmp Goto Github PK

View Code? Open in Web Editor NEW

27.0 27.0 7.0 122 KB

Graylog plugin to receive SNMP traps

License: Other

Java 100.00%

graylog-plugin snmp graylog input monitoring

graylog-plugin-snmp's Introduction

SNMP Plugin for Graylog

This plugin provides an input plugin to receive SNMP traps.

Required Graylog version: 2.0.0 and later

Caveat

This plugin is still pretty young and hasn't seen production traffic yet. Please let us know if you see any problems. Thank you!

Installation

Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.

Setup

To get a basic set of MIB files on Linux you should install the snmp and snmp-mibs-downloader packages (the names might be different depending on the OS) and execute the download-mibs command. This fetches a lot of standard MIBs and installs them into the standard directories.

In the Graylog web interface, go to System/Inputs and create a new SNMP input like this:

Now you can point your SNMP devices to the configured IP address and port to receive SNMP traps.

Custom MIBs

The input creation dialog allows you to configure a path to custom MIB files. Alternatively you can also copy your custom MIB files into the /usr/share/mibs directory which is included by default. Please keep in mind that some MIBs need to be loaded with a special order. To achieve this create numbered sub-directories in your MIB load path and place the files there in the right order. E.g. VMWare MIBs have to be loaded in this order:

   VMWARE-ROOT-MIB.mib 
   VMWARE-TC-MIB.mib 
   VMWARE-PRODUCTS-MIB.mib 
   VMWARE-SYSTEM-MIB.mib
   VMWARE-ENV-MIB.mib
   VMWARE-RESOURCES-MIB.mib
   VMWARE-VMINFO-MIB.mib
   ...

So you should create a directory structure like:

   /usr/share/mibs/1/VMWARE-ROOT-MIB.mib 
   /usr/share/mibs/2/VMWARE-TC-MIB.mib 
   /usr/share/mibs/3/VMWARE-PRODUCTS-MIB.mib
    ...

Limitations

Currently only the public SNMP community is supported by the plugin.

Plugin Development

This project is using Maven 3 and requires Java 8 or higher.

Clone this repository.
Download Mibble
mvn install:install-file -DgroupId=net.percederberg -DartifactId=mibble-parser -Dversion=2.9.3 -Dpackaging=jar -Dfile=mibble-2.9.3/lib/mibble-parser-2.9.3.jar (replace mibble version with the one you downloaded)
mvn install:install-file -DgroupId=net.percederberg -DartifactId=mibble-mibs -Dversion=2.9.3 -Dpackaging=jar -Dfile=mibble-2.9.3/lib/mibble-mibs-2.9.3.jar (replace mibble version with the one you downloaded)
Run mvn package to build a JAR file.
Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
Copy generated JAR file in target directory to your Graylog plugin directory.
Install system packages 'snmp' and 'snmp-mibs-downloader'
Execute 'sudo download-mibs'
Copy additional MIB files to /usr/share/mibs
Restart the Graylog.
Send test trap sudo snmptrap -v 2c -c public 127.0.0.1:1620 '' .1.3.6.1.4.1.5089.1.0.1 .1.3.6.1.4.1.5089.2.0.999 s "123456"

Plugin Release

We are using the maven release plugin:

$ mvn release:prepare
[...]
$ mvn release:perform

This sets the version numbers, creates a tag and pushes to GitHub. Travis CI will build the release artifacts and upload to GitHub automatically.

graylog-plugin-snmp's People

Contributors

Stargazers

Watchers

Forkers

cvtienhoven ekingg illukas rayc11 ghostproducer isabella232 0888

graylog-plugin-snmp's Issues

Problem translate MIB in graylog-server

Copy of: Graylog2/graylog2-server#6524

I've a problem with translate MIB on graylog-server; I add a MIB files on /usr/share/snmp/mibs but when graylog start display me errors like this:
2019-10-01T13:35:42.429+02:00 ERROR [SnmpMibsLoader] Error loading MIB file: /usr/share/snmp/mibs/BRIDGE-MIB.txt

java.lang.NullPointerException: null
	at net.percederberg.grammatica.parser.ReaderBuffer.ensureCapacity(ReaderBuffer.java:348) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.ReaderBuffer.ensureBuffered(ReaderBuffer.java:320) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.ReaderBuffer.peek(ReaderBuffer.java:222) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.TokenStringDFA.match(TokenStringDFA.java:114) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.Tokenizer$StringDFAMatcher.match(Tokenizer.java:507) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.Tokenizer.nextToken(Tokenizer.java:327) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.Tokenizer.next(Tokenizer.java:287) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.Parser.peekToken(Parser.java:629) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.LookAheadSet$Sequence.isNext(LookAheadSet.java:750) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.LookAheadSet.isNext(LookAheadSet.java:184) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.isNext(RecursiveDescentParser.java:306) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:197) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.RecursiveDescentParser.parseStart(RecursiveDescentParser.java:162) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.grammatica.parser.Parser.parse(Parser.java:394) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.mibble.MibLoader$MibSource.parseMib(MibLoader.java:972) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.mibble.MibLoader.loadQueue(MibLoader.java:724) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.mibble.MibLoader.load(MibLoader.java:550) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at net.percederberg.mibble.MibLoader.load(MibLoader.java:479) ~[graylog-plugin-snmp-0.3.0.jar:?]
	at org.graylog.snmp.oid.SnmpMibsLoader.loadMibsFromPath(SnmpMibsLoader.java:80) [graylog-plugin-snmp-0.3.0.jar:?]
	at org.graylog.snmp.oid.SnmpMibsLoader.<init>(SnmpMibsLoader.java:36) [graylog-plugin-snmp-0.3.0.jar:?]
	at org.graylog.snmp.SnmpCommandResponder.<init>(SnmpCommandResponder.java:38) [graylog-plugin-snmp-0.3.0.jar:?]
	at org.graylog.snmp.codec.SnmpCodec.decode(SnmpCodec.java:61) [graylog-plugin-snmp-0.3.0.jar:?]
	at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:150) [graylog.jar:?]
	at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:91) [graylog.jar:?]
	at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:86) [graylog.jar:?]
	at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:45) [graylog.jar:?]
	at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:143) [graylog.jar:?]
	at com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66) [graylog.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222]

And in the web interface I see the OID but no the description of event

Expected Behavior

I expect to see the description of event and not the OID

Current Behavior

I see only the number of OID

Your Environment

Graylog Version: 3.1
Elasticsearch Version: 6.8.2
MongoDB Version: 4.0.12
Operating System: CENTOS 7

Problem install on ubuntu

Hello i have this error when i want install it on OVA appliance (for test)

ubuntu@graylog:/tmp$ dpkg -i graylog-plugin-snmp-0.3.0.deb
dpkg: error: requested operation requires superuser privilege
ubuntu@graylog:/tmp$ sudo -i
root@graylog:~# cd /tmp/
root@graylog:/tmp# dpkg -i graylog-plugin-snmp-0.3.0.deb
Selecting previously unselected package graylog-plugin-snmp.
(Reading database ... 105771 files and directories currently installed.)
Preparing to unpack graylog-plugin-snmp-0.3.0.deb ...
Unpacking graylog-plugin-snmp (0.3.0) ...
dpkg: dependency problems prevent configuration of graylog-plugin-snmp:
 graylog-plugin-snmp depends on graylog-server | graylog-radio; however:
  Package graylog-server is not installed.
  Package graylog-radio is not installed.

dpkg: error processing package graylog-plugin-snmp (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 graylog-plugin-snmp

no OID shown

Hi,

I am using graylog 1.3.2 and graylog-plugin-snmp version 0.3.0. Using the mentioned test command

snmptrap -v 2c -c public 127.0.0.1:162 '' .1.3.6.1.4.1.5089.1.0.1 .1.3.6.1.4.1.5089.2.0.999 s "123456"

An entry in graylog can be found however, no OID is shown, I would expect to see at least a couple of numbers if the corresponding MIBs could not be loaded?

These are the only information I get:

Received by
snmptraps on 49e92dd5 / graylog
Stored in index
graylog2_0
gl2_remote_ip
127.0.0.1
gl2_remote_port
41703
message
SNMP trap 1589655778
snmp_frxDownloadTrap
791579157915
snmp_request_id
1589655778
snmp_trap_type
TRAP
source
127.0.0.1

Any ideas how to solve this? (I would like to receive traps from a cisco device but there are the same problems...

Kind regards,
Mira

[Bug in v 0.3.0] java.lang.NullPointerException: null

Hi,

I am using Graylog v2.3 and installed the plugin version 0.3.0 on CentOs 6.6
I downloaded the VMWare MIB files as mentioned in the README file.

I have only 1 MIB file:
/usr/share/mibs/1/VMWARE-ROOT-MIB.mib

When I start Graylog and start sending Snmp traps, I get the below error:

2017-08-03T18:48:18.130+05:30 ERROR [SnmpMibsLoader] Error loading MIB file: /usr/share/mibs/1/VMWARE-ROOT-MIB.mib
java.lang.NullPointerException: null
at net.percederberg.grammatica.parser.ReaderBuffer.ensureCapacity(ReaderBuffer.java:348) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.ReaderBuffer.ensureBuffered(ReaderBuffer.java:320) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.ReaderBuffer.peek(ReaderBuffer.java:222) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.TokenStringDFA.match(TokenStringDFA.java:114) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.Tokenizer$StringDFAMatcher.match(Tokenizer.java:507) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.Tokenizer.nextToken(Tokenizer.java:327) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.Tokenizer.next(Tokenizer.java:287) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.Parser.peekToken(Parser.java:629) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.Parser.nextToken(Parser.java:566) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:230) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.RecursiveDescentParser.parseStart(RecursiveDescentParser.java:162) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.grammatica.parser.Parser.parse(Parser.java:394) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.mibble.MibLoader$MibSource.parseMib(MibLoader.java:972) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.mibble.MibLoader.loadQueue(MibLoader.java:724) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.mibble.MibLoader.load(MibLoader.java:550) ~[graylog-plugin-snmp-0.3.0.jar:?]
at net.percederberg.mibble.MibLoader.load(MibLoader.java:479) ~[graylog-plugin-snmp-0.3.0.jar:?]
at org.graylog.snmp.oid.SnmpMibsLoader.loadMibsFromPath(SnmpMibsLoader.java:80) [graylog-plugin-snmp-0.3.0.jar:?]
at org.graylog.snmp.oid.SnmpMibsLoader.(SnmpMibsLoader.java:36) [graylog-plugin-snmp-0.3.0.jar:?]
at org.graylog.snmp.SnmpCommandResponder.(SnmpCommandResponder.java:38) [graylog-plugin-snmp-0.3.0.jar:?]
at org.graylog.snmp.codec.SnmpCodec.decode(SnmpCodec.java:61) [graylog-plugin-snmp-0.3.0.jar:?]
at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:146) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:87) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:74) [graylog.jar:?]
at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:42) [graylog.jar:?]
at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:143) [graylog.jar:?]
at com.codahale.metrics.InstrumentedThreadFactory$InstrumentedRunnable.run(InstrumentedThreadFactory.java:66) [graylog.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]

send snmp trap feature request

i think it would be very usefull also to be able to send snmp traps to other system
matching in streams and alerts

// Anders

Source field is always set to "source"

Every message has the source field set to "source". It should contain the source address of the SNMP message.

Got the same issue, normal MIBS wont load

I left the input to the default folder, getting the error message for every mib under /usr/share/snmp/mibs (just took Transport-Address as an example):

2015-08-26 16:11:24,023 ERROR: org.graylog.snmp.oid.SnmpMibsLoader - Error loading MIB file: /usr/share/snmp/mibs/TRANSPORT-ADDRESS-MIB.txt
java.lang.NullPointerException
    at net.percederberg.grammatica.parser.TokenNFA.match(TokenNFA.java:194)
    at net.percederberg.grammatica.parser.Tokenizer$NFAMatcher.match(Tokenizer.java:560)
    at net.percederberg.grammatica.parser.Tokenizer.nextToken(Tokenizer.java:328)
    at net.percederberg.grammatica.parser.Tokenizer.next(Tokenizer.java:287)
    at net.percederberg.grammatica.parser.Parser.peekToken(Parser.java:629)
    at net.percederberg.grammatica.parser.LookAheadSet$Sequence.isNext(LookAheadSet.java:750)
    at net.percederberg.grammatica.parser.LookAheadSet.isNext(LookAheadSet.java:184)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.isNext(RecursiveDescentParser.java:286)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.isNext(RecursiveDescentParser.java:329)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:255)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
    at net.percederberg.grammatica.parser.RecursiveDescentParser.parseStart(RecursiveDescentParser.java:162)
    at net.percederberg.grammatica.parser.Parser.parse(Parser.java:394)
    at net.percederberg.mibble.MibLoader$MibSource.parseMib(MibLoader.java:972)
    at net.percederberg.mibble.MibLoader.loadQueue(MibLoader.java:724)
    at net.percederberg.mibble.MibLoader.load(MibLoader.java:550)
    at net.percederberg.mibble.MibLoader.load(MibLoader.java:479)
    at org.graylog.snmp.oid.SnmpMibsLoader.loadMibsFromPath(SnmpMibsLoader.java:80)
    at org.graylog.snmp.oid.SnmpMibsLoader.<init>(SnmpMibsLoader.java:36)
    at org.graylog.snmp.SnmpCommandResponder.<init>(SnmpCommandResponder.java:38)
    at org.graylog.snmp.codec.SnmpCodec.decode(SnmpCodec.java:61)
    at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:120)
    at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:79)
    at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:56)
    at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:33)
    at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:138)
    at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)

Using 0.3.0 and latest graylog 1.1.6.

plugin doesn't display translated oid

After upgrading graylog and elasticsearch just to get the snmp plugin, I'm disappointed that the input stream only displays the version 2c OID in numeric, not text format. Should the plugin display the text translation of the OID? I get no OID info on v1 traps at all. Is there a document that discusses what the plugin actually should display so I know if this is the expected output? Since snmptranslate on the graylog server returns the OID's text information using the plugin's default mib paths, it seems that the plugin should be finding those mibs for translation also. If only the numeric OID is the deigned output behavior, is there a graylog function to extend the plugin to translate and display the text OID for a more user-friendly interface? Sorry for the long message. Thanks.

Unable to decode SNMP PDU

i download the mibs, change the path and restart graylog-server but i still have this error msg

2015-08-12T08:55:37.290+02:00 ERROR [SnmpCodec] Unable to decode SNMP PDU
java.io.IOException: Unsupported PDU type: -92
        at org.snmp4j.PDU.decodeBER(PDU.java:555)
        at org.graylog.snmp.codec.SnmpCodec.decode(SnmpCodec.java:43)
        at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:120)
        at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:79)
        at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:56)
        at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:33)
        at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:138)
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)

Plugin fails when changing port to 162 ?

I prefer plugin to listen on port 162 but when I change it fails . Is it possible plugin to listen on port 162 instead of 1620 ?

Project is dead

No updates since 2006, many critical open issues unresolved for years.

number parsing exception when value is an OID

Hi
I'm collecting snmp messages from my Sonicwall device, i'm getting following error: MapperParsingException[failed to parse [snmp_x25Restart]]; nested: NumberFormatException[For input string: "1.3.6.1.4.1.8741.1.1.2.0.140"];
wireshark screen:

Not translating apc oids

I'm trying to recieve snmp traps for APC devices but the plugin doesn't appear to be translating them. I haven't tried any other types of devices yet. APC is sending v1 traps. I opened the mib file in mibble browser and it loaded fine.

To install the plugin I used the rpm package graylog-plugin-snmp-0.3.0-1.noarch.rpm.

What I'm seeing in the Web interface:
message
SNMP trap 0
snmp_communicationLost
1.3.6.1.4.1.318.0.636
snmp_request_id
0
snmp_trap_type
V1TRAP
source
10.10.10.10

When I run snmptranslate from the command line using the APC powernet mibs:
snmptranslate 1.3.6.1.4.1.318.0.636 -m /usr/share/snmp/custommibs/powernet423.mib.txt
PowerNet-MIB::apcTestTrap

The APC powernet mibs had an issue orginally and wouldn't load. I followed the directions at http://www.apc.com/us/en/faqs/FA235916/ and they appear to load fine now.

Server log shows:
2017-09-21T09:18:00.556-04:00 INFO [InputStateListener] Input [Syslog UDP/58c04694e344fc369aed31e3] is now RUNNING
2017-09-21T09:18:00.563-04:00 INFO [InputStateListener] Input [Raw/Plaintext UDP/58e5245dfc29384a373ac05c] is now RUNNING
2017-09-21T09:18:12.653-04:00 INFO [SnmpCommandResponder] Initialize new SnmpMibsLoader (custom path: "/usr/share/snmp/custommibs")
2017-09-21T09:18:12.659-04:00 WARN [SnmpMibsLoader] Not a directory: /usr/share/mibs
2017-09-21T09:18:12.661-04:00 WARN [SnmpMibsLoader] Not a directory: /usr/share/mibs
2017-09-21T09:18:13.155-04:00 WARN [SnmpMibsLoader] Error parsing MIB file: /usr/share/snmp/custommibs/2/Cumulus-Counters-MIB.txt

a symbol 'portName' already present in the MIB

System information:
Graylog 2.2.3
Java Oracle Corporation 1.8.0_141
Kernel 3.10.0-514.26.2.el7.x86_64)
Centos 7

powernet423.mib.txt

Fix OID

Seems like OIDs are not translated correctly. Method getSymbolById inside SnmpOIDDecoder - findMibSymbol:(http://www.mibble.org/doc/release/api/net/percederberg/mibble/Mib.html)
"Differing from the getSymbolByValue() methods, this method may return a symbol with only a partial OID match. If an exact match for the OID is present in the MIB, this method will always return the same result as getSymbolByValue(). Otherwise, the symbol with the longest matching OID will be returned, making it possible to identify a MIB symbol from an OID containing table row indices or similar. "
Here's my solution:

    private String findMibSymbol(String oid) {
        final List<Mib> mibs = loader.getAllMibs();
        LOG.debug("Searching through " + String.valueOf(mibs.size()) + " MIBs");
        String name = null;
        for (Mib mib : mibs) {
            MibValueSymbol symbol = mib.getSymbolByOid(oid);
            if(symbol != null) {
                String oid_tmp = oid.substring(0, oid.length()-2);
                if(symbol.getValue().toString().equals(oid_tmp)) {
                    name = symbol.getName();
                    return name;
                }
            }

        }
        return name;
    }

Is there any way possible that one can run the plug-in using native UDP 162?

Hi everyone,

Is there any way possible that one can run the plug-in using native UDP 162?

Trial and error reveals that the answer is NO but I am wondering whether someone has come up with a remedy to this issue?

Thanks

Information not extracted from SNMPv1

Installed to use with SNMP notifications provided by Veeam B&R with vendor supplied MIB. Messages are received and processed but fields are not created for the information provided by Veeam.

Parse errors - 'couldn't find referenced MIB' and 'undefined symbols'

Hello,

I'm using a fairly standard set of MIBs, the normal ones snmp-mibs-download fetches plus the Cisco v2 MIBs from their public FTP. My graylog-server logs are full of this:
Cisco example:

2015-09-08T15:39:30.020+10:00 WARN  [SnmpOIDDecoder] Error parsing MIB file: /var/lib/mibs/cisco/CISCO-RFC1213-CAPABILITY
 - couldn't find referenced MIB 'RFC-1212'
 - undefined symbol 'systemGroup'
 - undefined symbol 'systemGroup'
 - undefined symbol 'systemGroup'
 - undefined symbol 'systemGroup'
 - undefined symbol 'systemGroup'

IETF example:

2015-09-08T15:39:18.932+10:00 WARN  [SnmpOIDDecoder] Error parsing MIB file: /usr/share/mibs/ietf/IFCP-MGMT-MIB
 - couldn't find referenced MIB 'RFC-1212'
 - couldn't find referenced MIB 'RFC1271-MIB'
 - undefined symbol 'rmon'
 - undefined symbol 'OwnerString'
 - undefined symbol 'statistics'
 - undefined symbol 'OwnerString'
 - referenced value is not an object identifier
 - undefined symbol 'OwnerString'
 - referenced value is not an object identifier
 - referenced value is not an object identifier
 - referenced value is not an object identifier
 - referenced value is not an object identifier
 - referenced value is not an object identifier

Are they still being loaded, and these are just warnings?
Using 0.2.1 (due to the null pointer issue in #4 ) and latest Graylog (1.1.6)

set SNMPTrap community string (feature request)

Hi,

in reference to Jochens reply to my Mailing List entry:
https://groups.google.com/forum/?hl=en#!searchin/graylog2/snmp/graylog2/0eX-OTXuouw/806cNHLDCQAJ

As Jochen wrote the community string "public" is hardcoded in the plugin.

The plugin is working well with Graylog 2.0.1 on CentOS 6.7 but only with the default community string "public".

It is needed to set the community string.

In a first step it would be ok to configure it in /etc/graylog/server/server.conf or in a another file.
Best solution would be in the configuration window in Graylog Web as shown here:
https://github.com/Graylog2/graylog-plugin-snmp/blob/master/images/snmp-input-1.png

Thanks for the good work

Chris

where to set community string and port?

Hi, great work!

But how/where is it possible to set the community string or the port for the trap daemon?

I'm using Graylog v1.3.4 on CentOS 7.

Thanks for the help.

Regards
Chris

Bind input on port 162 UDP

Hello,

I am trying to run the SNMP plugin but I have a problem starting an input on the standard default SNMP trap receive port (162).
The input refuses to start. In the server log I have the follwing exception (/var/log/graylog/server/current) :
2016-10-03_10:00:42.66344 Caused by: java.net.SocketException: Operation not permitted

It looks like a classical low port binding problem for non-root user. However, this looks weird because Graylog is starting Syslog TCP and UDP inputs on port 514 without any problem.

My system : Graylog virtual appliance (graylog-2.1.1-1), RAM 32GB, 8 vCPU

I tried to add a special permission to java (see details here: http://serverfault.com/questions/112795/how-to-run-a-server-on-port-80-as-a-normal-user-on-linux/660121#660121):
sudo /sbin/setcap 'cap_net_bind_service+ep' /opt/graylog/embedded/jre/bin/java

After that server does start at all. The following error is logged (/var/log/graylog/server/current):

2016-10-03_09:59:23.69982 It looks like you are trying to access MongoDB over HTTP on the native driver port.
2016-10-03_09:59:23.70439 /opt/graylog/embedded/jre/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

So I revert back the permission with the command:
sudo /sbin/setcap 'cap_net_bind_service-ep' /opt/graylog/embedded/jre/bin/java

Is there's a way to allow that SNMP input to start on port 162 ?

Error loading MIB file - v 0.3.0 (still with 0.2.0)

here the detail

2015-08-17T08:33:37.065+02:00 ERROR [SnmpMibsLoader] Error loading MIB file: /usr/share/mibs/ietf/RADIUS-ACC-CLIENT-MIB
java.lang.ArrayIndexOutOfBoundsException: 2048
        at net.percederberg.grammatica.parser.TokenNFA$StateQueue.addLast(TokenNFA.java:1309)
        at net.percederberg.grammatica.parser.TokenNFA$State.matchTransitions(TokenNFA.java:393)
        at net.percederberg.grammatica.parser.TokenNFA.match(TokenNFA.java:198)
        at net.percederberg.grammatica.parser.Tokenizer$NFAMatcher.match(Tokenizer.java:560)
        at net.percederberg.grammatica.parser.Tokenizer.nextToken(Tokenizer.java:328)
        at net.percederberg.grammatica.parser.Tokenizer.next(Tokenizer.java:287)
        at net.percederberg.grammatica.parser.Parser.peekToken(Parser.java:629)
        at net.percederberg.grammatica.parser.Parser.nextToken(Parser.java:566)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.throwParseException(RecursiveDescentParser.java:812)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:202)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseElement(RecursiveDescentParser.java:261)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseAlternative(RecursiveDescentParser.java:227)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parsePattern(RecursiveDescentParser.java:198)
        at net.percederberg.grammatica.parser.RecursiveDescentParser.parseStart(RecursiveDescentParser.java:162)
        at net.percederberg.grammatica.parser.Parser.parse(Parser.java:394)
        at net.percederberg.mibble.MibLoader$MibSource.parseMib(MibLoader.java:972)
        at net.percederberg.mibble.MibLoader.loadQueue(MibLoader.java:724)
        at net.percederberg.mibble.MibLoader.load(MibLoader.java:550)
        at net.percederberg.mibble.MibLoader.load(MibLoader.java:479)
        at org.graylog.snmp.oid.SnmpMibsLoader.loadMibsFromPath(SnmpMibsLoader.java:80)
        at org.graylog.snmp.oid.SnmpMibsLoader.<init>(SnmpMibsLoader.java:35)
        at org.graylog.snmp.SnmpCommandResponder.<init>(SnmpCommandResponder.java:38)
        at org.graylog.snmp.codec.SnmpCodec.decode(SnmpCodec.java:61)
        at org.graylog2.shared.buffers.processors.DecodingProcessor.processMessage(DecodingProcessor.java:120)
        at org.graylog2.shared.buffers.processors.DecodingProcessor.onEvent(DecodingProcessor.java:79)
        at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:56)
        at org.graylog2.shared.buffers.processors.ProcessBufferProcessor.onEvent(ProcessBufferProcessor.java:33)
        at com.lmax.disruptor.WorkProcessor.run(WorkProcessor.java:138)
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)

this is the mib
http://www.filedropper.com/radius-acc-client-mib