Skip to content

Home

Jump to bottom
Colin Surprenant edited this page May 31, 2018 · 1 revision

Configuration examples

Using get to query for scalar values for the given OID(s)

input {
  snmp {
    get => ["1.3.6.1.2.1.1.1.0", "1.3.6.1.2.1.1.3.0", "1.3.6.1.2.1.1.5.0"]
    hosts => [{host => "udp:127.0.0.1/161" community => "public"}]
  }
}

Using walk to query for the subtree of information starting at the given OID(s)

  snmp {
    walk => ["1.3.6.1.2.1.1"]
    hosts => [{host => "udp:127.0.0.1/161" community => "public"}]
  }
}

Using both get and walk in the same poll cycle for each host(s)

input {
  snmp {
    get => ["1.3.6.1.2.1.1.1.0", "1.3.6.1.2.1.1.3.0", "1.3.6.1.2.1.1.5.0"]
    walk => ["1.3.6.1.2.1.1"]
    hosts => [{host => "udp:127.0.0.1/161" community => "public"}]
  }
}

Using multiple hosts

input {
  snmp {
    get => ["1.3.6.1.2.1.1.1.0"]
    hosts => [{host => "udp:127.0.0.1/161" community => "public"}, {host => "udp:192.168.0.1/161" community => "private"}]
  }
}

Specifying all hosts options

input {
  snmp {
    get => ["1.3.6.1.2.1.1.1.0"]
    hosts => [{host => "udp:127.0.0.1/161" community => "public", version => "2c", retries => 2, timeout => 1000}]
  }
}
  • community the community string, default is public.
  • version only 2c is supported for the moment.
  • retries is the number of retries in case of failure, default is 2.
  • timeout is the timeout in milliseconds with a default value of 1000.

Specifying all global options

input {
  snmp {
    get => ["1.3.6.1.2.1.1.1.0"]
    hosts => [{host => "udp:127.0.0.1/161"}]
    
    mib_paths => ["path/to/converted/mibfile.dic"]
    oid_root_skip => 0
    interval => 30
  }
}
  • number of OID root digits to ignore in event field name. list of paths of MIB .dic files or directory. If a dir path is specified, all files with .dic extension will be loaded. See mib_paths section.
  • oid_root_skip number of OID root digits to ignore in event field name, default is 0.
  • interval is the number of second to pause between each poll cycle, default is 30 seconds.

mib_paths option

Standard ASN.1 MIB files must be converted using the libsmi library smidump command line utility to be usable with the plugin. For example, using the RFC1213-MIB.txt file :

$ smidump -k -f python RFC1213-MIB.txt > RFC1213-MIB.dic

The OSS libsmi library is available & installable on most OS.

Polled host information

All the polled host information is store in the event @metadata:

  • [@metadata][host_protocol] : will be either udp or tcp
  • [@metadata][host_address] : the host address for example 127.0.0.1
  • [@metadata][host_port] : the host port for example 161
  • [@metadata][host_community] : the community string for example public

By default, a host field will be added to the event with the [@metadata][host_address] value. This is accomplished by the default behaviour of the add_field option for this plugin as defined by

config :add_field, :validate => :hash, :default => { "host" => "%{[@metadata][host_address]}" }

This means that it is possible to customize the format and content of the host field by specifying an alternate add_field for example

input {
  snmp {
    get => ["1.3.6.1.2.1.1.1.0"]
    hosts => [{host => "udp:127.0.0.1/161"}]
    
    add_field => {host => "%{[@metadata][host_protocol]}:%{[@metadata][host_address]}/%{[@metadata][host_port]},%{[@metadata][host_community]}"}
  }
}
Clone this wiki locally