Hi,
I am trying setup SNMP in Graylog. I have plugin installed and setup (port 1620, bind address 0.0.0.0)
And in Mikrotik I have SNMP enabled using v3, and target my graylog and in communites “public”
In graylog I added INPUT SNMP but Graylog can’t get info, how could I debug it?
Thanks.
hej @berekese
you should check:
Hi,
does the plugin work with your running Graylog version? -> Yes
any errors in the (Graylog) log file?
2017-06-08T09:02:12.694+02:00 INFO [connection] Opened connection [connectionId{localValue:10, serverValue:143}] to localhost:27017
2017-06-08T09:02:12.695+02:00 INFO [InputStateListener] Input [SNMP UDP/5938f6740a975a612f2b0c66] is now STARTING
2017-06-08T09:02:12.705+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SnmpUDPInput{title=SNMP Server, type=org.graylog.snmp.input.SnmpUDPInput, nodeId=null} should be 262144 but is 133120.
2017-06-08T09:02:12.706+02:00 INFO [InputStateListener] Input [SNMP UDP/5938f6740a975a612f2b0c66] is now RUNNING
does the input accept data?
How could I try it? I enabled SNMP on Mikrotik router with trap version 1, trap community public. If I use snmpwalk I can get info from router.
can the sending device connect to Graylog on the configured port?
SNMP in Graylog is listening port 1620 (default). I created INPUT by default, but I can’t connect to that port, if I do netstast I can’t see it opened.
$ telnet 192.168.1.XX 1620
Trying 192.168.1.XX…
telnet: Unable to connect to remote host: Connection refused
is the sending device sending data?
I think yes…
if you are not able to connect to the input - than something might block that…
Should I can do a telnet to port 1620 against graylog server?
I don’t see any instance on server listening port 1620.
Thanks.
if you start your input on this port - it should be open …
Uhm, that INPUT is Running but doing netstat -tlnp I can’t see port 1620 opened. How could I debug it?
This is SNMP’s log on server.log:
2017-06-08T09:37:56.435+02:00 INFO [CmdLineTool] Loaded plugin: SnmpPlugin 0.3.0 [org.graylog.snmp.SnmpPlugin]
2017-06-08T09:38:13.217+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SnmpUDPInput{title=SNMP Server, type=org.graylog.snmp.input.SnmpUDPInput, nodeId=null} should be 262144 but is 133120.
2017-06-08T09:42:13.532+02:00 INFO [InputSetupService] Attempting to close input <org.graylog.snmp.input.SnmpUDPInput.5938f6740a975a612f2b0c66> [SNMP UDP].
2017-06-08T09:42:13.533+02:00 INFO [InputSetupService] Input <org.graylog.snmp.input.SnmpUDPInput.5938f6740a975a612f2b0c66> closed. Took [0ms]
2017-06-08T09:42:16.279+02:00 INFO [CmdLineTool] Loaded plugin: SnmpPlugin 0.3.0 [org.graylog.snmp.SnmpPlugin]
2017-06-08T09:42:32.674+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SnmpUDPInput{title=SNMP Server, type=org.graylog.snmp.input.SnmpUDPInput, nodeId=null} should be 262144 but is 133120.
2017-06-08T09:43:56.173+02:00 INFO [InputSetupService] Attempting to close input <org.graylog.snmp.input.SnmpUDPInput.5938f6740a975a612f2b0c66> [SNMP UDP].
2017-06-08T09:43:56.174+02:00 INFO [InputSetupService] Input <org.graylog.snmp.input.SnmpUDPInput.5938f6740a975a612f2b0c66> closed. Took [1ms]
2017-06-08T09:43:58.977+02:00 INFO [CmdLineTool] Loaded plugin: SnmpPlugin 0.3.0 [org.graylog.snmp.SnmpPlugin]
2017-06-08T09:44:15.159+02:00 INFO [CmdLineTool] Loaded plugin: SnmpPlugin 0.3.0 [org.graylog.snmp.SnmpPlugin]
2017-06-08T09:44:31.305+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SnmpUDPInput{title=SNMP Server, type=org.graylog.snmp.input.SnmpUDPInput, nodeId=null} should be 262144 but is 133120.
2017-06-08T09:45:16.220+02:00 INFO [InputSetupService] Attempting to close input <org.graylog.snmp.input.SnmpUDPInput.5938f6740a975a612f2b0c66> [SNMP UDP].
2017-06-08T09:45:16.221+02:00 INFO [InputSetupService] Input <org.graylog.snmp.input.SnmpUDPInput.5938f6740a975a612f2b0c66> closed. Took [1ms]
2017-06-08T09:45:19.023+02:00 INFO [CmdLineTool] Loaded plugin: SnmpPlugin 0.3.0 [org.graylog.snmp.SnmpPlugin]
2017-06-08T09:45:35.829+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SnmpUDPInput{title=SNMP Server, type=org.graylog.snmp.input.SnmpUDPInput, nodeId=null} should be 262144 but is 133120.
2017-06-08T10:07:11.851+02:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SnmpUDPInput{title=SNMP Server, type=org.graylog.snmp.input.SnmpUDPInput, nodeId=null} should be 262144 but is 133120.Thanks.
are you sure that the plugin author provide a version that is working with 2.3?
In market he said: Required Graylog version: 2.0 and later
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.