SNMP Add On Configuration

I’ve installed the SNMP add on and configured the Input.

I’m receiving Traps but I can’t get the MIBs translation working.

I’ve put the mibs in /usr/share/snmp/mibs which is one of the default locations according to the test on the Input.

Some of the MIBs within this directory are within sub directories and some are directly in /mibs

Neither way seems to work.

Any ideas?

In the server log file I see Error loading MIB file: /directory structure/mibfile.mib

java.lang.NullPointerException: null

Why, you need SNMP ??..

Because many devices don’t have the ability to send syslogs, only SNMP.

try to use the syslog, and not SNMP, here we are talking about collecting logs, the best is to configure the syslog for sending and receiving logs @nick

Hi @Labidi as stated above I have some devices THAT DO NOT HAVE SYSLOG. They only have SNMP.

There is an SNMP Add-On in the market place and this is the Add-On forums.

SNMP also send log data, I am talking about sending and receiving logs.

@nick you’re absolutely right–as one of the newer folks at Graylog, I lack some of the historical context around the plugin, but it seems like we’ve done a poor job of maintaining it (I’m looking at the issues on the repo, and OOF). I’ll follow up with @bernd and some of the other folks internally to see what our plans for this add on might be.

1 Like

Why not use logstash with input plugin SNMP?

@shoothub We already have a full Graylog instance running, we don’t want to have to run another tool as well. That adds to management overheads, patching, security, monitoring etc. Graylog should be a single point for log management. If I were to use Logstash we might as well switch to ELK entirely.

@aaronsachs is the plugin completely broken or is there something I can do to get it working, at the moment I’m blind to logs coming in via SNMP as while the logs are received in Graylog I can’t translate them.

@nick from what I’ve determined about anything the graylog-labs org, those are plugins that are experimental and aren’t actively being developed unless we pull them into the main project. That said, I believe that without some significant investment on our part, the plugin shouldn’t be used for a production use case and would be considered broken. Out of curiosity, have you tried just spinning up a raw/plaintext input and sending the SNMP traps to that? IIRC, that particular input isn’t picky about what you send it, so you should be able to get traps there?

Hi @aaronsachs, I haven’t tried sending the traps to a RAW input. That’s the bit that is working within the Plugin, the Intput seems to work without an issue. Its the interaction with the MIB files that is broken.

If I used a RAW input I’d essentially be in exactly the same place, I’d have the trap but wouldn’t be able to read it without the MIB.

Its a bit frustrating that Graylog pushes Plugins as a major product feature but most of them are broken/not supported - even more so when its a Plugin developed by Graylog itself and that feature hasn’t been pulled into the main product even though its pretty key to a comprehensive log collector.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.