SNMP plugin prevents startup of Graylog 5.1.0

Graylog Central (peer support)
1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
After updating Graylog from 5.0.7 to 5.1.0, the service don’t startup due to the SNMP 0.3.0 plugin

2. Describe your environment:

  • OS Information:
    Ubuntu 22.04 LTS
  • Package Version:
    5.1.0
  • Service logs, configurations, and environment variables:
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: Exception in thread “main” com.google.inject.CreationException: Unable to create injector, see the following errors:
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: 1) [Guice/MissingImplementation]: No implementation for SnmpUDPInput$Factory was bound.
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: Requested by:
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: 1 : Graylog2Module.installInput(Graylog2Module.java:233)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: _ installed by: PluginBindings → SnmpPluginModule
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: Learn more:
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: MISSING_IMPLEMENTATION · google/guice Wiki · GitHub
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: 2) MessageInput$Descriptor is abstract, not a concrete class. Unable to create AssistedInject factory.
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: while locating MessageInput$Descriptor
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at MessageInput$Factory.getDescriptor(MessageInput.java:1)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: 2 errors
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: ======================
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: Full classname legend:
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: ======================
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: Graylog2Module: “org.graylog2.plugin.inject.Graylog2Module”
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: MessageInput$Descriptor: “org.graylog2.plugin.inputs.MessageInput$Descriptor”
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: MessageInput$Factory: “org.graylog2.plugin.inputs.MessageInput$Factory”
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: PluginBindings: “org.graylog2.shared.bindings.PluginBindings”
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: SnmpPluginModule: “org.graylog.snmp.SnmpPluginModule”
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: SnmpUDPInput$Factory: “org.graylog.snmp.input.SnmpUDPInput$Factory”
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: ========================
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: End of classname legend:
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: ========================
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:568)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at com.google.inject.internal.InternalInjectorCreator.initializeStatically(InternalInjectorCreator.java:163)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:110)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at com.google.inject.Guice.createInjector(Guice.java:87)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at org.graylog2.shared.bindings.GuiceInjectorHolder.createInjector(GuiceInjectorHolder.java:34)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at org.graylog2.bootstrap.CmdLineTool.setupInjector(CmdLineTool.java:506)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at org.graylog2.bootstrap.CmdLineTool.doRun(CmdLineTool.java:306)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:260)
    May 22 16:42:33 acg-graylog-v01 graylog-server[24006]: at org.graylog2.bootstrap.Main.main(Main.java:45)

3. What steps have you already taken to try and solve the problem?

4. How can the community help?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

Check your Graylog plugin directory.

/usr/share/graylog-server/plugin

Do you see the SNMP plugin? If it is missing, you can replace it and try again.

I don’t believe there is an officially supported plugin for SNMP, so I presume it is a community plugin. Is that right?

3

Yes, of course the plugin is there, that’s the only way to install/use it. In order to make Graylog startup again it’s required to remove the plugin from the plugin folder.
Indeed it’s a community plugin, the only one which is available at all and which was working fine even with Graylog 5.0.7. The question is, if something in the plugin interface has been modified intentionally which may make existing plugins incompatible. If not, 5.1.0 should be reviewed in order to preserve plugin compatiblity.

4

Can you clarify if you are talking about this? GitHub - graylog-labs/graylog-plugin-snmp: Graylog plugin to receive SNMP traps

5

I’m sorry for being unprecise! Yes, you’re right, it’s exactly the plugin that I use.

6

No worries :slight_smile:

Even though the plugin is released under graylog labs, its more or less treated like a third party plugin, meaning no ongoing support. It looks like there hasn’t been a release since 2015 as well. Unfortunately this plugin is not actively maintained and there are no plans to update it. There were a lot of changes in Graylog 5.1 and its likely this is what broke the snmp plugin.

You can try opening an issue in the repository, although i can’t guarantee it will be addressed.

7

Hmm, understand the points of course but still are quite unhappy. To be honest, I don’t understand why a SIEM doesn’t support standard protocols like SNMP natively and why there’s no proper communication about such changes in advance. Yes, I understand that you don’t treat the plugin as if it were yours but how should I know about that? As well, out of maintenance, ok, but again, how should I know about that? The project is not marked as archived or inactive like other plugins are.
Overall, I don’t believe that you ignore SNMP entirely. Is there any way to receive SNMP messages with Graylog which I missed in the past?

Many thanks for your information!

8

Hi @Elix

I understand your frustration, but I can’t offer much more than sympathy. As @drewmiranda-gl explained, this was never meant to be a supported piece of code. I am sorry we didn’t communicate that more clearly.

The good news is that there are certainly other ways to collect SNMP traps. NXLog can do it, and Graylog even supports NXLog agent management via Sidecar and NXLog outputs natively to the Graylog Enhanced Log Format (GELF).

https://docs.nxlog.co/glossary/snmp.html

This is just the first example I found. There are others.

I hope this helps. Thanks @drewmiranda-gl for stepping in to help @Elix.

9

Hi @chris.black-gl,

so, I didn’t miss anything and Graylog isn’t able to collect SNMP messages natively and relies on 3rd party products to do the job. Hmmmm. Well, at least my situation is clear now. Many thanks for your support and also thanks to @drewmmiranda !

10

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.