SNMP Trap Input - snmp fields not useable in pipeline rules

Hello,

I am using the SNMP Trap Input from marketplace. Now I try to use fields from Trap in pipeline rules, but they are always empty.

No MIB file is used, so each message contains fields with snmp oids. For example oid 1.2.3 will be shown as field snmp_1_2_3. In search field, I see that field snmp_1_2_3 has a value. Field test_1 has value “ok”, so I know this rule fires. But field test_2 is empty / not set.

Using has_field(snmp_1_2_3) in when clause does also not work.

rule "test"
when
    true
then
    set_field("test_1", "ok");
    set_field("test_2", to_string($message.snmp_1_2_3));
end

Any ideas? THe Guthub projects seems not maintained and I dont have the skills to fix java code by myself.

If I were you, I would rather use:

  1. Either logstash with snmptrap input plugin and send output to graylog
    https://www.elastic.co/guide/en/logstash/current/plugins-inputs-snmptrap.html
  2. Or another tool, that is better capable of mange snmp-traps, some NMS like Zabbix, Iginca for example.

Yes, logstash with snmp trap input and gelf output to graylog…
That sounds like a very good idea - thank you!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.