SNMP Trap input


(Pmmivv) #1

Hii!!

What’s the best way to generate and recive snmp traps and how to do it?

Bests

Patrick


(Jochen) #2

See https://marketplace.graylog.org/addons/ba8770da-ea67-423a-9527-7be587c25a0d


(Pmmivv) #4

jochen, yes I tried this but I did not succeed…


(Jochen) #5

That’s a bit scarce on information…


(Pmmivv) #6

jochen, please tell me that dont only work with the public community ?!


(Jan Doberstein) #7

Hej Patrick,

you provide a very little Information about what you like to have and what you had tried before. The people that try to help you can only guess and use a :crystal_ball:

Please provide enough Information that someone that is not you and who does not know your environment can understand your issue and does not need to ask for more detailed information.

Additional shout out single questions without a context is rude. You are working and interacting with other humans. That people try to help you and you are not paying for anything.

Be polite and you might get help - but if you just shout something into the room, don’t expect to get help.


(Pmmivv) #8

Hi Jan,
Allright, i will do that

My goal is to do monitoring of SNMP Suportted devices (like storages, Servers, routers, shitchs…) and get informations about some specific components, ( disk space, link bandwidth, device stat “UP or DOWN” and other parameters).

I have in this moment graylog instaled in a centos VM and with full connection to my device network to monitoring.
But i really can’t understand how snmp plugin works in graylog, what’s programs he need to install in CENTOS, what kind of configurations and this kind of things to monitoring my devices.

What i really need is some explicit toturial with some pratical exemple to replicate in my network and fully understand how SNMP works with graylog server


#9

Just found this while trying to setup snmp traps. My guess is that your issue was the plugin defaults to use udp port 1620. Some snmp enabled devices do not support changing the trap destination port and Graylog can’t start the input with udp 162. You need to put a redirect in your firewall/iptables.

On Centos this would work assuming the rest of your firewall/iptables setup is correct and you are using the default public zone.

firewall-cmd --zone=public --add-forward-port=port=162:proto=udp:toport=1620 --permanent
firewall-cmd --reload
firewall-cmd --list-all

You should now see the redirect:
public (active)

forward-ports: port=162:proto=udp:toport=1620:toaddr=

If you have the net-snmp-devel tools installed you can test if it’s working with (X.X.X.X is your graylog instance IP:
snmptrap -v 1 -c public X.X.X.X .1.3.6.1.6.3 “” 0 0 coldStart.0


(Sergio Gadaleta) #10

Hello, I am having some issues myself. I was able to configure SNMP and receive test traps. However, the traps I am getting are not in any legible format. I’m sure it has something to do with missing mibs, but I really don’t know how to get them loaded or what mibs to load. Any help?