SNMP Trap not coument


(David) #1

I do not write English very well
but I need help, since I can not find more help with the “SNMP Trapd” plugins of Graylog.
I need to be able to bring me the log information of several ciso catalyst switches from several agencies, part of the project to centralize the log that I have. The issue is that I have an SNMP community which responds to all the switches and router that I manage, I found encontrig graylog, but now I’m sorry to see that there is no more documentation of the snmp plugins.
I do not know what to do anymore because I promised that graylog would be the open source solution for this project.

If someone can help me, it would be very helpful.


(Jan Doberstein) #2

He @dpina

what is your question? What steps have you done and what does not happen as it should?

What have you configured where?

Without a clear question and providing as much information as possible from your end it will be hard to someone else to help you.

regards
Jan


(David) #3

The question is the following, how can I do to capture the external router log that communicates through a snmp zone, with the snmp plugins that is in https://marketplace.graylog.org/addons/ba8770da-ea67-423a-9527-7be587c25a0d? The configuration is as follows: centos 7, following the steps of http://docs.graylog.org/en/latest/pages/installation/os/centos.html

Install the snmp plugins in /usr/share/graylog-server/plugin/graylog-plugin-snmp-0.3.0.jar

But it does not bring any information about it to be able to capture the log of the external routers that I want to monitor.

However I have read within the plugins options the following: Currently only the public SNMP community is supported by the plugin.

Knowing what options I can use with graylog to be able to bring me the cisco router logs through snmp trap of my snmp community?


(David) #4

My account was blocked, I can not write for the post, I just have to write here. How can I answer the questions if I do not even explain why I was blocked and could not have any answer.


(David) #6

Some possible help in this regard.


(Jan Doberstein) #7

if you like to get fast responses and not volunteer help you might want to buy professional support by Graylog ( https://www.graylog.org/contact-sales ). Just that you have it in mind - this is the community forum where all help is given on a volunteer base.

The plugin allows to create a SNMP TRAP that can be used as a target for events from other devices. It does not poll the information. You would need to configure your devices with the created trap as target for messages.


(David) #8

Good evening Jan,

Thank you I will consider it if I can do what the client requested with the Graylog solution, I apologize if I seemed hurried.

I have searched in many parts for information about the plugins, and the truth is that I have not obtained the desired results. The plugins as I understand “SNMP TRAP” will not be useful then to process the information I get on my server through snmptrap.

So, how can I use graylog to be able to capture through snmp the necessary information corresponding to the logs that the routers can send by snmp to my snmp, and that the server where I have installed graylog can I graph or see that information in the graylog dashboards?

The client for whom I work used the “Kiwi Syslog” solution, as I have worked with Graylog before at the server level. The results of this solution are great for the client, but I do not know how graylog can centralize the Cisco cisco’s logs using snmp.

I’m grateful with your timely response and once again I apologize it seemed rushed in the answer.

Graylog is a very verastil tool, powerful and well seen by me as a server administrator to use it in small and medium enterprises.


(Jan Doberstein) #9

He David,

personal I have never used Graylog to GET SNMP Informations active - like with SMNP Walk - only with the trap where devices send their messages too. Maybe a tool like LibreNMS can help you with that?

I think that in this community are more people that can help you with that topic. I’d never worked as Network Admin, so that is not my area.


(David) #10

Thanks for answering,

I found an unconventional way, but it has given me lights to capture the SNMPTRAP mesnages. What I did was to activate snmptrapd as a service, execute a script inside the server that communicates with the SNMP community, in the service options of snmptrapd /etc/sysconfig / snmptrapd OPTIONS = "- n -Lsd -p /var/run/snmptrapd.pid "do the capture of the same /var/log/messages and configure the rsyslog service to be captured locally by Graylog.

Then it is best to create the custom path of /var/log/snmptrapd, improve the values of the capture script and filter via command and then with Graylog to make the graphs.

With certain limitations, but I could have visually and with graphics the log captured by snmptrapd. Where I should improve is in the query queries of greylog to filter the data required by the client.

I risked giving the client better detail than I required and it did not turn out so badly.

Thanks for your valuable support. My respect and admiration for Graylog, I hope this solution evolves much better :smile:


(system) #11

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.