Skip to content

Graylog plugin to receive SNMP traps

License

Unknown, GPL-3.0 licenses found

Licenses found

Unknown
LICENSE
GPL-3.0
COPYING
Notifications You must be signed in to change notification settings

illukas/graylog-plugin-snmp

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SNMP Plugin for Graylog

Fork specific info:

Download the plugin and place the .jar file in your Graylog plugin directory. Restart Graylog.

Launch a new input and configure it:

  • Settings marked Optional are needed only for V3 inputs. Leave them at default for v1/v2c.
  • If you absolutely must use udp/162 port, then route traffic in your firewall udp/162 > udp/1620 because Graylog can't bind to ports under 1024.
  • Additional MIBs are now sorted by filename 0-9/a-Z after loading, which happens after receiving the first trap. MIB loader writes what its doing into the graylog server log.
  • Traps that fail to match the configuration or security model will produce an error message in the graylog server log. V3 traps tend to fail without errors. That shall be looked into in the future.

This plugin provides an input plugin to receive SNMP traps.

Required Graylog version: 2.0.0 and later

Caveat

This plugin is still pretty young and hasn't seen production traffic yet. Please let us know if you see any problems. Thank you!

Installation

Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.

Setup

To get a basic set of MIB files on Linux you should install the snmp and snmp-mibs-downloader packages (the names might be different depending on the OS) and execute the download-mibs command. This fetches a lot of standard MIBs and installs them into the standard directories.

In the Graylog web interface, go to System/Inputs and create a new SNMP input like this:

SNMP input creation dialog

Now you can point your SNMP devices to the configured IP address and port to receive SNMP traps.

Custom MIBs

The input creation dialog allows you to configure a path to custom MIB files. Alternatively you can also copy your custom MIB files into the /usr/share/mibs directory which is included by default. Please keep in mind that some MIBs need to be loaded with a special order. To achieve this create numbered sub-directories in your MIB load path and place the files there in the right order. E.g. VMWare MIBs have to be loaded in this order:

   VMWARE-ROOT-MIB.mib 
   VMWARE-TC-MIB.mib 
   VMWARE-PRODUCTS-MIB.mib 
   VMWARE-SYSTEM-MIB.mib
   VMWARE-ENV-MIB.mib
   VMWARE-RESOURCES-MIB.mib
   VMWARE-VMINFO-MIB.mib
   ...

So you should create a directory structure like:

   /usr/share/mibs/1/VMWARE-ROOT-MIB.mib 
   /usr/share/mibs/2/VMWARE-TC-MIB.mib 
   /usr/share/mibs/3/VMWARE-PRODUCTS-MIB.mib
    ...

Limitations

Currently only the public SNMP community is supported by the plugin.

Plugin Development

This project is using Maven 3 and requires Java 8 or higher.

  • Clone this repository.
  • Download Mibble
  • mvn install:install-file -DgroupId=net.percederberg -DartifactId=mibble-parser -Dversion=2.9.3 -Dpackaging=jar -Dfile=mibble-2.9.3/lib/mibble-parser-2.9.3.jar (replace mibble version with the one you downloaded)
  • mvn install:install-file -DgroupId=net.percederberg -DartifactId=mibble-mibs -Dversion=2.9.3 -Dpackaging=jar -Dfile=mibble-2.9.3/lib/mibble-mibs-2.9.3.jar (replace mibble version with the one you downloaded)
  • Run mvn package to build a JAR file.
  • Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
  • Copy generated JAR file in target directory to your Graylog plugin directory.
  • Install system packages 'snmp' and 'snmp-mibs-downloader'
  • Execute 'sudo download-mibs'
  • Copy additional MIB files to /usr/share/mibs
  • Restart the Graylog.
  • Send test trap sudo snmptrap -v 2c -c public 127.0.0.1:1620 '' .1.3.6.1.4.1.5089.1.0.1 .1.3.6.1.4.1.5089.2.0.999 s "123456"

Plugin Release

We are using the maven release plugin:

$ mvn release:prepare
[...]
$ mvn release:perform

This sets the version numbers, creates a tag and pushes to GitHub. Travis CI will build the release artifacts and upload to GitHub automatically.

About

Graylog plugin to receive SNMP traps

Resources

License

Unknown, GPL-3.0 licenses found

Licenses found

Unknown
LICENSE
GPL-3.0
COPYING

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 100.0%