SNMP: Trap Templates

Description

SNMP traps are not always cut and dry strings of data, there should be a way to handle the data in a meaningful way.

Example Trap:

"CISCO-MAC-NOTIFICATION::cmnHistMacChangedMsg.38" => "\x02\x00\x01\x00\x19\xFDK\x1C\xEC\x00/\x00"

This maps to the following (See: http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=cmnHistMacChangedMsg):

"This object contains the information of a MAC change
notification event. It consists of several tuples packed
together in the format of '...'.

Each tuple consist of 11 octets in the format of
'' where 

is of size 1 octet and supports the following values
0 - End of MIB object.
1 - MAC learnt.
2 - MAC removed.

is VLAN number of the VLAN which the MAC address is
belonged to and has size of 2 octet.

is the Layer2 Mac Address and has size of 6 octets.

is the value of dot1dBasePort for the
interface from which the MAC address is learnt and has size
of 2 octets."

As such, there should be a simple way to write definitions for these that break out the data and create events based on the contained data.

Web links

Gliffy Diagrams

Activity

Show:

Philippe Weber March 16, 2015 at 5:23 AM

Moved ti github
https://github.com/logstash-plugins/logstash-input-snmptrap/issues/3

Duplicate

Details

Assignee

Logstash Developers

Reporter

Jason Kendall

Affects versions

1.4.1 (bugfix only)

Created May 28, 2014 at 1:46 AM

Updated March 16, 2015 at 5:23 AM

Resolved March 16, 2015 at 5:23 AM

Configure