:plugin: snmptrap :type: input :default_codec: plain /////////////////////////////////////////// START - GENERATED VARIABLES, DO NOT EDIT! /////////////////////////////////////////// :version: %VERSION% :release_date: %RELEASE_DATE% :changelog_url: %CHANGELOG_URL% :include_path: ../../../../logstash/docs/include /////////////////////////////////////////// END - GENERATED VARIABLES, DO NOT EDIT! /////////////////////////////////////////// [id="plugins-{type}s-{plugin}"] === Snmptrap input plugin include::{include_path}/plugin_header.asciidoc[] ==== Description Read snmp trap messages as events Resulting `message` field resembles: [source,ruby] #], @timestamp=#, @generic_trap=6, @enterprise=[1.2.3.4.5.6], @source_ip="127.0.0.1", @agent_addr=#, @specific_trap=99> [id="plugins-{type}s-{plugin}-ecs"] ==== Compatibility with the Elastic Common Schema (ECS) Because SNMP data has specific field names based on OIDs, we recommend setting a <>. The source host field changes based on <>. [cols="> described later. [cols="<,<,<",options="header",] |======================================================================= |Setting |Input type|Required | <> |<>|No | <> |<>|No | <> |<>|No | <> |<>|No | <> |<>|No | <> |<>|No |======================================================================= Also see <> for a list of options supported by all input plugins.   [id="plugins-{type}s-{plugin}-community"] ===== `community` * Value type is <> * Default value is `"public"` SNMP Community String to listen for. [id="plugins-{type}s-{plugin}-ecs_compatibility"] ===== `ecs_compatibility` * Value type is <> * Supported values are: ** `disabled`: does not use ECS-compatible field names (fields might be set at the root of the event) ** `v1`, `v8`: avoids field names that might conflict with Elastic Common Schema (for example, the `host` field) * Default value depends on which version of Logstash is running: ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default ** Otherwise, the default value is `disabled`. Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)]. [id="plugins-{type}s-{plugin}-host"] ===== `host` * Value type is <> * Default value is `"0.0.0.0"` The address to listen on [id="plugins-{type}s-{plugin}-port"] ===== `port` * Value type is <> * Default value is `1062` The port to listen on. Remember that ports less than 1024 (privileged ports) may require root to use. hence the default of 1062. [id="plugins-{type}s-{plugin}-target"] ===== `target` * Value type is <> * There is no default value for this setting The name of the field under which SNMP payloads are assigned. If not specified data will be stored in the root of the event. Setting a target is recommended when <> is enabled. [id="plugins-{type}s-{plugin}-yamlmibdir"] ===== `yamlmibdir` * Value type is <> * There is no default value for this setting. directory of YAML MIB maps (same format ruby-snmp uses) [id="plugins-{type}s-{plugin}-common-options"] include::{include_path}/{type}.asciidoc[] :default_codec!: