How to config logstash to listen by snmptrap?

Question

I am a new user of lostash and elastichsearch. I want to collection logs of network devices by snmptrap. I have a problem with logstash. Please help me!!!

+logstash.log

{:timestamp=>"2014-12-12T16:17:28.744000+0700", :message=>"SNMP Trap listener died", :exception=>#, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:in bind'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.1.1/lib/snmp/manager.rb:527:ininitialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.1.1/lib/snmp/manager.rb:572:in create_transport'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.1.1/lib/snmp/manager.rb:605:ininitialize'", "/opt/logstash/lib/logstash/inputs/snmptrap.rb:69:in snmptrap_listener'", "/opt/logstash/lib/logstash/inputs/snmptrap.rb:54:inrun'", "/opt/logstash/lib/logstash/pipeline.rb:163:in inputworker'", "/opt/logstash/lib/logstash/pipeline.rb:157:instart_input'"], :level=>:warn}

logstash.conf

input { snmptrap { type => "snmptrap" port => 162 host => "0.0.0.0" community => "test" } } output { elasticsearch { host => "10.100.28.29" } }

p/s: sorry by bad english.

Magnus Bäck Magnus Bäck · Accepted Answer · 2014-12-17T06:55:10

On Unix systems, non-root processes normally can't bind to ports below 1024. You have a couple of options:

Pick another port and adjust the sending parties' configuration accordingly.
Run Logstash as root.
Use one of the options described in Is there a way for non-root processes to bind to "privileged" ports on Linux?.

Additional reading: https://unix.stackexchange.com/questions/16564/why-are-the-first-1024-ports-restricted-to-the-root-user-only

How to config logstash to listen by snmptrap?

1 Answers