Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New table option breaks OID numbers #60

Closed
igorrev opened this issue Apr 3, 2019 · 7 comments
Closed

New table option breaks OID numbers #60

igorrev opened this issue Apr 3, 2019 · 7 comments
Assignees
@colinsurprenant
Labels
bug Something isn't working

Comments

@igorrev
Copy link

igorrev commented Apr 3, 2019

New table option is great and very useful.
But look what happens with OIDs.

I take two tables: 1.3.6.1.4.1.9.9.63.1.3.8.4.1.1.someindex and 1.3.6.1.4.1.9.9.63.1.3.8.4.1.2.someindex
For example, someindex = 41. Results are good:

{
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.2": 0,
            "index": "41",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.1": 0
}

But if someindex=1 results are wrong (take a look to OIDs):

{
            "iso.org.dod.internet.private.enterprises.9.9.63.3.8.4.1.1.1": 0,
            "index": "1",
            "iso.org.dod.internet.private.enterprises.9.9.63.3.8.4.1.2.1": 0
}

Where is "1" between "9.9.63" and "3.8.4" ? What's the "1" on the tail ?!

If someindex=8 results are different but wrong too:

{
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.4.1.1.8": 0,
            "index": "8",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.4.1.2.8": 0
}

Where is "8" between "9.9.63.1.3" and ".4.1" ? What's the "8" on the tail ?!

I think it's some OID string cut and concat issue. Sorry but table feature is not really working now :(
@axrayn
Copy link
Contributor

axrayn commented Apr 3, 2019

Hi @igorrev,

That's certainly a strange one, the code shouldn't make any changes to the middle of the OID string like that.

Is there any chance that you can share the config you used and just a straight walk of the cvCallVolPeerTable (.1.3.6.1.4.1.9.9.63.1.3.8.4) please?

@igorrev
Copy link
Author

igorrev commented Apr 4, 2019

Here is Logstash minimal config especial for this issue. Only snmp input and file output, no filters applied. It's only a part of more complex config but I'm sure it's independent from other parts.

input {
snmp {
      hosts => [
         { <host and community hidden> version => "2c"}
      ]
      tables => [
         {
            "name" => "peers"
            "columns" => [
               "1.3.6.1.4.1.9.9.63.1.3.8.4.1.1",
               "1.3.6.1.4.1.9.9.63.1.3.8.4.1.2"
            ]
         }
      ]
      type => "snmp-test"
      interval => 3600
   }
}
output {
    if [type] == "snmp-test" {
        file {
            path => "c:\temp\snmp-test-%{+YYYY.MM.dd.HH.mm}.json"
            codec => json_lines
        }
    }
}

Here is output file. I cut out only significant parts.

{
    "host": "<hidden>",
    "type": "snmp-test",
    "peers": [
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.3.8.4.1.1.1": 8,
            "index": "1",
            "iso.org.dod.internet.private.enterprises.9.9.63.3.8.4.1.2.1": 0
        },
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.2": 0,
            "index": "2",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.1": 0
        },
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.1.8.4.1.2.3": 1,
            "iso.org.dod.internet.private.enterprises.9.9.63.1.8.4.1.1.3": 0,
            "index": "3"
        },
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.1.1.4": 0,
            "index": "4",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.1.2.4": 0
        },
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.2": 0,
            "index": "5",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.1": 0
        },
        {
            "iso.org.dod.internet.private.enterprises.9.93.1.3.8.4.1.1.6": 0,
            "iso.org.dod.internet.private.enterprises.9.93.1.3.8.4.1.2.6": 0,
            "index": "6"
        },
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.2": 0,
            "index": "7",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.1": 0
        },
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.4.1.1.8": 1,
            "index": "8",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.4.1.2.8": 0
        },
        {
            "iso.org.dod.internet.private.enterprises.9.63.1.3.8.4.1.1.9": 0,
            "index": "9",
            "iso.org.dod.internet.private.enterprises.9.63.1.3.8.4.1.2.9": 0
        },
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.2": 0,
            "index": "10",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.1": 0
        },
        {
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.2": 0,
            "index": "40",
            "iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.1": 0
        }
    ],
    "@version": "1",
    "@timestamp": "2019-04-04T08:59:23.963Z"
}

As you can see if index value exists in OID in "9.9.63.1.3.8.4.1" part it cuts off at first occurrence and concat to the the end.
Index=1 : iso.org.dod.internet.private.enterprises.9.9.63<.missed "1">.3.8.4.1.1.<additional "1">
Index=2 : also something strange
Index=3: iso.org.dod.internet.private.enterprises.9.9.63.1<.missed "3">.8.4.1.2.<additional "3">
but
Index=7: iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.1 everything is OK because no "7" in OID
Index=40: iso.org.dod.internet.private.enterprises.9.9.63.1.3.8.4.1.1 everything is OK too

Also everything is OK with other Index>=10. I don't have peer with index=63 so I haven't results for this one.

@igorrev
Copy link
Author

igorrev commented Apr 4, 2019

Additional info.
If I use option oid_root_skip => 14 to cut out everything excepts last number in OID results are good. It could be used as workaround.

"peers": [
        {
            "1": 5,
            "2": 0,
            "index": "1"
        },
        {
            "1": 0,
            "2": 0,
            "index": "2"
        },
        {
            "1": 0,
            "2": 0,
            "index": "3"
        }
]

@axrayn
Copy link
Contributor

axrayn commented Apr 4, 2019

All good. I've found my mistake. I used sub instead of chomp. 🤦‍♂️

I'll get a fix up for it asap.

axrayn pushed a commit to axrayn/logstash-input-snmp that referenced this issue May 8, 2019
Adding in fix for logstash-plugins#60 in table support
047139d
@axrayn
Copy link
Contributor

axrayn commented May 8, 2019

Fix is included in PR #59 .

colinsurprenant pushed a commit that referenced this issue May 29, 2019
@colinsurprenant
Adding in fix for #60 in table support
a4456f6
@axrayn
Copy link
Contributor

axrayn commented Jun 2, 2019

@igorrev Latest release includes the fix for this, want to give it a go?

@colinsurprenant colinsurprenant added the bug Something isn't working label Jul 30, 2019
@colinsurprenant colinsurprenant self-assigned this Jul 30, 2019
@colinsurprenant
Copy link
Contributor

Thanks @igorrev @axrayn ! #59 should have fixed this, please feel free to reopen if not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@colinsurprenant colinsurprenant

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@colinsurprenant @axrayn @igorrev