logstash-input-snmp4jtrap 1.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0830da6627975560c8df20298ad086f117dea47e
+  data.tar.gz: 87864198e3a2724005d97dbf119fa1f392a281ab
+SHA512:
+  metadata.gz: 4a7c85eae9883956ced43df50611d7f66412c9ff096a5b1c9156f4abf1c8606b8b2ee752fbdbcea6214ad9aba3d2b5d763befaba2b4c246c7092b81534887d98
+  data.tar.gz: f87d0f6e206a3e0578732902022621a158c2d799f395666b74e5d089afb9621368c3d802f7203f507505fbf784d9ad372642d0514b98f4e82edbd94470ff947f

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Michael Zaccari
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,104 @@
+# SNMP4J Trap Input for Logstash
+
+SNMP4J: http://www.snmp4j.org/
+
+Uses the SMI-Pro library from SNMP4J to compile and transform custom MIB oids into strings.
+
+Heavily based on the ruby-snmp plugin found here:
+
+  https://github.com/logstash-plugins/logstash-input-snmptrap
+
+This is a plugin for [Logstash](https://github.com/elastic/logstash).
+
+It is fully free and fully open source. The license is MIT, meaning you are pretty much free to use it however you want in whatever way.
+
+## Documentation
+
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
+
+- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+## Developing
+
+### 1. Plugin Developement and Testing
+
+#### Code
+- To get started, you'll need JRuby with the Bundler gem installed.
+
+- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+
+- Install dependencies
+```sh
+bundle install
+```
+
+#### Test
+
+- Update your dependencies
+
+```sh
+bundle install
+```
+
+- Run tests
+
+```sh
+bundle exec rspec
+```
+
+### 2. Running your unpublished Plugin in Logstash
+
+#### 2.1 Run in a local Logstash clone
+
+- Edit Logstash `Gemfile` and add the local plugin path, for example:
+```ruby
+gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
+```
+- Install plugin
+```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
+```
+- Run Logstash with your plugin
+```sh
+bin/logstash -e 'filter {awesome {}}'
+```
+At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
+
+#### 2.2 Run in an installed Logstash
+
+You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
+
+- Build your plugin gem
+```sh
+gem build logstash-filter-awesome.gemspec
+```
+- Install the plugin from the Logstash home
+```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
+```
+- Start Logstash and proceed to test the plugin
+
+## Contributing
+
+All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
+
+Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
+
+It is more important to the community that you are able to contribute.
+
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.

data/TODO.md

@@ -0,0 +1,9 @@
+
+* Move SNMP4J code to it's own gem
+
+* Add support for community filtering
+
+* Make SMI-PRO optional
+
+* Allow multiple MIB directories
+

data/lib/logstash/inputs/snmp4jtrap.rb

@@ -0,0 +1,90 @@
+# encoding: utf-8
+require 'logstash/inputs/base'
+require 'logstash/namespace'
+
+# Read snmp trap messages as events with optional custom MIB support.
+
+class LogStash::Inputs::Snmp4JTrap < LogStash::Inputs::Base
+  config_name 'snmp4jtrap'
+
+  # The address to listen on
+  config :host, validate: :string, default: '0.0.0.0'
+
+  # The port to listen on. Remember that ports less than 1024 (privileged
+  # ports) may require root to use. hence the default of 10162.
+  config :port, validate: :number, default: 1162
+
+  # Transport protocol
+  config :protocol, validate: ['udp', 'tcp'], default: 'udp'
+
+  # Directory containing MIB files
+  config :mib_dir, validate: :string, default: '/usr/share/snmp/mibs'
+
+  # SNMP4J-SMI PRO License Key
+  config :license_key, validate: :string
+
+  def initialize(*args)
+    super(*args)
+  end # def initialize
+
+  def register
+    require 'snmp4jr'
+    @snmptrap = nil
+    load_mib_manager
+  end
+
+  def run(output_queue)
+    begin
+      snmptrap_listener(output_queue)
+    rescue => e
+      @logger.warn('SNMP4J Trap listener died', exception: e, backtrace: e.backtrace)
+      Stud.stoppable_sleep(5) { stop? }
+      retry if !stop?
+    end
+  end
+
+  def stop
+    @snmptrap.close if @snmptrap
+    @snmptrap = nil
+  end
+
+  private
+
+  def load_mib_manager
+    @mib_manager = SNMP4JR::MibManager.instance
+
+    @mib_manager.license_key = @license_key
+    @mib_manager.mib_directory = @mib_dir
+
+    @mib_manager.load
+  end
+
+  def build_trap_listener
+    listener_opts = {
+      protocol: @protocol,
+      host: @host,
+      port: @port
+    }
+
+    @logger.info("It's a Trap!", listener_opts.dup)
+
+    @snmptrap = SNMP4JR::TrapListener.new(listener_opts)
+  end
+
+  def snmptrap_listener(output_queue)
+    build_trap_listener
+
+    @snmptrap.on_trap do |trap|
+      begin
+        event = LogStash::Event.new(trap.to_h)
+        decorate(event)
+        @logger.debug('SNMP Trap received: ', trap_object: trap.inspect)
+        output_queue << event
+      rescue => error
+        @logger.error('Failed to create event', trap_object: trap.inspect)
+      end
+    end
+
+    @snmptrap.join
+  end
+end

data/lib/snmp4jr-smi-pro.rb

@@ -0,0 +1,11 @@
+require 'snmp4j-smi-pro.jar'
+
+module SNMP4JR
+  module SMI
+    include_package 'com.snmp4j.smi'
+
+    module Util
+      include_package 'com.snmp4j.smi.util'
+    end
+  end
+end

data/lib/snmp4jr.rb

@@ -0,0 +1,60 @@
+require 'java'
+require 'snmp4j-2.3.0.jar'
+require 'snmp4j-agent-2.2.2.jar'
+
+module SNMP4JR
+  include_package 'org.snmp4j'
+
+  module Agent
+    module MO
+      module Snmp
+        include_package 'org.snmp4j.agent.mo.snmp'
+      end
+    end
+  end
+
+  module ASN1
+    include_package 'org.snmp4j.asn1'
+  end
+
+  module Event
+    include_package 'org.snmp4j.event'
+  end
+
+  module Log
+    include_package 'org.snmp4j.log'
+  end
+
+  module MP
+    include_package 'org.snmp4j.mp'
+  end
+
+  module Security
+    include_package 'org.snmp4j.security'
+  end
+
+  module SMI
+    include_package 'org.snmp4j.smi'
+
+    module Util
+      include_package 'org.snmp4j.smi.util'
+    end
+  end
+
+  module Transport
+    include_package 'org.snmp4j.transport'
+  end
+
+  module Util
+    include_package 'org.snmp4j.util'
+  end
+
+  module Version
+    include_package 'org.snmp4j.version'
+  end
+end
+
+require 'snmp4jr/mib_manager'
+require 'snmp4jr/variable_binding'
+require 'snmp4jr/message'
+require 'snmp4jr/trap_listener'

data/lib/snmp4jr/message.rb

@@ -0,0 +1,52 @@
+module SNMP4JR
+  class Message
+
+    attr_reader :event, :data
+
+    def initialize(event)
+      @event = event
+      parse_event
+    end
+
+    def to_h
+      data
+    end
+    alias_method :to_hash, :to_h
+
+    def [](oid)
+      data[oid]
+    end
+
+    private
+
+    def parse_event
+      @data = {
+        'snmp_request_id' => request_id,
+        'peer_address'    => peer_address,
+        'host'            => peer_address
+      }
+
+      variable_bindings.each do |variable|
+        @data[variable.oid] = variable.value
+      end
+
+      @data
+    end
+
+    def variable_bindings
+      pdu.variable_bindings.map { |vb| VariableBinding.new(vb) }
+    end
+
+    def pdu
+      @pdu ||= event.pdu
+    end
+
+    def request_id
+      @request_id ||= pdu.request_id.toInt
+    end
+
+    def peer_address
+      @peer_address ||= event.peer_address.toString
+    end
+  end
+end

data/lib/snmp4jr/mib_manager.rb

@@ -0,0 +1,101 @@
+require 'singleton'
+require 'snmp4jr-smi-pro'
+
+module SNMP4JR
+  class MibManager
+    include ::Singleton
+
+    attr_accessor :license_key, :mib_directory
+
+    attr_reader :compilation_monitor, :load_into_repository, :update_existent,
+      :compile_leniently
+
+    def initialize
+      @compilation_monitor = nil
+      @load_into_repository = true
+      @update_existent = true
+      @compile_leniently = false
+    end
+
+    def load
+      return if loaded? || license_key.nil? || mib_directory.nil?
+      compile_mibs
+      set_formats
+      @loaded = true
+    end
+
+    def loaded?
+      @loaded == true
+    end
+
+    # http://www.snmp4j.org/smi/doc/com/snmp4j/smi/SmiManager.html#findSmiObject(org.snmp4j.smi.OID)
+    def find_smi_object(oid)
+      return nil unless loaded?
+      manager.find_smi_object(SNMP4JR::SMI::OID.new(oid))
+    end
+
+    private
+
+    # The SmiManager Pro class manages the Structure of Management Information
+    # (SMI) specifications. SMIv1 and v2 MIB modules can be parsed and compiled
+    # to a MIB repository which provides its content to SNMP4J through a OID and
+    # Variable formatter and parser.
+    def manager
+      @manager ||= SNMP4JR::SMI::SmiManager.new(license_key, driver)
+    end
+
+    # MemRepositoryDriver stores all MIB modules in memory.
+    # http://www.snmp4j.org/smi/doc/com/snmp4j/smi/util/MemRepositoryDriver.html
+    def driver
+      @driver ||= SNMP4JR::SMI::Util::MemRepositoryDriver.new
+    end
+
+    def compile_mibs
+      results = manager.compile(mib_list,
+                                compilation_monitor,
+                                load_into_repository,
+                                update_existent,
+                                compile_leniently)
+
+      results.each do |result|
+        smi_errors = result.smi_error_list
+        file_name  = result.file_name.to_s.split('/').last
+        last_file  = nil
+
+        if last_file.nil? || last_file != file_name
+          debug "------ #{file_name} ------"
+          last_file = file_name
+        end
+
+        if smi_errors.nil?
+          debug ">>> OK: #{file_name}"
+        else
+          smi_errors.size.to_i.times do |i|
+            debug ">>> ERROR: #{file_name} ##{i + 1}: #{smi_errors.get(i).message}"
+          end
+        end
+      end
+
+      manager.list_modules.each do |mod|
+        debug "Loaded SNMP module '#{mod}'"
+      end
+    end
+
+    def set_formats
+      SNMP4JR::SNMP4JSettings.setOIDTextFormat(manager)
+      SNMP4JR::SNMP4JSettings.setVariableTextFormat(manager)
+    end
+
+    def mib_list
+      java.io.File.new(mib_directory).list_files
+    end
+
+    def debug(message = '')
+      puts(message) if debug?
+    end
+
+    def debug?
+      !ENV['DEBUG'].nil?
+    end
+  end
+end

data/lib/snmp4jr/trap_listener.rb

@@ -0,0 +1,74 @@
+module SNMP4JR
+  class TrapListener
+    def initialize(options = {})
+      @protocol       = options[:protocol] || 'udp'
+      @host           = options[:host]     || '127.0.0.1'
+      @port           = options[:port]     || 1162
+      @done           = false
+      @lock           = Mutex.new
+      @trap_handler   = Proc.new {}
+      @handler_thread = Thread.new { process_traps }
+    end
+
+    def on_trap(&block)
+      raise ArgumentError, 'a block must be provided' unless block
+      @lock.synchronize { @trap_handler = block }
+    end
+
+    def join
+      @handler_thread.join
+    end
+
+    def process_pdu(event)
+      begin
+        @trap_handler.call(Message.new(event))
+      rescue => e
+        puts "Error handling trap: #{e.message}"
+        puts e.backtrace.join("\n")
+        puts "Event:"
+        p event
+      end
+    end
+    alias_method :processPdu, :process_pdu
+
+    def close
+      @snmp.close if @snmp
+      @done = true
+      @handler_thread.join
+    end
+
+    alias_method :exit, :close
+    alias_method :kill, :close
+    alias_method :terminate, :close
+
+    private
+
+    def process_traps
+      snmp.add_notification_listener(address, self)
+      snmp.listen
+
+      # TODO: Come up with a better way to block here
+      until @done
+        sleep 0.5
+      end
+    end
+
+    def snmp
+      @snmp ||= SNMP4JR::Snmp.new(transport)
+    end
+
+    def transport
+      @transport ||= begin
+        if @protocol == 'tcp'
+          SNMP4JR::Transport::DefaultTcpTransportMapping.new
+        else
+          SNMP4JR::Transport::DefaultUdpTransportMapping.new
+        end
+      end
+    end
+
+    def address
+      @address ||= SNMP4JR::SMI::GenericAddress.parse("#{@protocol}:#{@host}/#{@port}")
+    end
+  end
+end

data/lib/snmp4jr/variable_binding.rb

@@ -0,0 +1,58 @@
+module SNMP4JR
+  class VariableBinding
+
+    DATE_AND_TIME = 'DateAndTime'
+    IPV6_ADDRESS  = 'InetAddressIPv6'
+
+    attr_reader :oid, :value, :variable_binding, :mib_manager
+
+    def initialize(variable_binding)
+      @variable_binding = variable_binding
+      @mib_manager = MibManager.instance
+
+      @oid   = variable_binding.oid.to_s
+      @value = variable_binding.variable.to_s
+
+      format_smi_object
+    end
+
+    private
+
+    def format_smi_object
+      return unless has_smi_syntax?
+
+      # If we have a DateAndTime object, parse it into a usable format.
+      if smi_syntax_clause == DATE_AND_TIME
+        date_and_time = SNMP4JR::SMI::OctetString.new(variable_binding.variable)
+
+        # Parse the SNMPv2-TC DateAndTime syntax into a datetime object.
+        # http://www.snmp4j.org/agent/doc/org/snmp4j/agent/mo/snmp/DateAndTime.html
+        calendar = SNMP4JR::Agent::MO::Snmp::DateAndTime.make_calendar(date_and_time)
+
+        # Convert datetime to Unix Epoch
+        @value = calendar.time_in_millis * 1000
+
+      # Addresses are (correctly) rendered like "ab:cd:ef:gh...",
+      # we want "abcd:efgh...."
+      elsif smi_syntax_clause == IPV6_ADDRESS
+        @value = value.gsub(/(..):(..)/,'\1\2')
+      end
+    end
+
+    def has_smi_syntax?
+      !smi_object.nil? && !smi_syntax.nil? && !smi_syntax_clause.nil?
+    end
+
+    def smi_object
+      @smi_object ||= mib_manager.find_smi_object(oid)
+    end
+
+    def smi_syntax
+      @smi_syntax ||= smi_object.syntax if smi_object.respond_to?(:syntax)
+    end
+
+    def smi_syntax_clause
+      @smi_syntax_clause ||= smi_syntax.syntax_clause if smi_syntax.respond_to?(:syntax_clause)
+    end
+  end
+end

data/logstash-input-snmp4jtrap.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+
+Gem::Specification.new do |s|
+  s.name          = 'logstash-input-snmp4jtrap'
+  s.version       = '1.0.2'
+  s.authors       = ['Michael Zaccari']
+  s.email         = ['michael.zaccari@accelerated.com']
+
+  s.summary       = 'Read snmp trap messages as event with SNMP4J'
+  s.description   = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-input-snmp4jtrap. This gem is not a stand-alone program'
+  s.homepage      = 'https://github.com/mzaccari/logstash-input-snmp4jtrap'
+  s.license       = 'MIT'
+  s.require_paths = ['lib']
+
+  # Files
+  s.files         = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE.txt']
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { 'logstash_plugin' => 'true', 'logstash_group' => 'input' }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash-core-plugin-api', '~> 1.0'
+  s.add_runtime_dependency 'logstash-codec-plain'
+
+  s.add_development_dependency 'logstash-devutils'
+end

data/spec/logstash/input/snmp4jtrap_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe Logstash::Input::Snmp4jtrap do
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'logstash/input/snmp4jtrap'

metadata

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: logstash-input-snmp4jtrap
+version: !ruby/object:Gem::Version
+  version: 1.0.2
+platform: ruby
+authors:
+- Michael Zaccari
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-05-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-codec-plain
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-input-snmp4jtrap. This gem is not a stand-alone program
+email:
+- michael.zaccari@accelerated.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- LICENSE.txt
+- README.md
+- TODO.md
+- lib/logstash/inputs/snmp4jtrap.rb
+- lib/snmp4j-2.3.0.jar
+- lib/snmp4j-agent-2.2.2.jar
+- lib/snmp4j-smi-pro.jar
+- lib/snmp4jr-smi-pro.rb
+- lib/snmp4jr.rb
+- lib/snmp4jr/message.rb
+- lib/snmp4jr/mib_manager.rb
+- lib/snmp4jr/trap_listener.rb
+- lib/snmp4jr/variable_binding.rb
+- logstash-input-snmp4jtrap.gemspec
+- spec/logstash/input/snmp4jtrap_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/mzaccari/logstash-input-snmp4jtrap
+licenses:
+- MIT
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: input
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.4
+signing_key:
+specification_version: 4
+summary: Read snmp trap messages as event with SNMP4J
+test_files:
+- spec/logstash/input/snmp4jtrap_spec.rb
+- spec/spec_helper.rb