13. 02. 2024 Tobias Goller NetEye, Unified Monitoring

SNMP Trap Archiving in Elastic via Tornado

First of all, I’ll briefly explain what the “Tornado” in NetEye actually is.

Tornado is a Complex Event Processor that receives reports of events from data sources such as monitoring, email, and SNMP Traps, matches them against rules you’ve configured, and executes the actions associated with those rules, which can include sending notifications, logging to files, and annotating events in a time series graphing system like Grafana.

Recently I had a customer who wanted to display their incoming SNMP traps as alerts in NetEye monitoring, and at the same time store them in their Elastic database. (I should mention in advance that the SNMP traps reach the master monitoring system via various NetEye satellites.)

In order to be able to implement this requirement using the standard NetEye installation, I decided to use Tornado. First of all, I created a new data stream called snmptraps-archive in Kibana and gave the user “Tornado” write access to it.

I then created an additional rule in Tornado under the ruleset snmptrap and set up the new Elasticsearch action. The action definition can be seen in the following screenshot:

Let me annotate what you’re seeing here.

  • #endpoint: The local Elasticsearch server must be specified as the endpoint.
  • #index: The index in which Tornado should store the SNMP traps is specified — here it’s the new snmptraps-archive data stream we defined above.
  • #data: Here the content of the document must be defined in Elastic, i.e. which fields are written to Elastic by the SNMP trap. In my example I added the @timestamp and a username so I know that this document was written by Tornado, and add the entire trap.
  • #auth: In this section we have to set up authentication with Elastic. Since the certificates for the Tornado user are already defined in NetEye, I use them to authenticate myself in Elastic.

As soon as this rule is activated, the traps are written to the desired index.

Have fun trying it out.

These Solutions are Engineered by Humans

Did you find this article interesting? Does it match your skill set? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this and others here at Würth Phoenix.

Tobias Goller

Tobias Goller

NetEye Solution Architect at Würth Phoenix
I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Author

Tobias Goller

I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Latest posts by Tobias Goller

05. 03. 2024 Unified Monitoring
nBox Mini
18. 10. 2023 Unified Monitoring
ntopng – Display Multiple Metrics in One Graph
25. 09. 2023 NetEye, Unified Monitoring, Visual Synthetic Monitoring
Alyvix Modules in NetEye
10. 07. 2023 Unified Monitoring
ntop News in the Next Release
27. 04. 2023 Anomaly Detection, Unified Monitoring
Alerting on Network Traffic Anomalies with ntopng
See All

Related Content

Tags: , , , ,

14. 03. 2024 NetEye, Unified Monitoring

How to Control Remote Devices from NagVis Maps via Tornado

This article stems from a project on the remote control of devices using NagVis maps. The main purpose is to find an easy way to actuate a remote device through a click on an interface. To do this, we implemented Read More
23. 02. 2024 Log-SIEM, NetEye, Unified Monitoring

Monitoring Logs in Elasticsearch: A Practical Example

Say you want to monitor logs coming into your Elasticsearch instance, and have it send data to your Monitoring Dashboard. I'll show you how to do this with a practical example, in particular for an event coming from the Active Read More
09. 01. 2024 Unified Monitoring

Reassign Elasticsearch ILM Policy with Python

Index Lifecycle Management (ILM) policies constitute a fundamental component in Elasticsearch index management. They enable users to define the life stages of an index, determining when and how specific actions, such as transitioning from a "hot" to a "cold" state Read More
22. 11. 2023 NetEye, Unified Monitoring

Improve Tornado Rules with a Mapping Modifier

Some years ago, one of my colleagues wrote an article about how to “Avoid Tornado Rules Repetition with a Map Post-modifier”. He presented an interesting and very useful way for creating Tornado rules without rewriting them. The core of his Read More
15. 11. 2023 Events, Icinga Web 2, Unified Monitoring

Our Adventure at OSMC 2023: Exploring Open-Source Monitoring and Innovation

We're thrilled to share our exciting experience at OSMC 2023. This event was like a deep dive into the world of open-source monitoring, where we discovered some fantastic developments in the field. Throughout the conference, we enjoyed engaging talks and Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive