slayercat
How to import Custom MIBS for Palo Alto Firewall to receive traps
Hi @slayercat
This looks like a great program you have built. Apologies I'm not a developer/coder. I wanted to build an open source Trap receiver and display the trap in a dashaboard. The Palo Alto has custom MIB files.
Could you please let me know how if your program can convert the custom MIB into a readable form for the trap and display it in a log somewhere.. after that I can try to find a way to push that to a dashaboard.
Thanks for any help.
Hi, micruzz82.
Thanks for the infomation. But unfortunately this project could not handle MIB file parse... at this time.
It could used to build a SNMP v1/v2c/v3 trap/inform receiver. But currently it must be programed by hand and is not a off-the-shelf product.
I'll take it into a dig in future. Hope you may find it useful in that time. And hope it will be take soon.
Thanks again.
It seems that telegraf / logstash is a good way.
see here for details .
In Logstash server:
input {
snmptrap {
port => "1064"
community => ["public"]
host => "192.168.101.204"
}
}
output {
stdout {
codec => rubydebug
}
}
in client:
snmptrap -v 2c -c public 192.168.101.204:1064 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456
it will prints
{
"SNMPv2-MIB::snmpTrapOID.0" => "SNMPv2-SMI::enterprises.8072.2.3.0.1",
"SNMPv2-SMI::enterprises.8072.2.3.2.1" => "123456",
"@timestamp" => 2017-08-07T02:38:30.978Z,
"host" => "192.168.101.203",
"@version" => "1",
"message" => "#<SNMP::SNMPv2_Trap:0x765fd85 @request_id=502220829, @error_index=0, @error_status=0, @source_ip=\"192.168.101.203\", @varbind_list=[#<SNMP::VarBind:0x4658f7be @name=[1.3.6.1.2.1.1.3.0], @value=#<SNMP::TimeTicks:0x5ff5d1ae @value=25517812>>, #<SNMP::VarBind:0x77549600 @name=[1.3.6.1.6.3.1.1.4.1.0], @value=[1.3.6.1.4.1.8072.2.3.0.1]>, #<SNMP::VarBind:0x2713eeaa @name=[1.3.6.1.4.1.8072.2.3.2.1], @value=#<SNMP::Integer:0x267708f1 @value=123456>>]>",
"SNMPv2-MIB::sysUpTime.0" => "2 days, 22:52:58.12"
}