Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

F5 Trap messages not having event varbind metrics converted from OID to string name #740

Open
jryburn opened this issue Aug 23, 2024 · 9 comments
Open

F5 Trap messages not having event varbind metrics converted from OID to string name #740

jryburn opened this issue Aug 23, 2024 · 9 comments

Comments

@jryburn
Copy link

jryburn commented Aug 23, 2024

Problem Summary:
The customer is ingesting Trap messages from their Ktranslate container, and the data is making it into the platform as shown here: [Click]

The issue is that the headers of the columns for the event varbinds that are defined in the profile are not being translated to using their OIDs. For example, the column header .1.3.6.1.4.1.3375.2.4.1.1 should be named bigipServiceDown, but also have the name message in NRDB as defined here: [Click]. That name translation doesn't appear to be working despite the profile being valid YAML and the packets arriving in a healthy state.

To test this I added additional logging code to the code that handles trap translation: https://github.com/kentik/ktranslate/compare/main...ASchneider-GitHub:ktranslate:main#diff-4e0190318b944f9edc49501e72cf7697e3b2a8bce0c93dfa22bb2488eafbab94

After building and running the custom image, I ran the following Python script to send a Trap that matches the customer's 1:1:

# https://github.com/pysnmp/pysnmp
from pysnmp.hlapi import *

# Prepare and send the SNMP trap
iterator = sendNotification(
    SnmpEngine(),
    CommunityData('cdk', mpModel=1),
    UdpTransportTarget(('10.0.1.1', 162)),
    ContextData(),
    'trap',
    NotificationType(
        ObjectIdentity('1.3.6.1.6.3.1.1.5.1')
    ).addVarBinds(
        ('1.3.6.1.2.1.1.3.0', TimeTicks('257116481')),
        ('1.3.6.1.6.3.1.1.4.1.0', '1.3.6.1.4.1.3375.2.4.0.10'),
        ('1.3.6.1.4.1.3375.2.4.1.1', OctetString('Pool /Common/http_las.fml.prod.eleadcrm.com_80_pool member /Common/100.84.2.109:80 monitor status down. [ /Common/http_head_evo2-releaseinfo_200: down, /Common/http_release_updown: checking; last error: /Common/http_head_evo2-releaseinfo_200: Response Code: 200 (OK) @2024/08/14 09:10:15. ] [ was up for 0hr:3mins:36sec ]')),
        ('1.3.6.1.4.1.3375.2.4.1.2', OctetString('/Common/100.84.2.109')),
        ('1.3.6.1.4.1.3375.2.4.1.3', OctetString('80')),
        ('1.3.6.1.6.3.1.1.4.3.0', '1.3.6.1.4.1.3375.2.4')
    ).loadMibs(
        'SNMPv2-MIB'
    )
)

# Process the result
errorIndication, errorStatus, errorIndex, varBinds = next(iterator)

if errorIndication:
    print(f"Error Indication: {errorIndication}")
else:
    print("Notification sent successfully.")

The Docker container was run with a custom-mounted profile traps.yml that only contained the OID for the expected trap message, and the additional varbind metric values that are collected as well:

# F5 traps definition
# https://www.circitor.fr/Mibs/Mib/F/F5-BIGIP-COMMON-MIB.mib
---

traps:
  - trap_oid: 1.3.6.1.4.1.3375.2.4.0.10
    trap_name: bigipServiceDown
    drop_undefined: false # <- Changing this to true does nothing
    events:
      - name: bigipNotifyObjMsg
        OID: 1.3.6.1.4.1.3375.2.4.1.1
        tag: message
      - name: bigipNotifyObjNode
        OID: 1.3.6.1.4.1.3375.2.4.1.2
        tag: node_name
      - name: bigipNotifyObjPort
        OID: 1.3.6.1.4.1.3375.2.4.1.3
        tag: service_port

After sending the Trap, I got the following logs:

2024-08-20T04:27:23.828 ktranslate/custom-trap-container [Info] KTranslate got trapdata from 10.0.0.2, EngineID
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Looking up OID: .1.3.6.1.2.1.1.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Warn] KTranslate No result found for OID .1.3.6.1.2.1.1.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Processing integer type for OID .1.3.6.1.2.1.1.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Variable .1.3.6.1.2.1.1.3.0 set to 257116481
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Looking up OID: .1.3.6.1.2.1.1.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Warn] KTranslate No result found for OID .1.3.6.1.2.1.1.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Processing integer type for OID .1.3.6.1.2.1.1.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Variable .1.3.6.1.2.1.1.3.0 set to 257116481
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Looking up OID: .1.3.6.1.4.1.3375.2.4.1.1
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Warn] KTranslate No result found for OID .1.3.6.1.4.1.3375.2.4.1.1
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Processing OctetString for OID .1.3.6.1.4.1.3375.2.4.1.1
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Variable .1.3.6.1.4.1.3375.2.4.1.1 set to Pool /Common/http_las.fml.prod.eleadcrm.com_80_pool member /Common/100.84.2.109:80 monitor status down. [ /Common/http_head_evo2-releaseinfo_200: down, /Common/http_release_updown: checking; last error: /Common/http_head_evo2-releaseinfo_200: Response Code: 200 (OK) @2024/08/14 09:10:15. ] [ was up for 0hr:3mins:36sec ]
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Looking up OID: .1.3.6.1.4.1.3375.2.4.1.2
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Warn] KTranslate No result found for OID .1.3.6.1.4.1.3375.2.4.1.2
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Processing OctetString for OID .1.3.6.1.4.1.3375.2.4.1.2
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Variable .1.3.6.1.4.1.3375.2.4.1.2 set to /Common/100.84.2.109
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Looking up OID: .1.3.6.1.4.1.3375.2.4.1.3
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Warn] KTranslate No result found for OID .1.3.6.1.4.1.3375.2.4.1.3
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Processing OctetString for OID .1.3.6.1.4.1.3375.2.4.1.3
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Variable .1.3.6.1.4.1.3375.2.4.1.3 set to 80
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Looking up OID: .1.3.6.1.6.3.1.1.4.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Warn] KTranslate No result found for OID .1.3.6.1.6.3.1.1.4.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Processing ObjectIdentifier for OID .1.3.6.1.6.3.1.1.4.3.0
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Variable .1.3.6.1.6.3.1.1.4.3.0 set to .1.3.6.1.4.1.3375.2.4
2024-08-20T04:27:23.829 ktranslate/custom-trap-container [Info] KTranslate Trap packet processed and sent: &{0 0  0 0 0 0 0  10.0.0.2 0 0 0  0 0  0 0 0 0  0 0 0 0   0 0 packet-replay-device 0     0 0         0 0 0 0       0 0   map[.1.3.6.1.4.1.3375.2.4.1.1:Pool /Common/http_las.fml.prod.eleadcrm.com_80_pool member /Common/100.84.2.109:80 monitor status down. [ /Common/http_head_evo2-releaseinfo_200: down, /Common/http_release_updown: checking; last error: /Common/http_head_evo2-releaseinfo_200: Response Code: 200 (OK) @2024/08/14 09:10:15. ] [ was up for 0hr:3mins:36sec ] .1.3.6.1.4.1.3375.2.4.1.2:/Common/100.84.2.109 .1.3.6.1.4.1.3375.2.4.1.3:80 .1.3.6.1.6.3.1.1.4.3.0:.1.3.6.1.4.1.3375.2.4 TrapOID:.1.3.6.1.4.1.3375.2.4.0.10 tags.container_service:custom-trap-container] map[] map[.1.3.6.1.2.1.1.3.0:257116481] KSnmpTrap kentik-trap-device map[] false map[] map[] map[] false <nil>}

Based on the output we can see that the Trap was received:

[Info] KTranslate got trapdata from 10.0.0.2, EngineID

It tried to look up .1.3.6.1.2.1.1.3.0 but failed (because it's not defined in my custom profile). It then tried to look up .1.3.6.1.4.1.3375.2.4.1.1, .1.3.6.1.4.1.3375.2.4.1.2, and .1.3.6.1.4.1.3375.2.4.1.3 (all of which ARE defined in the profile) and failed for all of them as well. That said, we can still see that the values of the varbinds were collected:

[Info] KTranslate Variable .1.3.6.1.2.1.1.3.0 set to 257116481
[...]
[Info] KTranslate Variable .1.3.6.1.4.1.3375.2.4.1.1 set to Pool /Common/http_las.fml.prod.eleadcrm.com_80_pool member /Common/100.84.2.109:80 monitor status down. [ /Common/http_head_evo2-releaseinfo_200: down, /Common/http_release_updown: checking; last error: /Common/http_head_evo2-releaseinfo_200: Response Code: 200 (OK) @2024/08/14 09:10:15. ] [ was up for 0hr:3mins:36sec ]
[...]
[Info] KTranslate Variable .1.3.6.1.4.1.3375.2.4.1.2 set to /Common/100.84.2.109
[...]
[Info] KTranslate Variable .1.3.6.1.4.1.3375.2.4.1.3 set to 80
[...]
[Info] KTranslate Variable .1.3.6.1.6.3.1.1.4.3.0 set to .1.3.6.1.4.1.3375.2.4

The trap is then sent to New Relic without any of the OID <-> name translation occurring. The Trap profile is formatted as documented by the template here: https://github.com/kentik/snmp-profiles/blob/main/profiles/kentik_snmp/_trap_template.yml
@i3149
Copy link
Contributor

i3149 commented Aug 23, 2024

I'm having a hard to reproducing this bug. When I use the provided python script I get:

[
  {
    "instrumentation.name": "netflow-events",
    "TrapOID": ".1.3.6.1.4.1.3375.2.4.0.10",
    "src_addr": "127.0.0.1",
    "collector.name": "ktranslate",
    "node_name": "/Common/100.84.2.109",
    "service_port": "80",
    "eventType": "KSnmpTrap",
    "provider": "kentik-trap-device",
    "instrumentation.provider": "kentik",
    "message": "Pool /Common/http_las.fml.prod.eleadcrm.com_80_pool member /Common/100.84.2.109:80 monitor status down. [ /Common/http_head_evo2-releaseinfo_200: down, /Common/http_release_updown: checking; last error: /Common/http_head_evo2-releaseinfo_200: Response Code: 200 (OK) @2024/08/14 09:10:15. ] [ was up for 0hr:3mins:36sec ]",
    "TrapName": "bigipServiceDown",
    "device_name": "127.0.0.1"
  }
]

Which I think is correct? Can you tell me what's missing here?

One thing that comes to mind is you might have an older ktrans container which didn't get correct f5 yaml?

@ASchneider-GitHub
Copy link

The primary issue (at least to my understanding of Ktranslate) is that the varbinds that are collected as events in the profile are supposed to have the varbind event OID translated into the event name before getting ingested as a metric. I could be totally off-base, but for example we have this payload from NRDB:

[
  {
    "results": [
      {
        "events": [
          {
            ".1.3.6.1.2.1.1.3.0": 335318124,
            ".1.3.6.1.4.1.3375.2.4.1.1": "Pool /Common/POD37-b-_Pool member /Common/100.84.2.37:80 monitor status up. [ /Common/http_evo2_F5test: up, /Common/http_release_updown: up ]  [ was down for 0hr:1min:52sec ]",
            ".1.3.6.1.4.1.3375.2.4.1.2": "/Common/100.84.2.37",
            ".1.3.6.1.4.1.3375.2.4.1.3": "80",
            ".1.3.6.1.6.3.1.1.4.3.0": ".1.3.6.1.4.1.3375.2.4",
            "TrapOID": ".1.3.6.1.4.1.3375.2.4.0.11",
[...]
          }
        ]
      }
    ]
  }
]

but the metric names for the varbinds are the actual OID instead of looking like this:

[
  {
    "results": [
      {
        "events": [
          {
            ".1.3.6.1.2.1.1.3.0": 335318124,
            "message": "Pool /Common/POD37-b-_Pool member /Common/100.84.2.37:80 monitor status up. [ /Common/http_evo2_F5test: up, /Common/http_release_updown: up ]  [ was down for 0hr:1min:52sec ]",
            "node_name": "/Common/100.84.2.37",
            "service_port": "80",
            ".1.3.6.1.6.3.1.1.4.3.0": ".1.3.6.1.4.1.3375.2.4",
            "TrapOID": ".1.3.6.1.4.1.3375.2.4.0.11",
[...]
          }
        ]
      }
    ]
  }
]

The example that you provided does have that translation between varbind OID and metric name present. How did you create the JSON output you provided?

@i3149
Copy link
Contributor

i3149 commented Aug 25, 2024

Can you try this and see if you get the same output:

docker pull kentik/ktranslate:v2
docker run -ti --rm --net=host -v `pwd`/trap.yaml:/trap.yaml kentik/ktranslate:v2 -snmp trap.yaml

Should see

[{"src_geo":"Private IP","src_as_name":"Private IP","node_name":"/Common/100.84.2.109","TrapName":"bigipServiceDown","provider":"kentik-trap-device","eventType":"KSnmpTrap","service_port":"80","message":"Pool /Common/http_las.fml.prod.eleadcrm.com_80_pool member /Common/100.84.2.109:80 monitor status down. [ /Common/http_head_evo2-releaseinfo_200: down, /Common/http_release_updown: checking; last error: /Common/http_head_evo2-releaseinfo_200: Response Code: 200 (OK) @2024/08/14 09:10:15. ] [ was up for 0hr:3mins:36sec ]","sysUpTimeInstance":257116481,"device_name":"192.168.0.100","collector.name":"ktranslate","instrumentation.provider":"kentik","TrapOID":".1.3.6.1.4.1.3375.2.4.0.10","instrumentation.name":"netflow-events","src_addr":"192.168.0.100"}]

This is using the default json format which just dumps what is given to stdout.

@ASchneider-GitHub
Copy link

Running the container with the command provided does show a successful launch:

aschneider@ubuntu-server:~$ docker run -ti --rm --net=host -v `pwd`/traps-base.yaml:/trap.yaml kentik/ktranslate:v2 -snmp trap.yaml
2024-08-26T17:07:30.215 ktranslate/ [Info]  version kt-2024-08-23-10532091716 starting
2024-08-26T17:07:30.215 ktranslate/ [Info]  olly: disabled
2024-08-26T17:07:30.215 ktranslate/ [Info]  Setting metrics: none
2024-08-26T17:07:30.282 ktranslate/ [Info] KTranslate Turning on 1 processing threads
2024-08-26T17:07:30.285 ktranslate/ [Info] KTranslate Loaded 128 custom mappings
2024-08-26T17:07:30.288 ktranslate/ [Info] KTranslate Loaded 23 udr and 23 subtype mappings with 532 udrs total
2024-08-26T17:07:30.290 ktranslate/ [Info] KTranslate Using sink stdout
2024-08-26T17:07:30.291 ktranslate/ [Info] KTranslate Running -- Version kt-2024-08-23-10532091716; Build Fri Aug 23 20:43:30 UTC 2024
2024-08-26T17:07:30.291 ktranslate/ [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLite2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp trap.yaml]
2024-08-26T17:07:30.298 ktranslate/ [Info] baseserver.metaserver Listening on 127.0.0.1:41309
2024-08-26T17:07:30.298 ktranslate/ [Info] KTranslate API server running 2 devices
2024-08-26T17:07:30.298 ktranslate/ [Info] KTranslate Loaded 2 Kentik devices via local file
2024-08-26T17:07:30.299 ktranslate/ [Info] KTranslate Client SNMP: Running SNMP interface polling, loading config from trap.yaml
2024-08-26T17:07:30.300 ktranslate/ [Info] KTranslate Setting timeout to 30s
2024-08-26T17:07:30.300 ktranslate/ [Info] KTranslate Setting retry to 0
2024-08-26T17:07:30.300 ktranslate/ [Info] KTranslate Client SNMP: Running SNMP Trap listener on 0.0.0.0:1620
2024-08-26T17:07:30.300 ktranslate/ [Info] KTranslate Trap listener setup with version v2c on 0.0.0.0:1620. DropUndefined: false
2024-08-26T17:07:30.300 ktranslate/ [Info] stdoutSink Receiving logs...
2024-08-26T17:07:30.300 ktranslate/ [Info] KTranslate monitorInput 0 Starting
2024-08-26T17:07:30.302 ktranslate/ [Info] KTranslate System running with format flat_json, compression none, max flows: 10000, sample rate 1:1 after 1
2024-08-26T17:07:30.302 ktranslate/ [Info] KTranslate sendToSinks base Online
2024-08-26T17:07:30.302 ktranslate/ [Info] KTranslate monitorMetricsInput Starting
2024-08-26T17:07:30.303 ktranslate/ [Info] KTranslate Turning off HTTP server.
2024-08-26T17:07:30.305 ktranslate/ [Info] KTranslate do sendToKTranslate Starting
2024-08-26T17:07:30.306 ktranslate/ [Info] KTranslate monitorAlpha 0 Online

but after that, no logs are written from the container. I ran the script again to generate the Trap message, and I can see it on tcpdump:

aschneider@ubuntu-server:~$ sudo tcpdump -i any -U -n -s0 src 10.0.0.2 and udp
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

17:10:25.455593 ens18 In  IP 10.0.0.2.62555 > 10.0.1.1.162:  C="cdk" V2Trap(526)  .1.3.6.1.2.1.1.3.0=257116481 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.3.0=257116481 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.3375.2.4.0.10 .1.3.6.1.4.1.3375.2.4.1.1="Pool /Common/http_las.fml.prod.eleadcrm.com_80_pool member /Common/100.84.2.109:80 monitor status down. [ /Common/http_head_evo2-releaseinfo_200: down, /Common/http_release_updown: checking; last error: /Common/http_head_evo2-releaseinfo_200: Response Code: 200 (OK) @2024/08/14 09:10:15. ] [ was up for 0hr:3mins:36sec ]" .1.3.6.1.4.1.3375.2.4.1.2="/Common/100.84.2.109" .1.3.6.1.4.1.3375.2.4.1.3="80" .1.3.6.1.6.3.1.1.4.3.0=.1.3.6.1.4.1.3375.2.4

but it never appears in the Docker logs for some reason. Does the container typically output logs when "successfully" ingesting data?

@i3149
Copy link
Contributor

i3149 commented Aug 26, 2024

That sounds like a firewall in the way. Remember that tcpdump runs before iptables and so doesn't show dropped packets, rather all packets. Can you go back to how you were originally running the docker container and do it this way? However that was it was getting the packets through. Just make sure to pull a new image and take out all the flags except for -snmp

@ASchneider-GitHub
Copy link

ASchneider-GitHub commented Aug 26, 2024
edited
Loading

Command to launch the container:

docker run -d --name ktranslate-debug-level-container --restart unless-stopped --pull=always -p 162:1620/udp \
-v `pwd`/traps-base.yaml:/snmp-base.yaml \
kentik/ktranslate:v2 \
  -metrics=jchf \
  -tee_logs=true \
  -service_name=debug-level-test \
  -log_level=debug

tcpdump from outside the container:

aschneider@ubuntu-server:~$ sudo tcpdump -i any -U -n -s0 port 162 and udp
[sudo] password for aschneider: 
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
22:47:22.223115 ens18 In  IP 10.0.0.2.62550 > 10.0.1.1.162:  C="cdk" V2Trap(526)  .1.3.6.1.2.1.1.3.0=257116481 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.6.3.1.1.5.1 .1.3.6.1.2.1.1.3.0=257116481 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.3375.2.4.0.10 .1.3.6.1.4.1.3375.2.4.1.1="Pool /Common/http_las.fml.prod.eleadcrm.com_80_pool member /Common/100.84.2.109:80 monitor status down. [ /Common/http_head_evo2-releaseinfo_200: down, /Common/http_release_updown: checking; last error: /Common/http_head_evo2-releaseinfo_200: Response Code: 200 (OK) @2024/08/14 09:10:15. ] [ was up for 0hr:3mins:36sec ]" .1.3.6.1.4.1.3375.2.4.1.2="/Common/100.84.2.109" .1.3.6.1.4.1.3375.2.4.1.3="80" .1.3.6.1.6.3.1.1.4.3.0=.1.3.6.1.4.1.3375.2.4

tcpdump from inside the container:

aschneider@ubuntu-server:~$ docker exec -u 0 -it 4f97378c5db2 /bin/sh
/ # apk add tcpdump
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
(1/1) Installing tcpdump (4.99.4-r0)
Executing busybox-1.35.0-r31.trigger
OK: 145 MiB in 45 packages
/ # tcpdump -i any -U -n -s0 port 1620 and udp
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
22:47:22.223555 eth0  In  IP 10.0.0.2.62550 > 172.17.0.2.1620: UDP, length 542

Logs from Docker container:

aschneider@ubuntu-server:~$ docker logs -f 4f97378c5db2
2024-08-26T22:45:47.427 ktranslate/debug-level-test [Info] debug-level-test version kt-2024-08-23-10532091716 starting
2024-08-26T22:45:47.427 ktranslate/debug-level-test [Info] debug-level-test olly: disabled
2024-08-26T22:45:47.427 ktranslate/debug-level-test [Info] debug-level-test Setting metrics: jchf
2024-08-26T22:45:47.427 ktranslate/debug-level-test [Info] debug-level-test Metrics: Connecting jchf
2024-08-26T22:45:47.471 ktranslate/debug-level-test [Info] KTranslate Turning on 1 processing threads
2024-08-26T22:45:47.473 ktranslate/debug-level-test [Info] KTranslate Loaded 128 custom mappings
2024-08-26T22:45:47.476 ktranslate/debug-level-test [Info] KTranslate Loaded 23 udr and 23 subtype mappings with 532 udrs total
2024-08-26T22:45:47.477 ktranslate/debug-level-test [Info] KTranslate Using sink stdout
2024-08-26T22:45:47.477 ktranslate/debug-level-test [Info] KTranslate Running -- Version kt-2024-08-23-10532091716; Build Fri Aug 23 20:43:30 UTC 2024
2024-08-26T22:45:47.477 ktranslate/debug-level-test [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLite2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -metrics=jchf -tee_logs=true -service_name=debug-level-test -log_level=debug]
2024-08-26T22:45:47.427 ktranslate/debug-level-test [Info] debug-level-test version kt-2024-08-23-10532091716 starting
2024-08-26T22:45:47.427 ktranslate/debug-level-test [Info] debug-level-test olly: disabled
2024-08-26T22:45:47.427 ktranslate/debug-level-test [Info] debug-level-test Setting metrics: jchf
2024-08-26T22:45:47.427 ktranslate/debug-level-test [Info] debug-level-test Metrics: Connecting jchf
2024-08-26T22:45:47.471 ktranslate/debug-level-test [Info] KTranslate Turning on 1 processing threads
2024-08-26T22:45:47.473 ktranslate/debug-level-test [Info] KTranslate Loaded 128 custom mappings
2024-08-26T22:45:47.476 ktranslate/debug-level-test [Info] KTranslate Loaded 23 udr and 23 subtype mappings with 532 udrs total
2024-08-26T22:45:47.477 ktranslate/debug-level-test [Info] KTranslate Using sink stdout
2024-08-26T22:45:47.477 ktranslate/debug-level-test [Info] KTranslate Running -- Version kt-2024-08-23-10532091716; Build Fri Aug 23 20:43:30 UTC 2024
2024-08-26T22:45:47.477 ktranslate/debug-level-test [Info] KTranslate CLI: [ktranslate -listen off -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLite2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -metrics=jchf -tee_logs=true -service_name=debug-level-test -log_level=debug]
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate API server running 1 devices
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate API server running 1 devices
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate Loaded 1 Kentik devices via local file
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate System running with format flat_json, compression none, max flows: 10000, sample rate 1:1 after 1
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate sendToSinks base Online
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate monitorAlpha 0 Online
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] stdoutSink Receiving logs...
2024-08-26T22:45:47.483 ktranslate/debug-level-test [Info] baseserver.metaserver Listening on 127.0.0.1:43881
2024-08-26T22:45:47.483 ktranslate/debug-level-test [Info] KTranslate monitorMetricsInput Starting
2024-08-26T22:45:47.484 ktranslate/debug-level-test [Info] KTranslate Turning off HTTP server.
2024-08-26T22:45:47.484 ktranslate/debug-level-test [Info] KTranslate do sendToKTranslate Starting
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate Loaded 1 Kentik devices via local file
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate System running with format flat_json, compression none, max flows: 10000, sample rate 1:1 after 1
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate sendToSinks base Online
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] KTranslate monitorAlpha 0 Online
2024-08-26T22:45:47.482 ktranslate/debug-level-test [Info] stdoutSink Receiving logs...
2024-08-26T22:45:47.483 ktranslate/debug-level-test [Info] baseserver.metaserver Listening on 127.0.0.1:43881
2024-08-26T22:45:47.483 ktranslate/debug-level-test [Info] KTranslate monitorMetricsInput Starting
2024-08-26T22:45:47.484 ktranslate/debug-level-test [Info] KTranslate Turning off HTTP server.
2024-08-26T22:45:47.484 ktranslate/debug-level-test [Info] KTranslate do sendToKTranslate Starting

Even with debug logs supposedly enabled, I'm not seeing that Ktranslate is picking up the trap messages. I stripped out the stuff related to SNMP processing and ingesting data to New Relic, but can re-enable it if needed to see what gets sent to NRDB. This is what the docker run command typically looks like, and is what I used to launch the original container:

docker run -d --name ktranslate-debug-level-container --restart unless-stopped --pull=always -p 162:1620/udp \
-v `pwd`/traps-base.yaml:/snmp-base.yaml \
-e NEW_RELIC_API_KEY=$LICENSE_KEY \
kentik/ktranslate:v2 \
  -snmp /snmp-base.yaml \
  -nr_account_id=$ACCOUNT_ID \
  -metrics=jchf \
  -tee_logs=true \
  -service_name=debug-level-test \
  -snmp_discovery_on_start=true \
  -snmp_discovery_min=180 \
  -log_level=debug \
  nr1.snmp

Sorry for the confusion on my end, but how are you checking the JSON that gets created by Ktranslate?

@i3149
Copy link
Contributor

i3149 commented Aug 27, 2024

Sorry for the confusion on my end, but how are you checking the JSON that gets created by Ktranslat

I'm just removing nr1.snmp. By default things get dumped to json.

From this, -p 162:1620/udp it looks like you are actually sending to port 162. Can you try again with removing the nr1.snmp line and see what happens?

Thanks!

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label Sep 27, 2024
@jryburn
Copy link
Author

jryburn commented Sep 29, 2024

@ASchneider-GitHub were to able to try Ian's suggestion to get the JSON output?

@github-actions github-actions bot removed the Stale label Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@i3149 @jryburn @ASchneider-GitHub