Would you like to learn how to monitor SNMP devices using ElasticSearch on Ubuntu Linux? In this tutorial, we are going to show you how to install Logstash on Ubuntu Linux and how to collect SNMP information from other devices from your network.

• Ubuntu 20
• Ubuntu 19
• Ubuntu 18
• ElasticSearch 7.6.2
• Logstash 7.6.2

In our example, the ElastiSearch server IP address is 192.168.100.9.

In our example, we are going to install Logstash and use a plugin to poll for SNMP information.

ElasticSearch Related Tutorial:

On this page, we offer quick access to a list of tutorials related to ElasticSearch installation.

Tutorial Logstash - Installation

Use apt-get to install the required packages.

Copy to Clipboard

Find the Java installation directory.

Copy to Clipboard

In our example,  Java is installed on the following directory: /usr/lib/jvm/java-11-openjdk-amd64

Create a file to configure the required Java variables.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Reboot the computer.

Copy to Clipboard

Verify if the system created automatically the environment variable named: JAVA_HOME.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Download and install the ElasticSearch repository key.

Copy to Clipboard

Add the official ElasticSearch repository to your APT database

Copy to Clipboard

Update the APT-GET database and install the Logstash package.

Copy to Clipboard

Configure the Logstash service to start automatically.

Copy to Clipboard

Congratulations! You have finished the Logstash installation on Ubuntu Linux.

Tutorial ElasticSearch - Monitoring SNMP Devices

Stop the Logstash service.

Copy to Clipboard

Install the Logstash plugin to monitor SNMP devices.

Copy to Clipboard

Create a Logstash configuration file.

Copy to Clipboard

Here is our file content.

Copy to Clipboard

In our example, we are monitoring the SNMP device: 192.168.100.10.

In our example, we are using the SNMP community named GokuBlack to retrieve information.

In our example, we are capturing the following SNMP information:

• Network interface index
• Network interface description
• Network interface speed
• Octets received
• Octets transmitted

We are sending the information retrieved to the Elasticsearch server on 192.168.100.9.

We are also displaying the information captured on the screen.

Start the Logstash service using the new configuration file.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Verify if the Index named SNMP was created on the ElasticSearch server.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Verify if the mapping of the index named SNMP.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

List the content of the index named SNMP.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Congratulations! You are able to monitor SNMP devices using Elasticsearch.