kentik / ktranslate Goto Github PK

System for pulling and pushing network data.

License: Apache License 2.0

Dockerfile 0.13% Makefile 0.04% Go 99.72% Shell 0.11%

ktranslate's Introduction

KTranslate - Kentik data to the world

Listen for a feed of data to or from Kentik and pass on in a common form. Supports rollups and filtering as well.

See the Wiki for more details. Come visit the Discord if you have any questions, need any assistance, or want to talk about the development of ktranslate.

Build:

make && make test

Build Docker Image:

To build and use a Docker image, you must specify MAXMIND_LICENSE_KEY as a build arg:

docker build --build-arg MAXMIND_LICENSE_KEY=xxxxx -t ktranslate:v2 .

To get your own MaxMind key, visit MaxMind.

Flags:

  -api_device_file string
    	File to sideload devices without hitting API
  -api_devices string
    	json file containing dumy devices to use for the stub Kentik API
  -api_root string
    	API url prefix. If not set, defaults to https://api.kentik.com (default "https://api.kentik.com")
  -application_map string
    	File containing custom application mappings
  -asn string
    	Asn mapping file
  -aws_lambda
    	Run as a AWS Lambda function
  -aws_local_file string
    	If set, process this local file and exit
  -aws_regions string
    	CSV list of region to run in. Will look for metadata in all regions, run SQS in first region. (default "us-east-1")
  -bootstrap.servers string
    	bootstrap.servers
  -compression string
    	compression algo to use (none|gzip|snappy|deflate|null) (default "none")
  -dns string
    	Resolve IPs at this ip:port
  -enricher string
    	Send data to this http url for enrichment.
  -file_flush_sec int
    	Create a new output file every this many seconds (default 60)
  -file_on
    	If true, start writting to file sink right away. Otherwise, wait for a USR1 signal
  -file_out string
    	Write flows seen to log to this directory if set (default "./")
  -filters value
    	Any filters to use. Format: type dimension operator value
  -flow_only
    	If true, don't poll snmp devices.
  -format string
    	Format to convert kflow to: (json|flat_json|avro|netflow|influx|prometheus|new_relic|new_relic_metric|elasticsearch|kflow) (default "flat_json")
  -format_rollup string
    	Format to convert rollups to: (json|avro|netflow|influx|prometheus|new_relic|new_relic_metric|elasticsearch|kflow)
  -gcloud_bucket string
    	GCloud Storage Bucket to write flows to
  -gcloud_content_type string
    	GCloud Storage Content Type (default "application/json")
  -gcloud_prefix string
    	GCloud Storage object prefix (default "/kentik")
  -gcp.project string
    	Google ProjectID to listen for flows on
  -gcp.sub string
    	Google Sub to listen for flows on
  -gcp_pubsub_project_id string
    	GCP PubSub Project ID to use
  -gcp_pubsub_topic string
    	GCP PubSub Topic to publish to
  -geo string
    	Geo mapping file
  -http.source
    	Listen for content sent via http.
  -http_header value
    	Any custom http headers to set on outbound requests
  -http_url string
    	URL to post to (default "http://localhost:8086/write?db=kentik")
  -iam_role string
    	IAM Role to use for processing flow
  -info_collector
    	Also send stats about this collector
  -input_threads int
    	Number of threads to run for input processing
  -kafka_topic string
    	kafka topic to produce on
  -kentik_email string
    	Kentik email to use for API calls
  -kentik_plan int
    	Kentik plan id to use for creating devices
  -kentik_relay_url string
    	If set, override the kentik api url to send flow over here.
  -listen string
    	IP:Port to listen on (default "127.0.0.1:8081")
  -log_level string
    	Logging Level (default "info")
  -mapping string
    	Mapping file to use for enums
  -max_before_sample int
    	Only sample when a set of inputs is at least this many (default 1)
  -max_flows_per_message int
    	Max number of flows to put in each emitted message (default 10000)
  -max_threads int
    	Dynamically grow threads up to this number
  -metalisten string
    	HTTP interface and port to bind on
  -metrics string
    	Metrics Configuration. none|syslog|stderr|graphite:127.0.0.1:2003 (default "none")
  -net_protocol string
    	Use this protocol for writing data (udp|tcp|unix) (default "udp")
  -net_server string
    	Write flows seen to this address (host and port)
  -netflow_version string
    	Version of netflow to produce: (netflow9|ipfix) (default "ipfix")
  -nf.addr string
    	Sflow/NetFlow/IPFIX listening address (default "0.0.0.0")
  -nf.mapping string
    	Configuration file for custom netflow mappings
  -nf.message.fields string
    	The list of fields to include in flow messages. Can be any of Type,TimeReceived,SequenceNum,SamplingRate,SamplerAddress,TimeFlowStart,TimeFlowEnd,Bytes,Packets,SrcAddr,DstAddr,Etype,Proto,SrcPort,DstPort,InIf,OutIf,SrcMac,DstMac,SrcVlan,DstVlan,VlanId,IngressVrfID,EgressVrfID,IPTos,ForwardingStatus,IPTTL,TCPFlags,IcmpType,IcmpCode,IPv6FlowLabel,FragmentId,FragmentOffset,BiFlowDirection,SrcAS,DstAS,NextHop,NextHopAS,SrcNet,DstNet,HasMPLS,MPLSCount,MPLS1TTL,MPLS1Label,MPLS2TTL,MPLS2Label,MPLS3TTL,MPLS3Label,MPLSLastTTL,MPLSLastLabel,CustomInteger1,CustomInteger2,CustomBytes1,CustomBytes2 (default "TimeReceived,SamplingRate,Bytes,Packets,SrcAddr,DstAddr,Proto,SrcPort,DstPort,InIf,OutIf,SrcVlan,DstVlan,TCPFlags,SrcAS,DstAS,Type,SamplerAddress")
  -nf.port int
    	Sflow/NetFlow/IPFIX listening port (default 9995)
  -nf.prom.listen string
    	Run a promethues metrics collector here
  -nf.reuserport
    	Enable so_reuseport for Sflow/NetFlow/IPFIX
  -nf.source string
    	Run NetFlow Ingest Directly. Valid values here are netflow5|netflow9|ipfix|sflow
  -nf.workers int
    	Number of workers per flow collector (default 1)
  -nr_account_id string
    	If set, sends flow to New Relic
  -nr_check_json
    	Verify body is valid json before sending on
  -nr_estimate_only
    	If true, record size of inputs to NR but don't actually send anything
  -nr_region string
       NR Region to use. US|EU|GOV
  -olly_dataset string
    	Olly dataset name
  -olly_write_key string
    	Olly dataset name
  -prom_listen string
    	Bind to listen for prometheus requests on. (default ":8082")
  -prom_seen int
    	Number of flows needed inbound before we start writting to the collector (default 10)
  -rollup_and_alpha
    	Send both rollups and alpha inputs to sinks
  -rollup_interval int
    	Export timer for rollups in seconds
  -rollup_key_join string
    	Token to use to join dimension keys together (default "^")
  -rollup_top_k int
    	Export only these top values (default 10)
  -rollups value
    	Any rollups to use. Format: type, name, metric, dimension 1, dimension 2, ..., dimension n: sum,bytes,in_bytes,dst_addr
  -s3_bucket string
    	AWS S3 Bucket to write flows to
  -s3_assume_role_arn
      AWS assume role ARN which has permissions to write to S3 bucket
  -ec2_instance_profile
      If to use EC2 Instance Profile of the machine (default false)
  -s3_region
      S3 Bucket region where S3 bucket is created (default us-east-1)
  -s3_flush_sec int
    	Create a new output file every this many seconds (default 60)
  -assume_role_or_instance_profile_interval_seconds
        Refresh credentials of Assume Role or Instance Profile (whichever is earliest) after this many seconds (default 900)
  -s3_prefix string
    	AWS S3 Object prefix (default "/kentik")
  -sample_rate int
    	Sampling rate to use. 1 -> 1:1 sampling, 2 -> 1:2 sampling and so on.
  -service_name string
    	Service identifier (default "ktranslate")
  -sinks string
    	List of sinks to send data to. Options: (kafka|stdout|new_relic|kentik|net|http|prometheus|file|s3|gcloud) (default "stdout")
  -snmp string
    	yaml file containing snmp config to use
  -snmp_discovery
    	If true, try to discover snmp devices on this network as configured.
  -snmp_do_walk string
    	If set, try to perform a snmp walk against the targeted device.
  -snmp_dump_mibs
    	If true, dump the list of possible mibs on start.
  -snmp_json2yaml string
    	If set, convert the passed in json file to a yaml profile.
  -snmp_out_file string
    	If set, write updated snmp file here.
  -snmp_poll_now string
    	If set, run one snmp poll for the specified device and then exit.
  -snmp_walk_format string
    	use this format for walked values if -snmp_do_walk is set.
  -snmp_walk_oid string
    	Walk this oid if -snmp_do_walk is set. (default ".1.3.6.1.2.1")
  -sqs_name string
    	Listen for events from this queue for new objects to look at.
  -ssl_cert_file string
    	SSL Cert file to use for serving HTTPS traffic
  -ssl_key_file string
    	SSL Key file to use for serving HTTPS traffic
  -stdout
    	Log to stdout (default true)
  -syslog.format string
    	Format to parse syslog messages with. Options are: Automatic|RFC3164|RFC5424|RFC6587. (default "Automatic")
  -syslog.source string
    	Run Syslog Server at this IP:Port or unix socket.
  -syslog.tcp
    	Listen on TCP for syslog messages. (default true)
  -syslog.threads int
    	Number of threads to use to process messages. (default 1)
  -syslog.udp
    	Listen on UDP for syslog messages. (default true)
  -syslog.unix
    	Listen on a Unix socket for syslog messages.
  -tag_map string
    	CSV file mapping tag ids to strings
  -tag_map_type string
    	type of mapping to use for tag values. file|null
  -tee_logs
    	Tee log messages to sink
  -threads int
    	Number of threads to run for processing
  -udrs string
    	UDR mapping file
  -v	Show version and build information
  -vpc string
    	Run VPC Flow Ingest

pprof

To expose profiling endpoints, use the -metalisten flag. This can be used with tools such as go tool pprof to capture and view the data. For example, if ktranslate was started with -metalisten :6060:

go tool pprof -http :8080 http://127.0.0.1:6060/debug/pprof/profile

To view all available profiles, open http://localhost:6060/debug/pprof/ in your browser.

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

ktranslate's People

Contributors

Stargazers

Watchers

ktranslate's Issues

Prometheus: rollups out_bytes and out_pkts not possible

I try to do rollups for out_bytes and out_pkts but it does not work.

This is my command line:
KTranslate CLI: [ktranslate -metalisten 0.0.0.0:8083 -listen 0.0.0.0:8082 -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLite2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -format prometheus -kentik_email <my_email> -format_rollup prometheus -sinks prometheus -prom_listen=:8084 -rollup_interval 60 -rollups sum,in_pkts,in_pkts,device_name -rollups sum,out_pkts,out_pkts,device_name]

in the prometheus exported file I have only

# HELP in_pkts
# TYPE in_pkts counter
in_pkts{device_name="core03_pa4_par"} 405

But no out_pkts.
I try with in_bytes/out_bytes and only in_bytes is exported :(

Is there a mistake in my command line ?

FR: K8s deployment model

As a customer with a large environment I'd like to be able to repeatably and consistently deploy the container in an auto scaling, load distributing, fault tolerant model using the same toolset I currently use to provide this kind of orchestration to other services.

This might take the form of a helm chart for a k8s deployment.

snmp_json2yaml not working for Synology MIB

I have been trying to generate a yaml file for SYNOLOGY-SYSTEM-MIB (available here) following the instructions in the Wiki.

The JSON file seems to generate fine (see attached SYNOLOGY-SYSTEM-MIB.json.txt generated using mibdump.py) but then the YAML conversion (snmp_json2yaml) results in a near-empty file with only the sysobjectid info but no metrics, etc:

# Autogenerated by ktranslate from /snmp_out/SYNOLOGY-SYSTEM-MIB.json

sysobjectid:
- 1.3.6.1.4.1.6574
- 1.3.6.1.4.1.6574.1.5
- 1.3.6.1.4.1.6574.1.6
- 1.3.6.1.4.1.6574.1.6.1
- 1.3.6.1.4.1.6574.1.4
- 1.3.6.1.4.1.6574.1.6.2

I tried re-running multiple times with no luck (same result), then I tried the example in the Wiki (ZSCALER-NSS-MIB) and it worked fine. So I'm scratching my head trying to figure out if there's something about the Synology MIB that's incompatible with the auto-generation process. Any help would be much appreciated!

Need to be clear in Wiki that this features doesn't work with free New Relic accounts

You get a 403 unless you have the right products purchased...

rollups argument description in --help should include rollup name

I have tested ktranslate:v2 and rollups and what works for me is the syntax in form of the type, name, metric, dimension1, dimension2, ....
What is clear is that at the second place it has to be some kind of "rollup name" and not the metric.

For example, if I use the following argument:

-rollups sum,src_addr_grouping,in_bytes,src_addr,protocol

the JSON output will be the following:

{ 
  "dimension": "89.21.210.85|UDP", 
  "metric": 2919044, 
  "eventType": "KFlow:in_bytes:src_addr:protocol", 
  "keyJoin": "|", 
  "interval": 31294705227, 
  "Name": "src_addr_grouping", 
  "Count": 3, 
  "Min": 700948, 
  "Max": 1141656, 
  "Provider": "kentik-router" 
},

From ktranslate --help, this is wrong:

-rollups value
    	Any rollups to use. Format: type, metric, dimension 1, dimension 2, ..., dimension n: sum,in_bytes,dst_addr

some parts of our KB documentation are wrong:

this is correct: https://kb.kentik.com/v0/Fc19.htm#Fc19-ktranslate_Operations
This is wrong in the table: https://kb.kentik.com/v0/Fc19.htm#Fc19-ktranslate_CLI_Reference
Example is wrong: https://kb.kentik.com/v0/Fc19.htm#Fc19-ktranslate_Operation_Examples

FR: Decorate metrics with polling interval

As an engineer, it would be useful to have SNMP metrics decorated with the polling interval for the purposes of reporting, alerting, and troubleshooting. With the ability to specify per OID collection intervals (thank you!) this FR will us understand where further data optimization can be implemented.

Allocate jchfs on-demand?

Pre-allocation of jchfs takes about 5MB.
It's not a lot but could add up for synth devices with light flow.

      flat  flat%   sum%        cum   cum%   calls calls% + context 	 	 
----------------------------------------------------------+-------------
                                         5123.05kB   100% |   github.com/kentik/ktranslate/pkg/cat.NewKTranslate /home/dhammika/src/github.com/kentik/ktranslate/pkg/cat/kkc.go:84 (inline)
 5123.05kB 81.97% 81.97%  5123.05kB 81.97%                | github.com/kentik/ktranslate/pkg/kt.NewJCHF /home/dhammika/src/github.com/kentik/ktranslate/pkg/kt/types.go:169

Hot load new devices for snmp via SIGHUP or other signal

Allow not reloading the whole image.

JSON output to file when multiple rollups are used is not a valid JSON file

When using multiple rollups and format JSON and sink to a file. the output file is not a valid JSON files. It seems that the JSON results are just glued together. Not sure if this "by design" and you don't want to create JSON file.

if I use:

-file_on -format json -sinks file -file_out /ktranslate/logs -listen 0.0.0.0:13000 -rollups sum,src_as_grouping,in_bytes,src_as -rollups sum,src_addr_grouping,in_bytes,src_addr,protocol -rollups sum,dst_addr_grouping,in_bytes,dst_addr,protocol  -rollup_key_join "|" -rollup_interval 60 -rollup_top_k 5

I get the following output in the file - this is formated in VSCode... the actual file is in attachment

[
    {
        "dimension": "39120",
        "metric": 23066876,
        "eventType": "KFlow:in_bytes:src_as",
        "keyJoin": "|",
        "interval": 59999948882,
        "Name": "src_as_grouping",
        "Count": 31,
        "Min": 76,
        "Max": 1539844,
        "Provider": "kentik-router"
    },
    {
        "dimension": "8551",
        "metric": 10345562,
        "eventType": "KFlow:in_bytes:src_as",
        "keyJoin": "|",
        "interval": 59999948882,
        "Name": "src_as_grouping",
        "Count": 222,
        "Min": 40,
        "Max": 408000,
        "Provider": "kentik-router"
    },
    {
        "dimension": "37100",
        "metric": 4173904,
        "eventType": "KFlow:in_bytes:src_as",
        "keyJoin": "|",
        "interval": 59999948882,
        "Name": "src_as_grouping",
        "Count": 224,
        "Min": 100,
        "Max": 157650,
        "Provider": "kentik-router"
    },
    {
        "dimension": "8640",
        "metric": 1423975,
        "eventType": "KFlow:in_bytes:src_as",
        "keyJoin": "|",
        "interval": 59999948882,
        "Name": "src_as_grouping",
        "Count": 16,
        "Min": 52,
        "Max": 363000,
        "Provider": "kentik-router"
    },
    {
        "dimension": "1213",
        "metric": 736997,
        "eventType": "KFlow:in_bytes:src_as",
        "keyJoin": "|",
        "interval": 59999948882,
        "Name": "src_as_grouping",
        "Count": 47,
        "Min": 52,
        "Max": 44019,
        "Provider": "kentik-router"
    },
    {
        "dimension": "15600",
        "metric": 721860,
        "eventType": "KFlow:in_bytes:src_as",
        "keyJoin": "|",
        "interval": 59999948882,
        "Name": "src_as_grouping",
        "Count": 86,
        "Min": 52,
        "Max": 44020,
        "Provider": "kentik-router"
    }
][
    {
        "dimension": "89.21.210.85|UDP",
        "metric": 7461940,
        "eventType": "KFlow:in_bytes:src_addr:protocol",
        "keyJoin": "|",
        "interval": 59999891906,
        "Name": "src_addr_grouping",
        "Count": 6,
        "Min": 966624,
        "Max": 1539844,
        "Provider": "kentik-router"
    },
    {
        "dimension": "89.21.210.86|UDP",
        "metric": 5718240,
        "eventType": "KFlow:in_bytes:src_addr:protocol",
        "keyJoin": "|",
        "interval": 59999891906,
        "Name": "src_addr_grouping",
        "Count": 6,
        "Min": 725536,
        "Max": 1078284,
        "Provider": "kentik-router"
    },
    {
        "dimension": "89.21.210.84|UDP",
        "metric": 4913384,
        "eventType": "KFlow:in_bytes:src_addr:protocol",
        "keyJoin": "|",
        "interval": 59999891906,
        "Name": "src_addr_grouping",
        "Count": 6,
        "Min": 650216,
        "Max": 1002684,
        "Provider": "kentik-router"
    },
    {
        "dimension": "94.101.60.146|UDP",
        "metric": 2804616,
        "eventType": "KFlow:in_bytes:src_addr:protocol",
        "keyJoin": "|",
        "interval": 59999891906,
        "Name": "src_addr_grouping",
        "Count": 5,
        "Min": 451508,
        "Max": 723140,
        "Provider": "kentik-router"
    },
    {
        "dimension": "94.101.60.147|UDP",
        "metric": 2167736,
        "eventType": "KFlow:in_bytes:src_addr:protocol",
        "keyJoin": "|",
        "interval": 59999891906,
        "Name": "src_addr_grouping",
        "Count": 6,
        "Min": 284900,
        "Max": 446688,
        "Provider": "kentik-router"
    },
    {
        "dimension": "192.114.75.55|TCP",
        "metric": 2054860,
        "eventType": "KFlow:in_bytes:src_addr:protocol",
        "keyJoin": "|",
        "interval": 59999891906,
        "Name": "src_addr_grouping",
        "Count": 7,
        "Min": 67500,
        "Max": 408000,
        "Provider": "kentik-router"
    }
][
    {
        "dimension": "193.177.129.29|UDP",
        "metric": 24440228,
        "eventType": "KFlow:in_bytes:dst_addr:protocol",
        "keyJoin": "|",
        "interval": 59998782553,
        "Name": "dst_addr_grouping",
        "Count": 33,
        "Min": 1404,
        "Max": 1539844,
        "Provider": "kentik-router"
    },
    {
        "dimension": "193.177.129.26|UDP",
        "metric": 5873175,
        "eventType": "KFlow:in_bytes:dst_addr:protocol",
        "keyJoin": "|",
        "interval": 59998782553,
        "Name": "dst_addr_grouping",
        "Count": 200,
        "Min": 72,
        "Max": 147728,
        "Provider": "kentik-router"
    },
    {
        "dimension": "193.177.129.27|UDP",
        "metric": 4243647,
        "eventType": "KFlow:in_bytes:dst_addr:protocol",
        "keyJoin": "|",
        "interval": 59998782553,
        "Name": "dst_addr_grouping",
        "Count": 229,
        "Min": 100,
        "Max": 157650,
        "Provider": "kentik-router"
    },
    {
        "dimension": "193.177.129.26|TCP",
        "metric": 2262272,
        "eventType": "KFlow:in_bytes:dst_addr:protocol",
        "keyJoin": "|",
        "interval": 59998782553,
        "Name": "dst_addr_grouping",
        "Count": 37,
        "Min": 52,
        "Max": 408000,
        "Provider": "kentik-router"
    },
    {
        "dimension": "193.177.129.28|TCP",
        "metric": 2203484,
        "eventType": "KFlow:in_bytes:dst_addr:protocol",
        "keyJoin": "|",
        "interval": 59998782553,
        "Name": "dst_addr_grouping",
        "Count": 126,
        "Min": 52,
        "Max": 363000,
        "Provider": "kentik-router"
    },
    {
        "dimension": "193.177.129.27|TCP",
        "metric": 1744456,
        "eventType": "KFlow:in_bytes:dst_addr:protocol",
        "keyJoin": "|",
        "interval": 59998782553,
        "Name": "dst_addr_grouping",
        "Count": 14,
        "Min": 60,
        "Max": 404037,
        "Provider": "kentik-router"
    },
    {
        "dimension": "193.177.129.23|TCP",
        "metric": 1468044,
        "eventType": "KFlow:in_bytes:dst_addr:protocol",
        "keyJoin": "|",
        "interval": 59998782553,
        "Name": "dst_addr_grouping",
        "Count": 28,
        "Min": 52,
        "Max": 256500,
        "Provider": "kentik-router"
    },
    {
        "dimension": "193.177.129.25|TCP",
        "metric": 1446808,
        "eventType": "KFlow:in_bytes:dst_addr:protocol",
        "keyJoin": "|",
        "interval": 59998782553,
        "Name": "dst_addr_grouping",
        "Count": 105,
        "Min": 52,
        "Max": 60052,
        "Provider": "kentik-router"
    }
]

1625043877_48415 copy.txt

[Missing SNMP Profile]

Device Name: Xenserver/Juniper Switches/Net scalr's

While configuring SNMP V3 on any of the above devices we have used Alpha Numeric/Special Characters Strong passwords in the place of ‘Authentication passphrase’ and ‘Privacy passphrase’.

While integrating devices to New Relic using SNMP Non-legacy method, given all the details as well as the strong passwords and validates and got the command, when running the command in devices we are getting 2 issues.

1st Issue:
2021-09-22T11:18:57.551 ktranslate [Info] KTranslate CLI: [ktranslate -listen 0.0.0.0:8082 -mapping /etc/ktranslate/config.json -geo /etc/ktranslate/GeoLite2-Country.mmdb -udrs /etc/ktranslate/udr.csv -api_devices /etc/ktranslate/devices.json -asn /etc/ktranslate/GeoLite2-ASN.mmdb -log_level info -snmp /snmp-base.yaml -log_level info -snmp_discovery=true]
service Run() error: The discovery configuration is not set: &{Devices:map[] Trap: Disco: Global: DeviceOrig:}.

2nd Issue:
We are not getting 1st error, but Xenserver/switch is not including into snmp-base.yaml file with error message of oid not found.

When tried with normal/simple passwords devices are getting discoverable with yaml commands and are able to communicate with New Relic.

Need support:
We need support in at very least ISO-8859-1 character set, if not Windows-1252 (CP-1252) or UTF8 character sets for passwords using SNMP V3. UTF8 is ideal for super strong passwords utilizing additional characters not on keyboards for ‘Authentication passphrase’ and ‘Privacy passphrase’.

SNMP metadata missing from the output for other MIBs except interfaces

When I start ktranslate the first output file in JSON format contains the "eventType": "KSnmpInterfaceMetadata" event which contains metadata for interfaces and device system level. The stdout logs shows that the metadata for other MIBs is collected, but this is never pushed in the output files, although this is important piece of information.

For example, for hrStorage, I will have the values and the index, however I don't have metadata context, if this is "Swap" or "Physical memory" or "disk", etc...

        "custom_str": {
            "Error": "",
            "Index": ".35",
            "key1": "aaaa",
            "key2": "bbbb",
            "src_as_name": "Private IP"
        },
        "custom_bigint": {
            "hrStorageSize": 401190,
            "hrStorageAllocationUnits": 4096,
            "hrStorageUsed": 651,
            "Uptime": 3511727
        },
        "eventType": "KSnmpDeviceMetric",
        "provider": "kentik-router"
    },

Interface metadata output:

        "custom_str": {
            "if.2.PhysAddress": "0x8c8caa440500",
            "if.3.Index": "3",
            "if.3.VrfRD": "",
            "if.30.Netmask": "255.255.0.0",
            "if.30.Alias": "",
            "if.30.VrfDescr": "",
            "if.4.VrfRD": "",
            "if.30.Description": "br-c004ba1a1e09",
            "SysName": "dpajin-t14",
            "if.2.VrfRD": "",
            "if.3.Mtu": "1500",
            "if.4.Alias": "",
            "if.4.VrfName": "",
            "if.4.VrfDescr": "",
            "if.4.PhysAddress": "0x0242b947d2c3",
            "if.4.LastChange": "1812",
            "if.30.Index": "30",
            "if.1.VrfRD": "",
            "SysContact": "",
            "if.2.LastChange": "0",
            "if.3.Address": "192.168.1.13",
            "if.3.Netmask": "255.255.255.0",
            "if.4.Address": "172.17.0.1",
            "if.30.LastChange": "3501312",
            "if.2.Index": "2",
            "if.2.Description": "Intel Corporation Ethernet Connection (10) I219-V",
            "if.2.Alias": "",
            "if.3.LastChange": "3196350",
            "if.4.Name": "docker0",
            "if.30.Name": "br-c004ba1a1e09",
            "Manufacturer": "Linux dpajin-t14 5.8.0-59-generic #66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021 x86_64",
            "SysLocation": "",
            "if.30.ConnectorPresent": "physical",
            "if.2.VrfName": "",
            "if.3.VrfDescr": "",
            "if.1.Address": "127.0.0.1",
            "src_as_name": "Private IP",
            "if.3.VrfName": "",
            "if.4.Index": "4",
            "if.1.Name": "lo",
            "if.3.ConnectorPresent": "physical",
            "if.2.Netmask": "",
            "if.3.Description": "Intel Corporation Wireless-AC 9462",
            "if.4.Mtu": "1500",
            "if.1.Description": "lo",
            "if.3.Name": "wlp0s20f3",
            "if.30.Address": "172.27.0.1",
            "if.1.Alias": "",
            "if.2.VrfDescr": "",
            "if.1.LastChange": "0",
            "if.1.Mtu": "65536",
            "SysDescr": "Linux dpajin-t14 5.8.0-59-generic #66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021 x86_64",
            "if.2.ConnectorPresent": "physical",
            "if.2.Name": "enp0s31f6",
            "if.4.Description": "docker0",
            "if.30.PhysAddress": "0x0242a1d280b0",
            "if.1.Netmask": "255.0.0.0",
            "SysObjectID": ".1.3.6.1.4.1.8072.3.2.10",
            "if.4.ConnectorPresent": "physical",
            "if.30.Mtu": "1500",
            "if.1.ConnectorPresent": "logical",
            "if.2.Address": "",
            "if.2.Mtu": "1500",
            "if.3.Alias": "",
            "if.4.Netmask": "255.255.0.0",
            "if.30.VrfRD": "",
            "if.1.VrfDescr": "",
            "if.3.PhysAddress": "0x085bd69c8830",
            "if.30.VrfName": "",
            "if.1.Index": "1",
            "if.1.VrfName": ""
        },
        "custom_int": {
            "SysServices": 0,
            "if.2.Speed": 0,
            "if.3.Speed": 0,
            "if.4.Speed": 0,
            "if.30.Speed": 0,
            "if.1.Speed": 10
        },
        "eventType": "KSnmpInterfaceMetadata",
        "provider": "kentik-router"
    }

SNMPv3 fails when using AES256

Tried to deploy SNMPv3 using AES256 and it didn't like it. Had to drop back to using AES128.

@i3149 as per our Slack chat

SNMP Provider match isn't working as expected

looking at load.go, it seems we should be somewhat gracefully matching the provider value based on some known attributes on discovered devices.

On the current version, all discovered devices are being matched as kentik-router, even if they have matching logic for other providers. Case in point, we have a discovery that came back with 4 devices using mib_profile: cisco-catalyst.yml; which I think should have matched below, but it seems to have missed.

if strings.Contains(combo, "switch") || strings.Contains(profile, "cisco-catalyst") {
		return kt.ProviderSwitch, true
	}

-flow_only=true flag is not supported when launching the container

As documented here, the Docker container does not respond to -flow_only=true instead checking for -snmp_flow_only. The former is documented in both this Wiki and on the New Relic docs site.

Which version is correct? Does it make sense to use the same nomenclature in the YAML file (snmp_only=true) as the docker run flag?

SNMP traps OIDs are not recognized

I was testing SNMP traps receiver with the linkDown and linkUp Traps and OIDs inside the traps are not recognized, although they are from IF-MIB.

Generating OIDs locally with the following commands:

sudo snmptrap -v2c -c public 192.168.0.130 '' IF-MIB::linkDown ifIndex i 1 ifAdminStatus i 2 ifOperStatus i 2
sudo snmptrap -v2c -c public 192.168.0.130 '' IF-MIB::linkUp ifIndex i 1 ifAdminStatus i 1 ifOperStatus i 1

Results in logs:

2021-07-05T10:22:21.229 ktranslate [Info] KTranslate got trapdata from 127.0.0.1
[{"timestamp":0,"dst_as":0,"dst_geo":"","header_len":0,"in_bytes":0,"in_pkts":0,"input_port":0,"ip_size":0,"dst_addr":"","src_addr":"127.0.0.1","l4_dst_port":0,"l4_src_port":0,"output_port":0,"protocol":"","sampled_packet_size":0,"src_as":0,"src_geo":"","tcp_flags":0,"tos":0,"vlan_in":0,"vlan_out":0,"next_hop":"","mpls_type":0,"out_bytes":0,"out_pkts":0,"tcp_rx":0,"src_flow_tags":"","dst_flow_tags":"","sample_rate":0,"device_id":0,"device_name":"127.0.0.1","company_id":0,"dst_bgp_as_path":"","dst_bgp_comm":"","src_bpg_as_path":"","src_bgp_comm":"","src_nexthop_as":0,"dst_nexthop_as":0,"src_geo_region":"","dst_geo_region":"","src_geo_city":"","dst_geo_city":"","dst_nexthop":"","src_nexthop":"","src_route_prefix":0,"dst_route_prefix":0,"src_second_asn":0,"dst_second_asn":0,"src_third_asn":0,"dst_third_asn":0,"src_eth_mac":"","dst_eth_mac":"","input_int_desc":"","output_int_desc":"","input_int_alias":"","output_int_alias":"","input_int_capacity":0,"output_int_capacity":0,"input_int_ip":"","output_int_ip":"","custom_str":{".1.3.6.1.6.3.1.1.4.1.0":".1.3.6.1.6.3.1.1.5.3"},"custom_bigint":{"sysUpTimeInstance":1088680},"eventType":"KSnmpTrap","provider":"kentik-router"}]
2021-07-05T10:22:21.230 ktranslate [Info] KTranslate trap variable with unknown type handling, skipping: {Name:.1.3.6.1.2.1.2.2.1.1 Type:Integer Value:1 Logger:{print:0xbf5ea0 printf:0xbf5f80}}
2021-07-05T10:22:21.230 ktranslate [Info] KTranslate trap variable with unknown type handling, skipping: {Name:.1.3.6.1.2.1.2.2.1.7 Type:Integer Value:2 Logger:{print:0xbf5ea0 printf:0xbf5f80}}
2021-07-05T10:22:21.230 ktranslate [Info] KTranslate trap variable with unknown type handling, skipping: {Name:.1.3.6.1.2.1.2.2.1.8 Type:Integer Value:2 Logger:{print:0xbf5ea0 printf:0xbf5f80}}
2021-07-05T10:22:25.483 ktranslate [Info] KTranslate got trapdata from 127.0.0.1
2021-07-05T10:22:25.483 ktranslate [Info] KTranslate trap variable with unknown type handling, skipping: {Name:.1.3.6.1.2.1.2.2.1.1 Type:Integer Value:1 Logger:{print:0xbf5ea0 printf:0xbf5f80}}
2021-07-05T10:22:25.483 ktranslate [Info] KTranslate trap variable with unknown type handling, skipping: {Name:.1.3.6.1.2.1.2.2.1.7 Type:Integer Value:1 Logger:{print:0xbf5ea0 printf:0xbf5f80}}
2021-07-05T10:22:25.483 ktranslate [Info] KTranslate trap variable with unknown type handling, skipping: {Name:.1.3.6.1.2.1.2.2.1.8 Type:Integer Value:1 Logger:{print:0xbf5ea0 printf:0xbf5f80}}
[{"timestamp":0,"dst_as":0,"dst_geo":"","header_len":0,"in_bytes":0,"in_pkts":0,"input_port":0,"ip_size":0,"dst_addr":"","src_addr":"127.0.0.1","l4_dst_port":0,"l4_src_port":0,"output_port":0,"protocol":"","sampled_packet_size":0,"src_as":0,"src_geo":"","tcp_flags":0,"tos":0,"vlan_in":0,"vlan_out":0,"next_hop":"","mpls_type":0,"out_bytes":0,"out_pkts":0,"tcp_rx":0,"src_flow_tags":"","dst_flow_tags":"","sample_rate":0,"device_id":0,"device_name":"127.0.0.1","company_id":0,"dst_bgp_as_path":"","dst_bgp_comm":"","src_bpg_as_path":"","src_bgp_comm":"","src_nexthop_as":0,"dst_nexthop_as":0,"src_geo_region":"","dst_geo_region":"","src_geo_city":"","dst_geo_city":"","dst_nexthop":"","src_nexthop":"","src_route_prefix":0,"dst_route_prefix":0,"src_second_asn":0,"dst_second_asn":0,"src_third_asn":0,"dst_third_asn":0,"src_eth_mac":"","dst_eth_mac":"","input_int_desc":"","output_int_desc":"","input_int_alias":"","output_int_alias":"","input_int_capacity":0,"output_int_capacity":0,"input_int_ip":"","output_int_ip":"","custom_str":{".1.3.6.1.6.3.1.1.4.1.0":".1.3.6.1.6.3.1.1.5.4"},"custom_bigint":{"sysUpTimeInstance":1089106},"eventType":"KSnmpTrap","provider":"kentik-router"}]

Resutls in JSON file output, visible only SnmpTrapOID .1.3.6.1.6.3.1.1.4.1 and SysUpTimeInstance

[
    {
        "timestamp": 0,
        "dst_as": 0,
        "dst_geo": "",
        "header_len": 0,
        "in_bytes": 0,
        "in_pkts": 0,
        "input_port": 0,
        "ip_size": 0,
        "dst_addr": "",
        "src_addr": "127.0.0.1",
        "l4_dst_port": 0,
        "l4_src_port": 0,
        "output_port": 0,
        "protocol": "",
        "sampled_packet_size": 0,
        "src_as": 0,
        "src_geo": "",
        "tcp_flags": 0,
        "tos": 0,
        "vlan_in": 0,
        "vlan_out": 0,
        "next_hop": "",
        "mpls_type": 0,
        "out_bytes": 0,
        "out_pkts": 0,
        "tcp_rx": 0,
        "src_flow_tags": "",
        "dst_flow_tags": "",
        "sample_rate": 0,
        "device_id": 0,
        "device_name": "127.0.0.1",
        "company_id": 0,
        "dst_bgp_as_path": "",
        "dst_bgp_comm": "",
        "src_bpg_as_path": "",
        "src_bgp_comm": "",
        "src_nexthop_as": 0,
        "dst_nexthop_as": 0,
        "src_geo_region": "",
        "dst_geo_region": "",
        "src_geo_city": "",
        "dst_geo_city": "",
        "dst_nexthop": "",
        "src_nexthop": "",
        "src_route_prefix": 0,
        "dst_route_prefix": 0,
        "src_second_asn": 0,
        "dst_second_asn": 0,
        "src_third_asn": 0,
        "dst_third_asn": 0,
        "src_eth_mac": "",
        "dst_eth_mac": "",
        "input_int_desc": "",
        "output_int_desc": "",
        "input_int_alias": "",
        "output_int_alias": "",
        "input_int_capacity": 0,
        "output_int_capacity": 0,
        "input_int_ip": "",
        "output_int_ip": "",
        "custom_str": {
            ".1.3.6.1.6.3.1.1.4.1.0": ".1.3.6.1.6.3.1.1.5.3"
        },
        "custom_bigint": {
            "sysUpTimeInstance": 1088680
        },
        "eventType": "KSnmpTrap",
        "provider": "kentik-router"
    }
][
    {
        "timestamp": 0,
        "dst_as": 0,
        "dst_geo": "",
        "header_len": 0,
        "in_bytes": 0,
        "in_pkts": 0,
        "input_port": 0,
        "ip_size": 0,
        "dst_addr": "",
        "src_addr": "127.0.0.1",
        "l4_dst_port": 0,
        "l4_src_port": 0,
        "output_port": 0,
        "protocol": "",
        "sampled_packet_size": 0,
        "src_as": 0,
        "src_geo": "",
        "tcp_flags": 0,
        "tos": 0,
        "vlan_in": 0,
        "vlan_out": 0,
        "next_hop": "",
        "mpls_type": 0,
        "out_bytes": 0,
        "out_pkts": 0,
        "tcp_rx": 0,
        "src_flow_tags": "",
        "dst_flow_tags": "",
        "sample_rate": 0,
        "device_id": 0,
        "device_name": "127.0.0.1",
        "company_id": 0,
        "dst_bgp_as_path": "",
        "dst_bgp_comm": "",
        "src_bpg_as_path": "",
        "src_bgp_comm": "",
        "src_nexthop_as": 0,
        "dst_nexthop_as": 0,
        "src_geo_region": "",
        "dst_geo_region": "",
        "src_geo_city": "",
        "dst_geo_city": "",
        "dst_nexthop": "",
        "src_nexthop": "",
        "src_route_prefix": 0,
        "dst_route_prefix": 0,
        "src_second_asn": 0,
        "dst_second_asn": 0,
        "src_third_asn": 0,
        "dst_third_asn": 0,
        "src_eth_mac": "",
        "dst_eth_mac": "",
        "input_int_desc": "",
        "output_int_desc": "",
        "input_int_alias": "",
        "output_int_alias": "",
        "input_int_capacity": 0,
        "output_int_capacity": 0,
        "input_int_ip": "",
        "output_int_ip": "",
        "custom_str": {
            ".1.3.6.1.6.3.1.1.4.1.0": ".1.3.6.1.6.3.1.1.5.4"
        },
        "custom_bigint": {
            "sysUpTimeInstance": 1089106
        },
        "eventType": "KSnmpTrap",
        "provider": "kentik-router"
    }
]

Discovery fails to write out snmp-base.yaml with permission denied errors in docker tag 07-23-21

I'm using the docker images to run some test discoveries on some networks, and between image tags "07-22-21" and "07-23-21" the discovery process no longer writes back to snmp-base.yaml, instead showing a permission denied error at the end of the (debug) output:

End of the output from tag 07-23-21:
2021-07-27T17:12:40.538 ktranslate [Info] KTranslate Adding 0 new snmp devices to the config, 15 replaced from 15
service Run() error: open /snmp-base.yaml: permission denied
2021-07-27T17:12:40.539 ktranslate [Panic] ktranslate service Run() error: open /snmp-base.yaml: permission denied

End of the output from tag 07-22-21:
2021-07-27T17:15:43.780 ktranslate [Info] KTranslate Adding 0 new snmp devices to the config, 15 replaced from 15
2021-07-27T17:15:43.783 ktranslate [Info] ktranslate service.Close() called, now waiting for things to settle

Deduplication Override Option

As a user, I need to disable the deduplication by SNMPv3 EngineID during discovery to support edge cases where I may want multiple device entities in my inventory. The default behavior should have deduplication enabled.

FR: Randomize -metalisten port to allow for multiple containers on the same host

When an existing ktranslate container is running, launching a discovery results in an error

Error running meta server: listen tcp 0.0.0.0:8083: bind: address already in use

Suggest that when -snmp_discovery=true that -metalisten run on a randomized port. This will also facilitate scheduled discoveries without having to manage running ktranslate instances.

some kflow records fail with infuxdb sink

When using influxdb sink I have noticed that some kflow records are failing to write.
I don't see what would be the reason for that... below is the example logs from ktranslate (the log message was in the one line, I separated this into multiple line with the new line before and after "\n"):

ktranslate    | 2021-06-28T08:30:04.428 ktranslate [Error] httpSink Cannot write to HTTP, status code 400, bdy: {"error":"partial write: unable to parse 'kentik.flow,src_geo_city=\"Petah 
Tikva\",dst_geo=DE,dst_route_prefix=3249635610,tos=192,sample_rate=32,dst_nexthop=193.177.128.16,output_port=549,src_as=8551,dst_addr=193.177.129.26,src_second_asn=8551,device_id=1171,company_id=1013,src_geo=IL,eventType=KFlow,provider=kentik-router,src_geo_region=HaMerkaz,src_as_name=BEZEQ-INTERNATIONAL-AS,1435=inbound,l4_dst_port=20013,protocol=UDP,l4_src_port=58848,dst_as_name=-Private,input_port=554,dst_as=65500,src_nexthop=149.29.8.217,dst_nexthop_as=65500,src_nexthop_as=174,src_route_prefix=3558432768,src_addr=212.25.114.76 out_bytes=0,in_pkts=32,out_pkts=0,latency_ms=0,in_bytes=46208 1624869003000000000': invalid boolean 

\n 

unable to parse 'kentik.flow,dst_addr=193.177.129.11,sample_rate=32,company_id=1013,dst_geo=DE,l4_src_port=22698,output_port=549,395=https,src_addr=188.137.141.100,protocol=TCP,provider=kentik-router,src_geo_region=\"Al 'Asimah\",dst_as=65500,src_nexthop_as=35313,input_port=519,dst_nexthop_as=65500,src_geo_city=Manama,eventType=KFlow,src_as=35313,l4_dst_port=443,src_nexthop=80.81.192.156,dst_nexthop=193.177.128.9,tcp_flags=16,src_as_name=BH-INFONAS-ASN,src_geo=BH,device_id=1171,dst_route_prefix=3249635595,1435=other,dst_as_name=-Private,src_route_prefix=3163127808 latency_ms=0,in_bytes=1664,out_bytes=0,in_pkts=32,out_pkts=0 1624869003000000000': invalid boolean 

\n 

unable to parse 'kentik.flow,l4_dst_port=20013,dst_as_name=-Private,company_id=1013,395=oma-rlp-s,provider=kentik-router,input_port=554,device_id=1171,dst_nexthop_as=65500,sample_rate=32,protocol=UDP,dst_route_prefix=3249635606,src_route_prefix=1053589504,src_nexthop=80.249.210.67,src_geo_region=\"Sofia (stolitsa)\",src_geo=BG,src_geo_city=Sofia,output_port=549,eventType=KFlow,dst_nexthop=193.177.128.16,src_as=8717,dst_geo=DE,src_addr=62.204.136.9,src_as_name=A1,dst_addr=193.177.129.22,1435=inbound,dst_as=65500,l4_src_port=7274,src_nexthop_as=8717 out_bytes=0,in_pkts=640,out_pkts=0,latency_ms=0,in_bytes=529920 1624869003000000000': invalid boolean 

\n 
 
unable to parse 'kentik.flow,sample_rate=32,device_id=1171,src_nexthop_as=200612,dst_addr=193.177.129.26,src_nexthop=80.249.213.82,dst_nexthop_as=65500,dst_as=65500,l4_dst_port=20013,dst_nexthop=193.177.128.16,dst_route_prefix=3249635610,src_geo_region=\"Ad Dawhah\",1435=inbound,output_port=549,src_route_prefix=3110391808,src_geo_city=Doha,protocol=UDP,src_as_name=GULFBRIDGEINTERNATIONAL,company_id=1013,dst_as_name=-Private,provider=kentik-router,src_as=200612,src_geo=QA,l4_src_port=273,src_addr=185.100.208.7,eventType=KFlow,input_port=554,dst_geo=DE in_bytes=630016,out_bytes=0,in_pkts=480,out_pkts=0,latency_ms=0 1624869003000000000': invalid boolean 
 
\n 
 
unable to parse 'kentik.flow,eventType=KFlow,src_nexthop=193.177.128.9,src_nexthop_as=65500,dst_geo=DE,src_geo=DE,dst_as_name=LINODE-AP,company_id=1013,dst_nexthop_as=63949,src_as_name=-Private,dst_geo_region=Hessen,protocol=TCP,dst_as=63949,dst_addr=172.104.224.193,src_addr=193.177.129.11,sample_rate=32,input_port=548,src_route_prefix=3249635595,provider=kentik-router,dst_nexthop=80.81.194.193,src_as=65500,dst_geo_city=\"Frankfurt am Main\",l4_dst_port=22190,device_id=1171,tcp_flags=17,1435=outbound,l4_src_port=443,395=https,output_port=554,dst_route_prefix=2892554240 out_bytes=0,in_pkts=32,out_pkts=0,latency_ms=0,in_bytes=1664 1624869003000000000': invalid field format 
 
\n 
 
unable to parse 'kentik.flow,dst_route_prefix=3249635645,1435=inbound,src_as=8551,provider=kentik-router,company_id=1013,device_id=1171,dst_nexthop=193.177.128.15,output_port=549,tcp_flags=24,eventType=KFlow,src_geo=IL,src_as_name=BEZEQ-INTERNATIONAL-AS,protocol=TCP,src_route_prefix=3558432768,l4_dst_port=179,dst_as_name=-Private,l4_src_port=59964,src_second_asn=8551,dst_as=65500,sample_rate=32,src_geo_region=HaMerkaz,src_geo_city=\"Petah Tikva\",dst_geo=DE,dst_addr=193.177.129.61,dst_nexthop_as=65500,input_port=551,src_addr=212.25.114.12,src_nexthop=149.29.8.217,src_nexthop_as=174,395=bgp in_bytes=5920,out_bytes=0,in_pkts=32,out_pkts=0,latency_ms=0 1624869003000000000': invalid boolean 
 
\n 
 
unable to parse 'kentik.flow,device_id=1171,src_geo_region=\"Sofia (stolitsa)\",src_geo_city=Sofia,dst_geo=DE,l4_dst_port=20013,l4_src_port=8553,dst_as=65500,company_id=1013,src_nexthop_as=8717,output_port=549,src_as=8717,dst_route_prefix=3249635606,dst_nexthop=193.177.128.16,src_addr=62.204.136.9,dst_nexthop_as=65500,provider=kentik-router,src_geo=BG,input_port=554,protocol=UDP,src_as_name=A1,src_nexthop=80.249.210.67,dst_as_name=-Private,src_route_prefix=1053589504,dst_addr=193.177.129.22,sample_rate=32,eventType=KFlow,1435=inbound latency_ms=0,in_bytes=187008,out_bytes=0,in_pkts=224,out_pkts=0 1624869003000000000': invalid boolean 
 
\n 
 
unable to parse 'kentik.flow,provider=kentik-router,dst_nexthop_as=65500,src_geo=MU,src_as_name=SEACOM-AS,dst_route_prefix=3249635611,sample_rate=32,src_route_prefix=1762656256,l4_dst_port=20013,input_port=551,1435=inbound,dst_as=65500,src_nexthop=149.29.8.217,device_id=1171,src_second_asn=37100,l4_src_port=137,dst_nexthop=193.177.128.11,eventType=KFlow,dst_geo=DE,protocol=UDP,src_nexthop_as=174,company_id=1013,395=netbios-ns,dst_as_name=-Private,src_geo_city=\"Port Louis\",dst_addr=193.177.129.27,src_as=37100,src_geo_region=\"Port Louis\",output_port=549,src_addr=105.16.1.31 in_bytes=372736,out_bytes=0,in_pkts=256,out_pkts=0,latency_ms=0 1624869003000000000': invalid number

SNMP Quickstart `docker run` command out of date

Doesn't account for mibs.db/profiles

Bug: Container User no longer has write access to snmp-base.yaml

PR #73 introduced a bug for the SNMP discovery workflow where the container user cannot write to update snmp-base.yaml with the results of discovery; giving the following error:

service Run() error: open /snmp-base.yaml: permission denied

chmod 666 snmp-base.yaml prior to executing discovery has fixed this in testing.

FR: Alphabetize results from discovered mibs

Request ordering results in discovered_mibs created from device discovery to increase readability when scrolling multiple devices of the same type.

Support for custom S3 file structures

Just copying and pasting from SFDC:

A Kentik Customer is using kproxy->ktranslate to store flow in S3. They noted that the output files are just put in a simple file structure. They would prefer to see something more structured, preferably by date (YYYY/MM/DD)....S3 has some limited ability to support this.

new_relic output format mixing attributes from multiple MIBs

I am polling data from multiple SNMP MIBs, concrete HOST-RESOURCES-MIB and UCD-SNMP-MIB.
The new relic output in attributes section contains some irrelevant data which comes from other MIBs, when they have the same index value.

For example:

            {
                "name": "kentik.snmp.hrStorageSize",
                "type": "gauge",
                "value": 16047576,
                "attributes": {
                    "src_as_name": "Private IP",
                    "eventType": "KSnmpDeviceMetric",
                    "instrumentation.name": "snmp",
                    "key1": "aaaa",
                    "src_addr": "172.17.0.1",
                    "key2": "bbbb",
                    "laLoad": "1.16",
                    "provider": "kentik-router",
                    "src_geo": "Private IP",
                    "objectIdentifier": "1.3.6.1.2.1.25.2.3.1.5",
                    "Index": ".1",
                    "laConfig": "12.00"
                }
            },

            {
                "name": "kentik.snmp.ipSystemStatsOutFragReqds",
                "type": "gauge",
                "value": 0,
                "attributes": {
                    "laLoad": "1.16",
                    "src_as_name": "Private IP",
                    "eventType": "KSnmpDeviceMetric",
                    "key2": "bbbb",
                    "Index": ".1",
                    "instrumentation.name": "snmp",
                    "src_geo": "Private IP",
                    "key1": "aaaa",
                    "src_addr": "172.17.0.1",
                    "laConfig": "12.00",
                    "objectIdentifier": "1.3.6.1.2.1.4.31.1.1.26",
                    "provider": "kentik-router"
                }
            },

So hrStorageSize is from HOST-RESOURCES-MIB and does not have anything with the values laLoad and laConfig which are values from UCD-SNMP-MIB, but they are listed in the attributes section. Same happens with the ipSystemStatsOutFragReqds from the IP-MIB.

What I am missing from here is the "tag" values for example hrStorageDescr and hrStorageType, which I see that are collected initially in logs as metadata, but they are not included nowhere in the output.

ktranslate    | 2021-07-30T13:32:02.716 ktranslate [Info] KTranslate> Getting device metadata from custom map: map[1.3.6.1.2.1.1.1.0:Name: sysDescr, Oid: 1.3.6.1.2.1.1.1.0: Type: 2, Extra:  1.3.6.1.2.1.1.2.0:Name: sysObjectI
D, Oid: 1.3.6.1.2.1.1.2.0: Type: 2, Extra:  1.3.6.1.2.1.1.5.0:Name: sysName, Oid: 1.3.6.1.2.1.1.5.0: Type: 2, Extra:  1.3.6.1.2.1.25.2.3.1.2:Name: hrStorageType, Oid: 1.3.6.1.2.1.25.2.3.1.2: Type: 2, Extra:  1.3.6.1.2.1.25.2.3.1.3:
Name: hrStorageDescr, Oid: 1.3.6.1.2.1.25.2.3.1.3: Type: 2, Extra:  1.3.6.1.2.1.25.3.3.1.1:Name: hrProcessorFrwID, Oid: 1.3.6.1.2.1.25.3.3.1.1: Type: 2, Extra:  1.3.6.1.4.1.2021.10.1.1:Name: laIndex, Oid: 1.3.6.1.4.1.2021.10.1.1: T
ype: 2, Extra:  1.3.6.1.4.1.2021.10.1.101:Name: laErrMessage, Oid: 1.3.6.1.4.1.2021.10.1.101: Type: 2, Extra:  1.3.6.1.4.1.2021.10.1.2:Name: laNames, Oid: 1.3.6.1.4.1.2021.10.1.2: Type: 2, Extra: ]
ktranslate    | 2021-07-30T13:32:02.716 ktranslate [Info] KTranslate> Trying to walk hrStorageType -> .1.3.6.1.2.1.25.2.3.1.2 as a table
ktranslate    | 2021-07-30T13:32:02.717 ktranslate [Info] KTranslate> TableWalk Results: storage_type: .1.3.6.1.2.1.25.2.3.1.2 -> 16
ktranslate    | 2021-07-30T13:32:02.717 ktranslate [Info] KTranslate> Trying to walk hrStorageDescr -> .1.3.6.1.2.1.25.2.3.1.3 as a table
ktranslate    | 2021-07-30T13:32:02.718 ktranslate [Info] KTranslate> TableWalk Results: storage_description: .1.3.6.1.2.1.25.2.3.1.3 -> 16
ktranslate    | 2021-07-30T13:32:02.718 ktranslate [Info] KTranslate> Trying to walk hrProcessorFrwID -> .1.3.6.1.2.1.25.3.3.1.1 as a table
ktranslate    | 2021-07-30T13:32:02.719 ktranslate [Info] KTranslate> TableWalk Results: processor_id: .1.3.6.1.2.1.25.3.3.1.1 -> 8
ktranslate    | 2021-07-30T13:32:02.719 ktranslate [Info] KTranslate> Trying to walk laIndex -> .1.3.6.1.4.1.2021.10.1.1 as a table
ktranslate    | 2021-07-30T13:32:02.719 ktranslate [Info] KTranslate> TableWalk Results: la_index: .1.3.6.1.4.1.2021.10.1.1 -> 3
ktranslate    | 2021-07-30T13:32:02.719 ktranslate [Info] KTranslate> Trying to walk laErrMessage -> .1.3.6.1.4.1.2021.10.1.101 as a table
ktranslate    | 2021-07-30T13:32:02.719 ktranslate [Info] KTranslate> TableWalk Results: la_error_message: .1.3.6.1.4.1.2021.10.1.101 -> 3
ktranslate    | 2021-07-30T13:32:02.719 ktranslate [Info] KTranslate> Trying to walk laNames -> .1.3.6.1.4.1.2021.10.1.2 as a table
ktranslate    | 2021-07-30T13:32:02.719 ktranslate [Info] KTranslate> TableWalk Results: la_names: .1.3.6.1.4.1.2021.10.1.2 -> 3
ktranslate    | 2021-07-30T13:32:02.719 ktranslate [Info] KTranslate> SNMP Device Metadata: Data received: {SysName:dpajin-t14 SysObjectID:.1.3.6.1.4.1.8072.3.2.10 SysDescr:Linux dpajin-t14 5.8.0-59-generic #66~20.04.1-Ubunt
u SMP Thu Jun 17 11:14:10 UTC 2021 x86_64 SysLocation: SysContact: SysServices:0 Customs:map[] CustomInts:map[] Tables:map[1:{Customs:map[la_error_message: la_names:Load-1 storage_description:Physical memory] CustomInts:map[la_inde
x:1 storage_type:0]} 10:{Customs:map[storage_description:Swap space] CustomInts:map[storage_type:0]} 101:{Customs:map[storage_description:/boot/efi] CustomInts:map[storage_type:0]} 102:{Customs:map[storage_description:/run/user/100
0] CustomInts:map[storage_type:0]} 105:{Customs:map[storage_description:/run/snapd/ns] CustomInts:map[storage_type:0]} 132:{Customs:map[storage_description:/var/lib/docker/containers/510c62ab8cb952b4e335ae978f16c61e1396fd20a9233eb7
9e4c8f3736d3a894/mounts/shm] CustomInts:map[storage_type:0]} 134:{Customs:map[storage_description:/var/lib/docker/containers/ae20254b1ab89a25164a90ef6cd4a430936a860bef2f898f65a2ceb3ee65fd7d/mounts/shm] CustomInts:map[storage_type:0
]} 196608:{Customs:map[] CustomInts:map[processor_id:0]} 196609:{Customs:map[] CustomInts:map[processor_id:0]} 196610:{Customs:map[] CustomInts:map[processor_id:0]} 196611:{Customs:map[] CustomInts:map[processor_id:0]} 196612:{Cust
oms:map[] CustomInts:map[processor_id:0]} 196613:{Customs:map[] CustomInts:map[processor_id:0]} 196614:{Customs:map[] CustomInts:map[processor_id:0]} 196615:{Customs:map[] CustomInts:map[processor_id:0]} 2:{Customs:map[la_error_mes
sage: la_names:Load-5] CustomInts:map[la_index:2]} 3:{Customs:map[la_error_message: la_names:Load-15 storage_description:Virtual memory] CustomInts:map[la_index:3 storage_type:0]} 35:{Customs:map[storage_description:/run] CustomInt
s:map[storage_type:0]} 36:{Customs:map[storage_description:/] CustomInts:map[storage_type:0]} 38:{Customs:map[storage_description:/dev/shm] CustomInts:map[storage_type:0]} 39:{Customs:map[storage_description:/run/lock] CustomInts:m
ap[storage_type:0]} 40:{Customs:map[storage_description:/sys/fs/cgroup] CustomInts:map[storage_type:0]} 6:{Customs:map[storage_description:Memory buffers] CustomInts:map[storage_type:0]} 7:{Customs:map[storage_description:Cached me
mory] CustomInts:map[storage_type:0]} 8:{Customs:map[storage_description:Shared memory] CustomInts:map[storage_type:0]}]}

I noticed "similar" behavior also with the JSON output where all the values which come from mulitple MIBs, but have the same index value are grouped in one metric object:
Although laLoad and laConfig values visibile in new relic format come from the "custom_str" section.

        "custom_str": {
            "ks_laLoad": "0.56",
            "ks_laConfig": "12.00",
            "Error": "",
            "Index": ".3",
            "key1": "aaaa",
            "key2": "bbbb",
            "src_as_name": "Private IP"
        },
        "custom_bigint": {
            "laLoadFloat": 0,
            "hrStorageUsed": 10591252,
            "Uptime": 2164140,
            "laLoad": 0,
            "laErrorFlag": 0,
            "laConfig": 0,
            "hrStorageSize": 18144724,
            "laLoadInt": 56,
            "hrStorageAllocationUnits": 1024
        },

This one combines all the values from all the tables in different MIBs, where the "row" has index ".3"

FR: Additional decoration for container log forwarder

As a customer with multiple ktranslate containers we have to write parsing rules in NR to be able to easily filter/facet on the container name. For a better OOTB user experience it would be helpful to decorate the log tee records with additional information as separate attributes such as

{
"collector.name":"ktranslate"
"instrumentation.provider":"kentik"
"hostname":"kentik"
"container_id":"fajfn13245lkm"
"container_name":"kentik-snmp-routers"
"message":"2021-10-25T18:04:40.734 ktranslate/snmp [Info] KTranslate>isp-gw Adding device metric .1.3.6.1.2.1.6.6.0 -> tcpPassiveOpens"
}

This will probably also apply to syslog forwarding.

argument "-rollup_top_k" does not work

In ktranslate v2 I was not able to get Top K results using argument -rollup_top_k <value>. I always get all the results, I have tried with topk values 5, 10 and 15.

Make the discovery process more puppet friendly.

You say to edit snmp-base.yaml, which we construct using a puppet template. The discovery process then overwrites that file when it runs, so puppet is confused when it maintains the snmp-base.yaml file. It would be nicer to have an output yaml file that the discovery process then writes to be used by the ktranslate container and the base yaml left alone. If this is currently possible then the documentation should give this as an option.

FR: Decouple user_tags from snmp-base.yaml

As a user, I need the ability to supply an external file to map user_tags to devices in my snmp-base.yaml configuration file. This would involve matching tags to devices based on defined rules that accept wildcards to align on attributes on the device config element.

e.g.

snmp-base.yaml:

devices:
  router1:
    device_name: router1-core
    ...
    user_tags: @user_tags.yaml

user_tags.yaml

match_rules:
  - device_name: *core*
  - provider: kentik-router
user_tags:
  - environment: production
  - location: dc01

Enable flag for sending data to New Relic's FedRAMP authorized endpoints

As an engineer of a Federal institution, I would need to comply with the mandate to use FedRAMP Authorized vendor solutions. For New Relic, this would require sending data to our FedRAMP endpoints.

https://docs.newrelic.com/docs/security/security-privacy/compliance/fedramp-compliant-endpoints/#data-ingest-apis

Just as there is a -region=US|EU flag, having a -fedramp=true to force all data to those compliant endpoints would be the desired outcome.

missing or wrong info in JSON kflow represenation

Below is the JSON format of Kflows that are received from Kentik.

Field device_name is empty
There are no fields for the following enrichment information:
- Port name (port = device interface)
- Port description
- Port connectivity type
- Port network boundary
Some integer value is shown instead of route prefix:
- Src_route_prefix
- Dst_route_prefix

{ 
"timestamp": 1624824853, 
"dst_as": 65500, 
"dst_geo": "DE", 
"header_len": 0, 
"in_bytes": 44, 
"in_pkts": 1, 
"input_port": 551, 
"ip_size": 0, 
"dst_addr": "193.177.129.11", 
"src_addr": "104.43.218.215", 
"l4_dst_port": 0, 
"l4_src_port": 2048, 
"output_port": 549, 
"protocol": "ICMP", 
"sampled_packet_size": 44, 
"src_as": 8075, 
"src_geo": "US", 
"tcp_flags": 0, 
"tos": 0, 
"vlan_in": 0, 
"vlan_out": 0, 
"next_hop": "", 
"mpls_type": 0, 
"out_bytes": 0, 
"out_pkts": 0, 
"tcp_rx": 0, 
"src_flow_tags": "", 
"dst_flow_tags": "", 
"sample_rate": 32, 
"device_id": 1171, 
"device_name": "", 
"company_id": 1013, 
"dst_bgp_as_path": "", 
"dst_bgp_comm": "", 
"src_bpg_as_path": "", 
"src_bgp_comm": "", 
"src_nexthop_as": 174, 
"dst_nexthop_as": 65500, 
"src_geo_region": "Iowa", 
"dst_geo_region": "-", 
"src_geo_city": "Des Moines", 
"dst_geo_city": "-", 
"dst_nexthop": "193.177.128.9", 
"src_nexthop": "149.29.8.217", 
"src_route_prefix": 1747451904, 
"dst_route_prefix": 3249635595, 
"src_second_asn": 8075, 
"dst_second_asn": 0, 
"src_third_asn": 0, 
"dst_third_asn": 0, 
"src_eth_mac": "00:00:00:00:00:00:00:00", 
"dst_eth_mac": "00:00:00:00:00:00:00:00", 
"input_int_desc": "", 
"output_int_desc": "", 
"input_int_alias": "", 
"output_int_alias": "", 
"input_int_capacity": 0, 
"output_int_capacity": 0, 
"input_int_ip": "", 
"output_int_ip": "", 
"custom_str": { 
"1036": "", 
"1037": "AzureCloud.centralus", 
"src_as_name": "MICROSOFT-CORP-MSN-AS-BLOCK", 
"dst_as_name": "-Private", 
"1435": "inbound", 
"395": "ICMP", 
"1035": "azure", 
"1038": "" 
}, 

custom_bigint": { 
"129": 0, 
"130": 0 
}, 
"eventType": "KFlow", 
"provider": "kentik-router" 
},

Discovery against a Linux container running snmpd returned kentik-pdu for 1.3.6.1.4.1.8072.3.2.10

Is there a reason for kentik-pdu being flagged during discover for http://oid-info.com/get/1.3.6.1.4.1.8072.3.2.10?

For context, the docker container can be replicated using

docker run -d --name snmpd1
--privileged
-p 161:161/udp
-v /:/rootfs:ro
-v /etc/localtime:/etc/localtime:ro
crazymax/snmpd:latest

SNMP query not performed for other MIBs

How can I perform query for other MIBs, except IF-MIB?

I have tried to add them to the snmp-base.yaml but I don't see any results.
The file content that I use is below. Other MIBs are supported and they return values.

devices:
  dpajin_laptop:
    device_ip: 192.168.0.130
    oid: .1.3.6.1.4.1.8072.3.2.10
    snmp_comm: public
    user_tags:
      key1: gggggg
      key2: ffffff
trap:
  listen: 127.0.0.1:162
  community: public
  version: ""
  transport: ""
discovery:
  cidrs:
  - 192.168.0.0/26
  debug: false
  ports:
  - 161
  default_communities:
  - public
  default_v3: null
  add_devices: true
  add_mibs: false
  threads: 4
  replace_devices: true
global:
  poll_time_sec: 60
  drop_if_outside_poll: false
  mib_profile_dir: /etc/profiles
  pymib_profile_dir: ""
  mibs_db: /etc/mib.db
  mibs_enabled:
  - IP-MIB
  - HOST-RESOURCES-MIB
  - IF-MIB
  timeout_ms: 3000
  retries: 1

FR: Support for response time metric during SNMP polling

As a user, I need collection of a response_time metric that utilizes ICMP to measure round-trip time (RTT) in milliseconds between ktranslate and my target device(s). This will provide functional parity with the network monitoring tools I am used to using.

Request this be configurable at both the global and device level:

global.response_time: false (default)

devices.[].response_time: false (default)

Discovery attempt against the device with missing SysOID crashes process

Attempted to discovery some custom appliance and got an error.
After some additional troubleshooting, it seems that the cause is missing SysOID value:

ktranslate [Debug] KTranslate pdu: {Name:.1.3.6.1.2.1.1.1.0 Type:OctetString Value:[65 99 99 101 115 115 32 71 97 116 101 119 97 121 32 83 101 99 117 114 105 116 121 32 65 112 112 108 105 97 110 99 101]}
2021-09-23T23:48:59.193 ktranslate [Debug] KTranslate pdu: {Name:.1.3.6.1.2.1.1.2.0 Type:NoSuchObject Value:<nil>}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x98 pc=0xbdf52a]

goroutine 49 [running]:
github.com/kentik/ktranslate/pkg/inputs/snmp.doubleCheckHost(0xc00157256c, 0x4, 0x4, 0x2825d28, 0x0, 0x0, 0x2825d28, 0x0, 0x0, 0x2825d28, ...)
        /home/runner/work/ktranslate/ktranslate/pkg/inputs/snmp/disco.go:224 +0x86a
created by github.com/kentik/ktranslate/pkg/inputs/snmp.Discover
        /home/runner/work/ktranslate/ktranslate/pkg/inputs/snmp/disco.go:107 +0xdd8

Not sure how this should be handled, but it should not crash the process.

Missing EU region instructions

To send data to the EU region, the following flag need to be added to the docker command:
-nr_region=EU

Complete command:

docker run -d --name ktranslate-snmp --restart unless-stopped --net=host \
  -v `pwd`/snmp-base.yaml:/snmp-base.yaml \
  -e NEW_RELIC_API_KEY=$NR_INSIGHTS_INSERT_KEY  \
  kentik/ktranslate:v2 \
    -snmp /snmp-base.yaml \
    -compression=gzip \
    -sinks=new_relic \
    -nr_account_id=$NR_ACCOUNT_ID \
    -log_level=info \
    -metrics=jchf \
    -tee_logs=true \
    -max_flows_per_message=100 \
    -format=new_relic_metric \
    -nr_region=EU

[Bug] match_attributes filter is not working

match_attributes is not working for the following filter, per https://play.golang.org/p/p-4mLKnChmS this filter should be excluding these metrics. AFAIK this pull request should have allowed this to work #134

match_attributes:
   entity_name: Sensor

feature - using rollup name as a measurement name for influxdb sink

For InfluxDB sink, all rollups data will be saved in the same measurement named "kflow".
This makes it less usable in case of usage of multiple rollups.

For example with two rollups:

-rollups sum,src_addr_grouping,in_bytes,src_addr,protocol -rollups sum,dst_addr_grouping,in_bytes,dst_addr -rollup_key_join "|" 
 

> select * from "kflow" order by time desc limit 1000 
name: kflow 
time                           dst_addr        in_bytes src_addr:protocol 
----                           --------        -------- ----------------- 
2021-06-28T08:18:16.359403447Z 95.179.240.242  100       
2021-06-28T08:18:16.359403447Z 91.231.236.41   84        
2021-06-28T08:18:16.359403447Z 91.220.190.245  1002      
2021-06-28T08:18:16.359403447Z 80.81.195.249   607       
2021-06-28T08:18:16.359403447Z 8.211.41.253    119       
2021-06-28T08:18:16.359403447Z 79.99.199.251   14276     
2021-06-28T08:18:16.359403447Z 69.166.230.253  75        
2021-06-28T08:18:16.359403447Z 45.154.168.2    40        
2021-06-28T08:18:16.359403447Z 45.154.168.1    40        
2021-06-28T08:18:16.359403447Z 37.10.41.2      104       
2021-06-28T08:18:16.359403447Z 37.10.41.1      208       
2021-06-28T08:18:16.359403447Z 37.10.40.2      260       
2021-06-28T08:18:16.359403447Z 37.10.40.1      52        
2021-06-28T08:18:16.359403447Z 37.10.38.2      676       
2021-06-28T08:18:16.359403447Z 37.10.38.1      208       
2021-06-28T08:18:16.357938693Z                 128      20.151.6.228|TCP 
2021-06-28T08:18:16.357938693Z                 112      40.69.138.19|UDP 
2021-06-28T08:18:16.357938693Z                 6305164  89.21.210.84|UDP 
2021-06-28T08:18:16.357938693Z                 76       95.179.225.52|TCP 
2021-06-28T08:18:16.357938693Z                 29600    98.102.175.154|TCP 
2021-06-28T08:18:16.357938693Z                 256      40.123.207.90|UDP 
2021-06-28T08:18:16.357938693Z                 40       197.44.141.190|TCP 
2021-06-28T08:18:16.357938693Z                 28       52.242.38.85|UDP 
2021-06-28T08:18:16.357938693Z                 28       194.182.182.52|UDP 
2021-06-28T08:18:16.357938693Z                 168      52.242.38.85|TCP 
2021-06-28T08:18:16.357938693Z                 608      194.182.182.52|TCP 
2021-06-28T08:18:16.357938693Z                 40       39.105.125.244|TCP 
2021-06-28T08:18:16.357938693Z                 56       194.182.178.25|UDP

you will have a single measurement with the different tags and the same field. This will be even worse if having multiple rollups with different metrics and different dimensions.

I would suggest that it might be better that the rollup name is used as measurement, so that each rollup is in the different measurement, resulting that each measurement can have consistent DB "schema"

Since JSON format provides field "count", why not adding count as the value in DB?
Is the "in_bytes" value expanded with the sampling rate?

Thanks!

prometheus sink fails when using two rollups with different dimension but the same metric

One rollup: OK

dpajin@dpajin-t14:~/Documents/kentik/uber$ curl -i http://127.0.0.1:8084/metrics 
HTTP/1.1 200 OK 
Content-Type: text/plain; version=0.0.4; charset=utf-8 
Date: Mon, 28 Jun 2021 08:40:20 GMT 
Transfer-Encoding: chunked 
  
# HELP KFlow:in_bytes  
# TYPE KFlow:in_bytes counter 
KFlow:in_bytes{protocol="ICMP",src_addr="13.49.70.51"} 44 
KFlow:in_bytes{protocol="ICMP",src_addr="13.71.22.26"} 88 
KFlow:in_bytes{protocol="ICMP",src_addr="15.161.94.26"} 44 
KFlow:in_bytes{protocol="ICMP",src_addr="164.90.187.204"} 88 
KFlow:in_bytes{protocol="ICMP",src_addr="172.104.224.193"} 44 
KFlow:in_bytes{protocol="ICMP",src_addr="193.177.129.11"} 176 
KFlow:in_bytes{protocol="ICMP",src_addr="20.194.173.78"} 44 
KFlow:in_bytes{protocol="ICMP",src_addr="20.90.85.170"} 44 
KFlow:in_bytes{protocol="ICMP",src_addr="20.94.208.125"} 44 
KFlow:in_bytes{protocol="ICMP",src_addr="212.80.207.250"} 72 
KFlow:in_bytes{protocol="ICMP",src_addr="34.87.71.235"} 84

Two rollups with different dimension but the same metric fails

It seems that the problem is with using the series for the rollup. According to the convention applied the name of the series would be the same "Kflow:in_bytes", but with the different labels that those already used and that is the reason why it fails.
I would suggest to use user-defined rollup name for series instead of current one: so for example "Kflow:src_addr_grouping" or just "src_addr_grouping".
Then it is up to user to ensure that the rollup name is unique.

command: -file_on -format prometheus -sinks prometheus -prom_listen=:8084 -file_out /ktranslate/logs -listen 0.0.0.0:13000 -rollups sum,src_addr_grouping,in_bytes,src_addr,protocol -rollups sum,dst_addr_grouping,in_bytes,dst_addr -rollup_key_join "|" -rollup_interval 30 -rollup_top_k 10 
 
 
dpajin@dpajin-t14:~/Documents/kentik/uber$ docker-compose logs ktranslate 
Attaching to ktranslate 
ktranslate    | 2021-06-28T08:35:10.442 ktranslate [Info] ktranslate version dirty-6878b373dab54217407d09e830dae645dd784272 starting 
ktranslate    | 2021-06-28T08:35:10.442 ktranslate [Info] ktranslate olly: disabled 
ktranslate    | 2021-06-28T08:35:10.442 ktranslate [Info] ktranslate Setting metrics: syslog 
ktranslate    | 2021-06-28T08:35:10.442 ktranslate [Error] ktranslate Could not start syslog metrics: Unix syslog delivery error 
ktranslate    | 2021-06-28T08:35:10.448 ktranslate [Info] KTranslate Turning on 1 processing threads 
ktranslate    | 2021-06-28T08:35:10.448 ktranslate [Info] sumRollup New Rollup: KFlow:in_bytes:src_addr:protocol -> Name: src_addr_grouping, Method: sum, Adjust Sample Rate: false, Metric: [in_bytes], Dimensions: [src_addr protocol], value of 0.000000 
ktranslate    | 2021-06-28T08:35:10.448 ktranslate [Info] sumRollup New Rollup: KFlow:in_bytes:dst_addr -> Name: dst_addr_grouping, Method: sum, Adjust Sample Rate: false, Metric: [in_bytes], Dimensions: [dst_addr], value of 0.000000 
ktranslate    | 2021-06-28T08:35:10.544 ktranslate [Info] KTranslate Loaded Code2city from /etc/code2city.mdb 
ktranslate    | 2021-06-28T08:35:10.601 ktranslate [Info] KTranslate Loaded Code2Region from /etc/code2region.mdb 
ktranslate    | 2021-06-28T08:35:10.602 ktranslate [Info] KTranslate Loaded 128 custom mappings 
ktranslate    | 2021-06-28T08:35:10.604 ktranslate [Info] KTranslate Loaded 12 udr and 23 subtype mappings with 347 udrs total 
ktranslate    | 2021-06-28T08:35:11.777 ktranslate [Info] KTranslate Loaded 978787 asn cidrs with 103246 names 
ktranslate    | 2021-06-28T08:35:11.777 ktranslate [Info] KTranslate Using sink prometheus 
ktranslate    | 2021-06-28T08:35:11.777 ktranslate [Info] KTranslate Version dirty-6878b373dab54217407d09e830dae645dd784272; Build un-dated build 
ktranslate    | 2021-06-28T08:35:11.777 ktranslate [Info] KTranslate Running 
ktranslate    | 2021-06-28T08:35:11.777 ktranslate [Info] baseserver.metaserver Listening on [::]:8083 
ktranslate    | 2021-06-28T08:35:11.814 ktranslate [Info] promSink Prometheus listening on :8084 
ktranslate    | 2021-06-28T08:35:11.815 ktranslate [Info] KTranslate API server running 1 devices 
ktranslate    | 2021-06-28T08:35:11.815 ktranslate [Info] KTranslate Loaded 1 Kentik devices via local file 
ktranslate    | 2021-06-28T08:35:11.815 ktranslate [Info] KTranslate System running with format prometheus, compression none, max flows: 10000, sample rate 1:1 after 1 
ktranslate    | 2021-06-28T08:35:11.815 ktranslate [Info] KTranslate sendToSinks base Online 
ktranslate    | 2021-06-28T08:35:11.815 ktranslate [Info] KTranslate sendToSink 0 Online 
ktranslate    | 2021-06-28T08:35:11.815 ktranslate [Info] KTranslate do sendToKTranslate Starting 
ktranslate    | 2021-06-28T08:35:11.815 ktranslate [Info] KTranslate monitorInput 0 Starting 
ktranslate    | 2021-06-28T08:35:11.816 ktranslate [Info] KTranslate Setting up HTTP system on 0.0.0.0:13000/chf 
ktranslate    | panic: a previously registered descriptor with the same fully-qualified name as Desc{fqName: "KFlow:in_bytes", help: "", constLabels: {}, variableLabels: [dst_addr]} has different label names or a different help string 
ktranslate    |  
ktranslate    | goroutine 76 [running]: 
ktranslate    | github.com/prometheus/client_golang/prometheus.(*Registry).MustRegister(0xc000096960, 0xc00301dde0, 0x1, 0x1) 
ktranslate    | /home/pye/dev/go/pkg/mod/github.com/prometheus/[email protected]/prometheus/registry.go:403 +0xb7 
ktranslate    | github.com/prometheus/client_golang/prometheus.MustRegister(...) 
ktranslate    | /home/pye/dev/go/pkg/mod/github.com/prometheus/[email protected]/prometheus/registry.go:178 
ktranslate    | github.com/kentik/ktranslate/pkg/formats/prom.(*PromFormat).Rollup(0xc0015ea000, 0xc00244e800, 0x61, 0x61, 0x0, 0x0, 0x0) 
ktranslate    | /home/pye/dev/go/src/github.com/kentik/ktranslate/pkg/formats/prom/prom.go:161 +0x465 
ktranslate    | github.com/kentik/ktranslate/pkg/cat.(*KTranslate).sendToSinks(0xc0002f14a0, 0x192a848, 0xc001f4ab40, 0x0, 0x0) 
ktranslate    | /home/pye/dev/go/src/github.com/kentik/ktranslate/pkg/cat/kkc.go:584 +0x402 
ktranslate    | github.com/kentik/ktranslate/pkg/cat.(*KTranslate).Run(0xc0002f14a0, 0x192a848, 0xc001f4ab40, 0x0, 0x0) 
ktranslate    | /home/pye/dev/go/src/github.com/kentik/ktranslate/pkg/cat/kkc.go:969 +0x710 
ktranslate    | github.com/kentik/ktranslate/pkg/eggs/baseserver.(*BaseServer).Run.func1(0x19301d8, 0xc0002f14a0, 0xc000098d80, 0x192a848, 0xc001f4ab40) 
ktranslate    | /home/pye/dev/go/src/github.com/kentik/ktranslate/pkg/eggs/baseserver/baseserver.go:253 +0x70 
ktranslate    | created by github.com/kentik/ktranslate/pkg/eggs/baseserver.(*BaseServer).Run 
ktranslate    | /home/pye/dev/go/src/github.com/kentik/ktranslate/pkg/eggs/baseserver/baseserver.go:251 +0x318

-snmp_walk_oid flag is not supported in the latest image (v2)

Running container for an SNMP discovery as written results in an error. Forcing image to kentik/ktranslate:latest works

If latest is the preferred route, docs and wiki should be updated

docker run -ti --name ktranslate-discovery --rm --net=host \
  -v `pwd`/snmp-base.yaml:/snmp-base.yaml \
  kentik/ktranslate:v2 \
    -snmp /snmp-base.yaml \
    -log_level info \
    -snmp_do_walk my_device \
    -snmp_walk_oid .1.3.6.1

Disable Trap config on Flow containers

As a user, I need ktranslate to intelligently disable setting an SNMP Trap listening port on containers setup for flow collection using the nr1.flow argument so I can easily recycle a single snmp-base.yaml file for all of my containers without experiencing unnecessary bind errors.

SNMP Quickstart ktranslate docker commands fail if you have spaces in file path

SNMP collection: ifOperStatus and ifAdminStatus wrong values

below is the example of the values received when running ktranslate as SNMP collector:
The values of ifOperStatus and ifAdminStatus are always 0, although the value should be 1 or 2 or possibly some other value.
I also notice that other OID values are not the exact as what I get from snmpwalk, so I concluded that since you have uptime, you are treating all OIDs as counters and supply only the difference (increase) from the previously collected value.

I guess that the case with ifOperStatus and ifAdminStatus, since those values are not changing, they are always 0.
Obviously your definition of IF-MIB in snmp profiles YAML files is missing the value type. Not all the OID are counters, some values are gauge, some values are timeticks and so on... this should be also configurable in YAML files.

        "custom_bigint": {
            "ifInErrors": 0,
            "ifInDiscards": 0,
            "ifHCOutMulticastPkts": 0,
            "Uptime": 6006,
            "ifHCInMulticastPkts": 0,
            "ifAdminStatus": 0,
            "ifOutErrors": 0,
            "ifHCInUcastPkts": 324,
            "ifOperStatus": 0,
            "ifHCInBroadcastPkts": 0,
            "ifHCOutOctets": 89290,
            "ifOutDiscards": 0,
            "ifHCOutUcastPkts": 324,
            "ifHCOutBroadcastPkts": 0,
            "ifHCInOctets": 69833
        },
        "eventType": "KSnmpInterfaceMetric",
        "provider": "kentik-router"
    },

In IP-MIB yaml I see there is some kind of mapping between values and strings, but this is only in IP-MIB and under the section metric tags. I have tried to do similar for symbols in if-mib.yml (see below), but so I guess it is not implementable on values.
It might be good to have such an option for values, there are other OIDs which have mapping between integer values and the meaning, for example bgpPeerState.

  - OID: 1.3.6.1.2.1.2.2.1.7
    name: ifAdminStatus
    mapping:
      1: up
      2: down
  - OID: 1.3.6.1.2.1.2.2.1.8
    name: ifOperStatus
    mapping:
      1: up
      2: down

Global Config option for SNMP v3

As a user, I need the ability to setup a single SNMP v3 config in the global section of snmp-base.yaml which supports retrieving values from host ENV vars. This will allow me to more easily control my large-scale deployments of ktranslate while still maintaining the ability to override the global settings on a "per device" basis.

Example:

devices:
  deviceOne:
    ...
    snmp_v3: @global_v3
  deviceTwo:
    ...
    snmp_v3:
      user_name: myUser123
      authentication_protocol: NoAuth
      privacy_protocol: AuthNoPriv

global:
  ...
  global_v3:
    user_name: ${V3_USER}
    authentication_protocol: ${V3_AUTH_PROTOCOL}
    authentication_passphrase: ${V3_AUTH_PASS}
    privacy_protocol: ${V3_PRIVACY_PROTOCOL}
    privacy_passphrase: ${V3_PRIVACY_PASS}
    context_engine_id: ${V3_CONTEXT_ENGINE_ID}
    context_name: ${V3_CONTEXT_NAME}

Randomize metalisten port for non-discovery containers too

As reported here, multiple containers on the same host causes a collision on port 8083.

Is there a risk to setting metalisten="" to randomize the port for non-discovery (SNMP and flow) containers too?

[Feature Request] Kentik Discovery - Device Uniqueness

Within our enterprise we have devices that respond to SNMP on multiple interfaces, this becomes a challenge when using discovery due to it finding the same device multiple times. The feature I am requesting is to use the SNMP EngineID for device uniqueness for Kentik Discovery, this would eliminate duplicate devices during the discovery process.

Note there are some caveats

SNMP EngineID is only available via SNMP Version 3
When Cisco ASA devices are configured for HA, they will report back the exact same EngineID

Example response from a device responding to SNMP on multiple interfaces

$ snmpwalk -v 3 10.20.30.40 .1.3.6.1.6.3.10.2.1.1.0
SNMP-FRAMEWORK-MIB::snmpEngineID.0 = Hex-STRING: 80 00 00 09 03 00 A4 B4 39 74 87 80 

$ snmpwalk -v 3 10.20.40.10 .1.3.6.1.6.3.10.2.1.1.0
SNMP-FRAMEWORK-MIB::snmpEngineID.0 = Hex-STRING: 80 00 00 09 03 00 A4 B4 39 74 87 80

SNMP v3 Traps support

As a user, I need v3 support for the Traps listener component of ktranslate so that I can forward SNMP Traps from my modern infrastructure to New Relic.

Prometheus: Rollup not reset after each dump interval ?

This is the command i use
command: "-format prometheus -kentik_email [email protected] -format_rollup prometheus -sinks prometheus -prom_listen=:8084 -rollup_interval 60 -rollups s_sum,in_bytes,in_bytes,device_name,src_as,dst_as,protocol,application,src_geo,dst_geo,input_port -rollups s_sum,in_pkts,in_pkts,device_name,src_as,dst_as,protocol,application,src_geo,dst_geo,input_port"

And instead of the traffic at each point, I have the sum of traffic starting from ktranslate launch.

avro rollup schema potential issue with multiple rollups

I found somewhere reference to AVRO schema pointing to the file:
https://github.com/kentik/ktranslate/blob/main/pkg/formats/avro/avro.go#L24

The schema for rollup includes only "dimension" and "metric" fields. I guess this makes it unusable for the scenario when using multiple rollups?

I guess it would be good if schema includes also:

interval
name (rollup name)
count value
maybe provider?

Maybe it would be convenient to provide as arguments separate kafka topic names for rollup results and alpha flows in case of sending both with argument -rollup_and_alpha?

Spaces in filepath of mib_db / mib_profile_dir cause KTranslate to fail

Discovery incorrectly deduplicates where device name is the same

In a test environment, a docker container (tandrup/snmpsim) generates a synthetic Cisco 3750 response to the read-string cisco_16_switch

When spawning multiple instances of the container and running a discovery, only a single device is added to the snmp-base.yaml file even though the debug logs indicate 6 devices were detected.

2021-08-01T23:41:28.837 ktranslate [Info] KTranslate Checked 256 ips in 3.029278324s
2021-08-01T23:41:28.837 ktranslate [Info] KTranslate Adding 0 new snmp devices to the config, 6 replaced from 6
2021-08-01T23:41:28.838 ktranslate [Info] ktranslate service.Close() called, now waiting for things to settle

The YAML file is populated with an entry like

Profiler3750:
device_name: Profiler3750
device_ip: 10.10.0.14

By changing both instances of Profiler3750 to Switch14 and re-running the discovery, a new instance of the switch from one of the other containers will be added.

Expectation is that device_ip + device_name would be used to define the uniqueness of a device.