https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10079#M266 <P>Previously, snmptrapd would accept all incoming notifications, and log them automatically (even if no explicit configuration was provided). Starting with snmptrapd release 5.3, access control checks will be applied to all incoming notifications. If snmptrapd is run without a suitable configuration file (or equivalent access control settings), then such traps WILL NOT be processed. The simplest solution is to add disableAuthorization yes to snmptrapd.conf.</P> Fri, 25 Jun 2010 04:23:31 GMT Dan 2010-06-25T04:23:31Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10077#M264 <P>I found these basic instructions in the Splunk docs - <A href="http://www.splunk.com/base/Documentation/4.0.9/Admin/SendSNMPeventstoSplunk" rel="nofollow">http://www.splunk.com/base/Documentation/4.0.9/Admin/SendSNMPeventstoSplunk</A> - but I'm not familiar with snmptrapd. Are there instructions anywhere on how to configure it to write to a file?</P> Tue, 09 Mar 2010 19:19:14 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10077#M264 Mick 2010-03-09T19:19:14Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10078#M265 <P>The example writes the traps to the specified file.</P> <P><CODE># snmptrapd -Lf /var/run/snmp-traps</CODE></P> <P>The output will be in /var/run/snmp-traps.</P> <P>This document is mostly an example of how you can wire in arbitrary data sources to splunk. The point is anything that can be caused to produce events in log file format can be fed into splunk. </P> <P>snmptrapd itself is part of the net-snmp project: <A href="http://net-snmp.sourceforge.net/" rel="nofollow">http://net-snmp.sourceforge.net/</A> If you're installing this on your system, refer first to any local documentation for your distribution's packaging of the tool, and after that, the documentation here: <A href="http://net-snmp.sourceforge.net/docs/man/snmptrapd.html" rel="nofollow">http://net-snmp.sourceforge.net/docs/man/snmptrapd.html</A></P> <P>The default behavior, on UNIX, seems to be to log to syslog, while on Windows to log to the Event Log. This means that if Splunk is configured to monitor your syslog logs, or your winevent log, you will be acquiring the data. You could alternatively configure snmptrapd to write to a specific file. The manpage documents this is accomplished with -o filename </P> Wed, 10 Mar 2010 05:59:49 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10078#M265 jrodman 2010-03-10T05:59:49Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10079#M266 <P>Previously, snmptrapd would accept all incoming notifications, and log them automatically (even if no explicit configuration was provided). Starting with snmptrapd release 5.3, access control checks will be applied to all incoming notifications. If snmptrapd is run without a suitable configuration file (or equivalent access control settings), then such traps WILL NOT be processed. The simplest solution is to add disableAuthorization yes to snmptrapd.conf.</P> Fri, 25 Jun 2010 04:23:31 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10079#M266 Dan 2010-06-25T04:23:31Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10080#M267 <P>Can you stuff an exaample in <A href="http://www.splunk.com/base/Documentation/latest/Admin/SendSNMPeventstoSplunk">http://www.splunk.com/base/Documentation/latest/Admin/SendSNMPeventstoSplunk</A></P> Sat, 26 Jun 2010 04:08:00 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10080#M267 jrodman 2010-06-26T04:08:00Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10081#M268 <P>Dan</P> <P>Could you explain where and how to add disableAuthorization Yes to Snmptrapd.conf ?</P> Thu, 07 Jul 2016 16:39:54 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-index-SNMP-traps-with-Splunk/m-p/10081#M268 vr2312 2016-07-07T16:39:54Z