Alerting

Problem with sending SNMP traps to other systems

New Member

I tried to set up an alert Script in Pearl sending SNMP traps to other host like here. I Changed the Host:Port to my values, but when i try to run this script i got this error:


No log handling enabled - turning on stderr logging

1.3.6.1.4.1.27389.1.1: Value out of range (1.3.6.1.4.1.27389.1.2)


Im not very good in Perl, so how can I fix this problem?

0 Karma

Communicator

Hi, depending on the distribution used some packages must be installed to make use of snmptrap:

net-snmp
net-snmp-libs
net-snmp-utils
lm_sensors-libs

Which distribution you using?

Path Finder

Rodrigo -

Thanks for the assistance, it turns out that it was a net-snmp dependency issue on two of our three search heads. I am still seeing the error above when I manually execute the script, but when the script is fired as part of a Splunk alarm, it works properly.

Thanks for your help!
JB

0 Karma

Communicator

Can you post the code in PERL?

Rodrigo Ribeiro

Path Finder

Rodrigo -

I am having the exact same problem as the poster above, using the Splunk-provided SNMP perl script (pasted below).

#!/usr/bin/perl
#
# sendsnmptrap.pl: A script to enable using Splunk alerts to send an SNMP trap.
#
# Modify the following code as necessary for your local environment.
#
$hostPortSNMP = "qa-tm1:162"; # Host:Port of snmpd or other SNMP trap handler
$snmpTrapCmd = "/usr/bin/snmptrap"; # Path to snmptrap, from http://www.net-snmp.org
$TRAPOID = "1.3.6.1.4.1.27389.1.2"; # Object IDentifier for traps/notifications 
$OID = "1.3.6.1.4.1.27389.1.1"; # Object IDentifier for objects, Splunk Enterprise OID is 27389
# Parameters passed in from the alert.
# $1-$9 is the positional parameter list. $ARGV[0] starts at $1 in Perl.
$searchCount = $ARGV[0]; # $1 - Number of events returned
$searchTerms = $ARGV[1]; # $2 - Search terms
$searchQuery = $ARGV[2]; # $3 - Fully qualified query string
$searchName = $ARGV[3]; # $4 - Name of saved search
$searchReason = $ARGV[4]; # $5 - Reason saved search triggered
$searchURL = $ARGV[5]; # $6 - URL/Permalink of saved search
$searchTags = $ARGV[6]; # $7 - Always empty as of 4.1
$searchPath = $ARGV[7]; # $8 - Path to raw saved results in Splunk instance (advanced)

# Send trap, with the parameter list above mapping down into the OID.
$cmd = qq/$snmpTrapCmd -v 2c -c public $hostPortSNMP '' $TRAPOID $OID.1 i $searchCount $OID.2 s "$searchTerms" $OID.3 s "$searchQuery" $OID.4 s "$searchName" $OID.5 s "$searchReason" $OID.6 s "$searchURL" $OID.7 s "$searchTags" $OID.8 s "$searchPath"/;
 system($cmd);

If you could provide any assistance I would greatly appreciate it.

Thanks!
JB

0 Karma