Tryin to setup SNMP_TA to monitor a port for SNMP traps being sent. When looking at which ports are listening using the command "netstat -plunt", I'm never seeing 1056 show up as listening. 1056 is the port I have in my input, which looks like this:
[snmp://pnet]
activation_key = XXXXXXXXXXXXXXXX
communitystring = portal
do_bulk_get = 0
do_get_subtree = 0
ipv6 = 0
snmp_mode = traps
snmp_version = 1
sourcetype = snmp
index = snmptrap
split_bulk_output = 0
trap_port = 1056
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
These are the errors in the internal log
12-17-2018 10:27:03.441 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" ValueError: Empty module name
12-17-2018 10:27:03.441 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" File "/opt/splunk01/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/smi/builder.py", line 103, in _init
12-17-2018 10:27:03.441 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" File "/opt/splunk01/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/smi/builder.py", line 45, in init
12-17-2018 10:27:03.441 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" File "/opt/splunk01/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/smi/builder.py", line 199, in setMibSources
12-17-2018 10:27:03.441 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" mibBuilder.setMibSources(*mibSources)
12-17-2018 10:27:03.440 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" File "/opt/splunk01/etc/apps/snmp_ta/bin/snmp.py", line 498, in do_run
12-17-2018 10:27:03.440 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" do_run()
12-17-2018 10:27:03.440 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" File "/opt/splunk01/etc/apps/snmp_ta/bin/snmp.py", line 799, in
12-17-2018 10:27:03.440 -0600 ERROR ExecProcessor - message from "python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py" Traceback (most recent call last):
12-17-2018 10:27:01.159 -0600 INFO ExecProcessor - New scheduled exec process: python /opt/splunk01/etc/apps/snmp_ta/bin/snmp.py
Looks to be a problem with the MIB Names input field. That field is not required but the errors, I think, are pointing to that and thinking it's empty. Got it work once but haven't been able to do it again. There is this info in the release notes:
1.2.5
Fixed Bug in UI that prevented declaring custom MIB Names when in listen traps mode
This was an earlier version so it indicates it's fixed.
I've tried to listen on a port above 1024 without any custom MIB's just to see if the port gets opened but it never does and throws the same errors with an empty MIB Names field as well.
I've removed the BMC MIB and still the same thing. I've downloaded the package again and did a clean install and set the input up again and still get the same thing.
Is there any assumptions on the directory structure or does it require running as root?
Perhaps there is a problem with your BMC MIB python you generated.Try removing it.Does the error go away ?