All Apps and Add-ons
Highlighted

How to install the SNMP Modular Input add-on on a Windows universal forwarder?

Path Finder

Hi all,

I am running the SNMP Modular Input add-on. It works fine when installed on an indexer, but I can not get it up & running on a universal forwarder (Windows). I am only interested in SNMP traps and I did the configuration accordingly.

What I did is:
- Install the universal forwarder and added the forward-server. The defined indexer receives information from the forwarder in the internal index.
- Downloaded the snmp
ta and copied it to ~\SplunkUniversalForwarder\etc\apps (on the indexer I installed it via die "appstore").
- Created inputs.conf at ~\SplunkUniversalForwarder\etc\apps\local\ and added the and added the proper inputs config - I defined 2222 as snmp port.
- Restart splunk service.
- Send snmp traps to

Splunk is 6.1.2 - I am used to 6.2.4 and really missing the forwarder inputs configuration in the web ui 🙂

Can anybody tell me what I did wrong ??

Thx a lot !

Edit: Forgot to mention - I don't even see port 2222 (the port snmp traps should be received) in netstat -an (on the universal forwarder machine).

0 Karma
Highlighted

Re: How to install the SNMP Modular Input add-on on a Windows universal forwarder?

Ultra Champion

Error log messages ? Search via : index=_internal ExecProcessor error snmp.py

Python 2.7 runtime installed on the Forwarder OS ?

0 Karma
Highlighted

Re: How to install the SNMP Modular Input add-on on a Windows universal forwarder?

Path Finder

Actually no error messages, port is in use now. But nothing is forwarded to the indexer.
Do I have to do a different config in the outputs.conf than created by ./splunk add foward-server ????

Thx !

0 Karma
Highlighted

Re: How to install the SNMP Modular Input add-on on a Windows universal forwarder?

Ultra Champion

Shouldn't have to change outputs.conf.

What does your inputs.conf look like ?

0 Karma
Highlighted

Re: How to install the SNMP Modular Input add-on on a Windows universal forwarder?

Path Finder

Ok works on a Linux machine.
I had the following issues:
- On the Linux forwarder I had no pySNMP installed.
- I had to modify the scripts a little bit.
- Had to use a port > 1024 on linux (don't want to provide the necessary privileges to run on a well known port).

A good description can be found here - basically thats what I did to get it up&running:
http://www.georgestarcher.com/splunk-capturing-smnp-traps-on-a-universal-forwarder/

My config loogs like this - as you can see, I am just interested in traps.

[snmp://SNMP_TestInput]
communitystring = public
do_bulk_get = 0
do_get_subtree = 0
index = test
ipv6 = 0
snmp_mode = traps
snmp_version = 2C
sourcetype = snmpTrap
split_bulk_output = 0
trap_host = <YOUR-IP>
trap_port = <YOUR-PORT>
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol

Greets and Thank you all

edit: Working on Windows as well (at least the Traps) - i just had to adapt the snmp.py file and change the hardcoded path elements to

egg_dir = SPLUNK_HOME + "\\etc\\apps\\snmp_ta\\bin\\"
mib_egg_dir = SPLUNK_HOME +  "\\etc\\apps\\snmp_ta\\bin\\mibs"
sys.path.append(mib_egg_dir + "\\"+filename) 

Don't forget to define SPLUNK_HOME as environment variable!

View solution in original post

0 Karma