Is anyone else getting a lot of "Attack" messages ...

All Apps and Add-ons

In the /var/log/messages, there are a lot of "Attack" messages.
I guess, it was made by SNMP config.

Have you exprienced anything like this ? How can I stop or prevent it ?

== snmp_ta app in splunk forwarder server
/apps/snmp_ta/local/inputs.conf

== /var/log/messages in splunk forwarder server
011SNMPv2-SMI::enterprises.8103.1.5 = STRING: "44826"#011SNMPv2-SMI::enterprises.8103.1.6 = STRING: **"**Attack Web SQLInjection(error message).****C"#011SNMPv2-SMI::enterprises.8103.1.7 = STRING: "..."#011SNMPv2-SMI::enterprises.8103.1.8 = STRING: "2018/05/13 10:45:53"#011SNMPv2-SMI::enterprises.8103.1.9 = STRING: "Alarm"#011SNMPv2-SMI::enterprises.8103.1.10 = STRING: "Protocol=[TCP], SNIPER_ID=[400], Risk=[Low], HackType[01100], HackCount=[1], EndDate=[]"


"#011SNMPv2-SMI::enterprises.8103.1.5 = STRING: "80"#011SNMPv2-SMI::enterprises.8103.1.6 = STRING: **"Directory Traversal Attack(/../../../)"**#011SNMPv2-SMI::enterprises.8103.1.7 = STRING: "..."#011SNMPv2-SMI::enterprises.8103.1.8

Get Updates on the Splunk Community!

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Join the Conversation