All Apps and Add-ons

SNMP MODULAR INPUTS

jarize_loyola
Engager

Hi Splunk Peeps!

Im trying to set up the SNMP Modular input to get the snmp traps data but unfortunately Im receiving this error
"Failed to register transport and run dispatcher: bind() for (u'SERVERNAME', 162) failed: [Errno -3] Temporary failure in name resolution snmp_stanza:snmp://SNMPTRAP5"

BR,
Jarize

0 Karma

cpt12tech
Contributor

If you're having problems with the SNMP-Modular input, may want to give this a try:
https://answers.splunk.com/answers/521362/found-a-simple-snmp-trap-receiver-for-windows-that.html#an...

0 Karma

Damien_Dallimor
Ultra Champion

DNS resolution errors for your server name your are setting in inputs.conf ?

0 Karma

jarize_loyola
Engager

Hello, I already set it to the hostname set in inputs.conf and same with the server.
The error was gone but still cant see any logs coming in.

0 Karma

jarize_loyola
Engager

Its working now. I can see logs coming in. I saw new error
"01-30-2017 17:20:20.992 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py" Exception resolving MIB value in the caught trap: Invalid sub-ID in (ObjectSyntax().setComponentByPosition(0, SimpleSyntax().setComponentByPosition(1, OctetString('epsEnodeBUnreachable'))), None, None, None, None) at ObjectIdentifier snmp_stanza:snmp://F5"

0 Karma

Damien_Dallimor
Ultra Champion

Totally guessing here as I can't see you inputs.conf stanza , but I will presume you have not configured the custom MIB for the incoming OIDs , covered in the docs : https://splunkbase.splunk.com/app/1537/#/details

0 Karma

jarize_loyola
Engager

Hi Damien,

Here's the inputs.conf and its working now.
[snmp://SNMP_TA]
communitystring = public
do_bulk_get = 0
do_get_subtree = 0
index = snmptraps
ipv6 = 0
snmp_mode = traps
snmp_version = 2C
sourcetype = SNMP_TA
split_bulk_output = 0
trap_host = 10.169.91.87
trap_port = 162
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
mib_names = DISMAN-SCRIPT-MIB,DISMAN-SCHEDULE-MIB,DISMAN-EVENT-MIB

We are now trying to load the mibs we still have this error.
"01-31-2017 15:06:12.855 +0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/snmp_ta/bin/snmp.py" Exception resolving MIB value in the caught trap: Invalid sub-ID in (ObjectSyntax().setComponentByPosition(0, SimpleSyntax().setComponentByPosition(1, OctetString('ss7M3uaAssociationUp'))), None, None, None, None) at ObjectIdentifier snmp_stanza:snmp://SNMP_TA"

0 Karma

Damien_Dallimor
Ultra Champion

I'm going to guess that you did not convert the MIB files to python modules correctly / completely.Perhaps there were MIB dependencies (usually listed at the top of the MIB file) inside those DISMAN MIB's that you missed also ?

See my accepted answer here also :

https://answers.splunk.com/answers/216296/cannot-resolve-node-name-for-custom-mibs.html#answer-21681...

0 Karma

jarize_loyola
Engager

Here are the errors every time were trying to convert the mibs

smidump -f python RFC1155-SMI.txt | libsmi2pysnmp > RFC1155-SMI.py
RFC1155-SMI.txt:100: range limit exceeds underlying basetype
RFC1155-SMI.txt:104: range limit exceeds underlying basetype
RFC1155-SMI.txt:108: range limit exceeds underlying basetype
smidump: module `RFC1155-SMI.txt' contains errors, expect flawed output

0 Karma

Damien_Dallimor
Ultra Champion

Post your full inputs.conf stanza for your SNMP input.

Also describe in detail the configuration you are using to send the traps to Splunk.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...