All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SNMP Modular Input: It seems PySNMP has an issue with SNMPv1. Is there a way to manually test or debug the snmp.py module in the add-on?

ww9rivers
Contributor
‎12-02-2016 08:53 AM

It seems that PySNMP has an issue with SNMPv1, which may have an impact on the SNMP Modular Input (snmp_ta) module.

I have captured some SNMP packets using tcpdump that clearly show responses to the SNMP requests, but Splunk has no data -- this started yesterday, when the host got patched (I suspect).

Is there a way to manually test/debug the "snmp.py" module in SNMP Modular Input?

Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ww9rivers
Contributor
‎12-12-2016 08:23 AM

I made a mistake in building the PySNMP + PyASN1 package eggs earlier.

I checked out both packages from github, built them into pyasn1-0.1.10-py2.7.egg and pysnmp-4.3.3-py2.7.egg, dropped them in to replace the old packages, restarted Splunk.

It works now!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ww9rivers
Contributor
‎12-12-2016 08:23 AM

I made a mistake in building the PySNMP + PyASN1 package eggs earlier.

I checked out both packages from github, built them into pyasn1-0.1.10-py2.7.egg and pysnmp-4.3.3-py2.7.egg, dropped them in to replace the old packages, restarted Splunk.

It works now!

0 Karma
Reply
Solved! Jump to solution

Damien_Dallimor
Ultra Champion
‎12-03-2016 04:59 AM

Any logs ? 

index=_internal error ExecProcessor snmp.py
0 Karma
Reply
Solved! Jump to solution

ww9rivers
Contributor
‎12-05-2016 04:17 AM

I got a response from the developer on the issue I reported on Github:

"Right, let me know if you still experience issues with the latest pysnmp/pysnmp-apps."

I did test that with 4.3.2 installed from Pypi which has fixed the problem.

So it looks like an issue with PySNMP. Any chance to get the latest PySNMP in snmp_ta?

Thank you.

0 Karma
Reply
Solved! Jump to solution

ww9rivers
Contributor
‎12-03-2016 08:37 AM

Also, I tried to drop in the pysnmp and pyasn1 Egg files I built, replacing the ones in the snmp_ta app, that did not work.

0 Karma
Reply
Solved! Jump to solution

ww9rivers
Contributor
‎12-03-2016 08:35 AM 
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" Exception with getCmd to 10.23.68.51:161: poll error: Traceback (most recent call last):
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/carrier/asynsock/dispatch.py", line 37, i
n runDispatcher
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     use_poll=True, map=self.__sockMap, count=1)
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/lib/python2.7/asyncore.py", line 220, in loop
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     poll_fun(timeout, map)
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/lib/python2.7/asyncore.py", line 201, in poll2
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     readwrite(obj, flags)
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/lib/python2.7/asyncore.py", line 123, in readwrite
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     obj.handle_error()
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/lib/python2.7/asyncore.py", line 108, in readwrite
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     obj.handle_read_event()
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/lib/python2.7/asyncore.py", line 449, in handle_read_event
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     self.handle_read()
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/carrier/asynsock/dgram/base.py", line 83,
 in handle_read
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     self._cbFun(self, transportAddress, incomingMessage)
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/carrier/base.py", line 52, in _cbFun
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     self, transportDomain, transportAddress, incomingMessage
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/entity/engine.py", line 64, in __receiveM
essageCbFun
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     self, transportDomain, transportAddress, wholeMsg
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/proto/rfc3412.py", line 319, in receiveMe
ssage
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     wholeMsg
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/proto/mpmod/rfc2576.py", line 276, in pre
pareDataElements
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     msg
12-03-2016 11:30:45.931 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/proto/secmod/rfc2576.py", line 390, in pr
ocessIncomingMsg
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     snmpEngine, communityName, transportInformation
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pysnmp-4.2.5-py2.7.egg/pysnmp/proto/secmod/rfc2576.py", line 139, in _c
om2sec
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     targetAddrTDomain = tuple(targetAddrTDomain)
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pyasn1-0.1.6-py2.7.egg/pyasn1/type/univ.py", line 448, in __len__
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     self._len = len(self._value)
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;  File "/app/splunk/etc/apps/snmp_ta/bin/pyasn1-0.1.6-py2.7.egg/pyasn1/type/base.py", line 52, in __getattr__
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"     raise error.PyAsn1Error('No value for %s()' % attr)
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py" ;PyAsn1Error: No value for __len__()
12-03-2016 11:30:45.932 -0500 ERROR ExecProcessor - message from "python /app/splunk/etc/apps/snmp_ta/bin/snmp.py"  snmp_stanza:snmp://DCTemperature

This looks very much like a problem with pysnmp 4.2.5 -- the "pysnmpget" (or snmpget.py, depending on installation) behaves the same way: With a '-d' command line option, it shows responses coming back but ignored. Installing 4.3.2 from Pypi gives me a working "snmpget.py" app.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...