Hello,
I'm trying to capture traps from a Cisco router with SNMP Modular Input add-on. Here's what I did so far:
$SPLUNK_ROOT/etc/apps/snmp_ta/bin/mibs/
directory;s7.postimg.org/eyn4d5mx7/snmp_cisco.png
write
command. Though tcpdump does see a trap message coming, the Splunk doesn't capture it and I see no data in the Search app.Also, python did complain about "more than 255 arguments" in CISCO-TC.py, so I had to comment IfOperStatusReason class' inner code. This shouldn't had an effect on my particular situation, though.
What should I do? Thanks in advance!
Have a look at the answer that was accepted in this question and see if that helps you : http://answers.splunk.com//answers/138848/snmp-traps-not-being-indexed-by-snmp-modular-input
I have configured the same as above . but still i cannot see traps in splunk search.
have done netstat -au - 162 port is listening.
host name i have set to exact IP of the search head as i given in the device.
rest other configs also done.
but still seeing no events 😞
Have a look at the answer that was accepted in this question and see if that helps you : http://answers.splunk.com//answers/138848/snmp-traps-not-being-indexed-by-snmp-modular-input
Nice. Please "accept" the answer above.
Thank you! This thread helped me. Setting the trap listener to exactly the same value as it was set on the router resolved the issue.
1) are there any errors ? Search in "index=_internal ExecProcessor error snmp.py"
2) have you set the correct bind host for the trap listener ?
3) is the SNMP stanza you setup opening the port and listening ?
4) Have you specified the correct SNMP version ?
1) I see only one error about "more than 255 arguments" there. After I (sort of) fixed it there were no more errors, and the snmp.py process started up successfully.
2) Yes, it's localhost
3) Yes, netstat -lnp | grep 162
confirms it
4) Yes