All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to resolve splunk permission denied for snmp port 162?

kiran331
Builder
‎01-03-2018 08:56 AM

Hi,

I'm trying to configure snmp modular input to listen snmp traps, I see the permission denied error in internal logs for snmp. We are using RHEL, how to use ip tables to route to different port? OR is there any other way to resolve this one?

0 Karma
Reply

Damien_Dallimor
Ultra Champion
‎01-03-2018 02:05 PM

You are most likely not running Splunk with a user that has permission for opening ports < 1024
Mentioned inline in the annotation for the port field on the setup page.

alt text

Preview file
60 KB
0 Karma
Reply

gmchenry
Explorer
‎01-03-2018 12:59 PM

What version of RHEL are you using? If you are using 7 or higher then you can just use the firewalld service and firewall-cmd to enable it.

NOTE: Make sure that all your host firewall rules aren't already using iptables.

if not already, enable firewalld
# systemctl start firewalld

Then start firewalld
# systemctl start firewalld

Just add the ports/services that you want to allow in:
# firewall-cmd --add-service=snmp --perm
(note: the --perm option makes it permanent after reloading)

Now just reload the firewall rules and you should be good to go.
# firewall-cmd --reload

To doublecheck that it was added, just run:
# firewall-cmd --list-services

You should now see "snmp" as one of the services.

0 Karma
Reply
Get Updates on the Splunk Community!

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...