All Apps and Add-ons

how to resolve splunk permission denied for snmp port 162?



I'm trying to configure snmp modular input to listen snmp traps, I see the permission denied error in internal logs for snmp. We are using RHEL, how to use ip tables to route to different port? OR is there any other way to resolve this one?

0 Karma

Ultra Champion

You are most likely not running Splunk with a user that has permission for opening ports < 1024
Mentioned inline in the annotation for the port field on the setup page.

alt text

0 Karma


What version of RHEL are you using? If you are using 7 or higher then you can just use the firewalld service and firewall-cmd to enable it.

NOTE: Make sure that all your host firewall rules aren't already using iptables.

if not already, enable firewalld
# systemctl start firewalld

Then start firewalld
# systemctl start firewalld

Just add the ports/services that you want to allow in:
# firewall-cmd --add-service=snmp --perm
(note: the --perm option makes it permanent after reloading)

Now just reload the firewall rules and you should be good to go.
# firewall-cmd --reload

To doublecheck that it was added, just run:
# firewall-cmd --list-services

You should now see "snmp" as one of the services.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...