All Apps and Add-ons

how to resolve splunk permission denied for snmp port 162?



I'm trying to configure snmp modular input to listen snmp traps, I see the permission denied error in internal logs for snmp. We are using RHEL, how to use ip tables to route to different port? OR is there any other way to resolve this one?

0 Karma

Ultra Champion

You are most likely not running Splunk with a user that has permission for opening ports < 1024
Mentioned inline in the annotation for the port field on the setup page.

alt text

0 Karma


What version of RHEL are you using? If you are using 7 or higher then you can just use the firewalld service and firewall-cmd to enable it.

NOTE: Make sure that all your host firewall rules aren't already using iptables.

if not already, enable firewalld
# systemctl start firewalld

Then start firewalld
# systemctl start firewalld

Just add the ports/services that you want to allow in:
# firewall-cmd --add-service=snmp --perm
(note: the --perm option makes it permanent after reloading)

Now just reload the firewall rules and you should be good to go.
# firewall-cmd --reload

To doublecheck that it was added, just run:
# firewall-cmd --list-services

You should now see "snmp" as one of the services.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...