Hi all,
i've installed splunk on ubuntu with the user "splunker", which is member of sudoers. Then I have installed the app snmp_ta to handle the snmp traps send by remote devices (they are already configured to send traps to splunk server). All MIBs needed I've converted to *.py and moved to /home/splunker/etc/apps/snmp_ta/bin/mibs/
After starting the app I get following error message "ERROR ExecProcessor - message from "python /home/splunker/splunk/etc/apps/snmp_ta/bin/snmp.py" CarrierError: bind() for ('localhost', 162) failed: [Errno 13] Permission denied"
Either with snmptrapd started or stoped I get the same message error.
What should i do to fix this issue?
Thanks a lot for any help
Mourad
Hi matrix154,
looks like you enabled the trap host
in inputs.conf and set the trap port
to be 162, right?
*The TRAP port to listen on. Defaults to 162
trap_port= <value>
*The trap host. Defaults to localhost
trap_host= <value>
if so, does the user running Splunk has the *nix System permission to open up a privileged port ( the TCP ports below 1024 ) ?
cheers, MuS
Hi matrix154,
looks like you enabled the trap host
in inputs.conf and set the trap port
to be 162, right?
*The TRAP port to listen on. Defaults to 162
trap_port= <value>
*The trap host. Defaults to localhost
trap_host= <value>
if so, does the user running Splunk has the *nix System permission to open up a privileged port ( the TCP ports below 1024 ) ?
cheers, MuS
If you look at the build-pysnmp-mib script , it uses smidump. So your smidump program is probably not parsing your FORTINET-FORTIGATE-MIB.mib file correctly because you don't have your smidump environment setup correctly to resolve the mib dependencys that FORTINET-FORTIGATE-MIB.mib refers to.Ergo, it pipes through "empty input" to the libsmi2pysnmp program which is what turns the smidump output into python modules for the SNMP Modular Input to load. In my environment , there are entrys in /etc/smi.conf for the directorys where mibs live that will be resolved by smidump.
Hi Damien,
yes i did, but same behavior.
I've noticed that the builder "build-pysnmp-mib" some times is not able to read the source file *.mib
Here an example:
-rw-r--r-- 1 root root 166605 Jan 29 11:03 /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib
root@xxx#
root@xxx# build-pysnmp-mib -o /home/splunker/splunk/etc/apps/snmp_ta/bin/mibs/FORTINET-FORTIGATE-MIB.py /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib
Empty input
smidump -f python /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib | libsmi2pysnmp fails
root@xxx#
Thank you
Aside from converting the MIB files to python modules and placing them in /home/splunker/etc/apps/snmp_ta/bin/mibs/ , have you also listed the MIB names you want applied in the SNMP input ?
you're welcome. please feel free to accept the answer
thank you.
I wished to solve this without predefining any highports.
It works now! How ever the output shows extrem strange as it is unable to handle the MIB files.
This is now another issue.
Thank you
personally I would set it to listen some higher port like 8162 and setup a iptables NAT rule to route 162 to 8162.
Hi Mus,
yes i left these field empty so that it take the default values. For the permissions the user "splunker" is member of sudoers.
Futher i've set ubuntu to allow the script snmp.py to listen to port 162 with this command "setcap 'cap_net_bind_service=+ep' /home/splunker/splunk/etc/apps/snmp_ta/bin/snmp.py"
Thanks