All Apps and Add-ons

snmp.py CarrierError: bind() for ('localhost', 162) failed: [Errno 13] Permission denied

New Member

Hi all,

i've installed splunk on ubuntu with the user "splunker", which is member of sudoers. Then I have installed the app snmp_ta to handle the snmp traps send by remote devices (they are already configured to send traps to splunk server). All MIBs needed I've converted to *.py and moved to /home/splunker/etc/apps/snmp_ta/bin/mibs/

After starting the app I get following error message "ERROR ExecProcessor - message from "python /home/splunker/splunk/etc/apps/snmp_ta/bin/snmp.py" CarrierError: bind() for ('localhost', 162) failed: [Errno 13] Permission denied"

Either with snmptrapd started or stoped I get the same message error.

What should i do to fix this issue?

Thanks a lot for any help
Mourad

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Hi matrix154,

looks like you enabled the trap host in inputs.conf and set the trap port to be 162, right?

*The TRAP port to listen on. Defaults to 162
trap_port= <value>

*The trap host. Defaults to localhost
trap_host= <value>

if so, does the user running Splunk has the *nix System permission to open up a privileged port ( the TCP ports below 1024 ) ?

cheers, MuS

View solution in original post

SplunkTrust
SplunkTrust

Hi matrix154,

looks like you enabled the trap host in inputs.conf and set the trap port to be 162, right?

*The TRAP port to listen on. Defaults to 162
trap_port= <value>

*The trap host. Defaults to localhost
trap_host= <value>

if so, does the user running Splunk has the *nix System permission to open up a privileged port ( the TCP ports below 1024 ) ?

cheers, MuS

View solution in original post

Ultra Champion

If you look at the build-pysnmp-mib script , it uses smidump. So your smidump program is probably not parsing your FORTINET-FORTIGATE-MIB.mib file correctly because you don't have your smidump environment setup correctly to resolve the mib dependencys that FORTINET-FORTIGATE-MIB.mib refers to.Ergo, it pipes through "empty input" to the libsmi2pysnmp program which is what turns the smidump output into python modules for the SNMP Modular Input to load. In my environment , there are entrys in /etc/smi.conf for the directorys where mibs live that will be resolved by smidump.

0 Karma

New Member

Hi Damien,
yes i did, but same behavior.
I've noticed that the builder "build-pysnmp-mib" some times is not able to read the source file *.mib

Here an example:
-rw-r--r-- 1 root root 166605 Jan 29 11:03 /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib
root@xxx#
root@xxx# build-pysnmp-mib -o /home/splunker/splunk/etc/apps/snmp_ta/bin/mibs/FORTINET-FORTIGATE-MIB.py /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib
Empty input
smidump -f python /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib | libsmi2pysnmp fails
root@xxx#

Thank you

0 Karma

Ultra Champion

Aside from converting the MIB files to python modules and placing them in /home/splunker/etc/apps/snmp_ta/bin/mibs/ , have you also listed the MIB names you want applied in the SNMP input ?

0 Karma

SplunkTrust
SplunkTrust

you're welcome. please feel free to accept the answer

0 Karma

New Member

thank you.
I wished to solve this without predefining any highports.

It works now! How ever the output shows extrem strange as it is unable to handle the MIB files.

This is now another issue.

Thank you

0 Karma

SplunkTrust
SplunkTrust

personally I would set it to listen some higher port like 8162 and setup a iptables NAT rule to route 162 to 8162.

0 Karma

New Member

Hi Mus,

yes i left these field empty so that it take the default values. For the permissions the user "splunker" is member of sudoers.

Futher i've set ubuntu to allow the script snmp.py to listen to port 162 with this command "setcap 'cap_net_bind_service=+ep' /home/splunker/splunk/etc/apps/snmp_ta/bin/snmp.py"

Thanks

0 Karma