Re: splunk SNMP data reading

ajaypal01111992 · ‎12-16-2013

Hello friends,

Friends really i need your help.

After a full deployment of splunk SNMP. I am not able to read coming data in splunk indexer.

I was going through document, so there is mention that you need a mib file and convert into py format and paste it on \Splunk\etc\apps\snmp_ta\bin\mibs this location and restart your splunk indexer.

I did like that. but still i am not able to read coming snmp traps.

Is there any thing alse i have to configured?

And please suggest me that how to convert mib file into py(.egg) format(Mybe i am not able to convert that in correct format)

So please help to get sovle it.

Maddy · ‎05-19-2021

Hi,

SNMP event / traps are ingested to Splunk but the error code is not user friendly. MIB file has error code and description mapping.

Any one has done used MIB file with SNMP events / traps to map the error code without using SNMP modular Inputs?

Please help urgently

Damien_Dallimor · ‎12-16-2013

If you have third party custom MIB files and you want your OID names and values to be resolved , then these need to be converted into python modules.

You don't need to egg your python modules , this is totally optional.You can just place your generated python modules in snmp_ta/bin/mibs.

Furthermore you might also enjoy reading this blog series.

From the SNMP Modular Input documentation.

Adding Custom MIBs

The pysnmp library is used under the hood so you need to convert your plain text MIB files into python modules :

Many industry standard MIBs ship with the Modular Input. You can see which MIBs are available by looking in SPLUNK_HOME/etc/apps/snmp_ta/bin/mibs/pysnmp_mibs-0.1.4-py2.7.egg

Any additional custom MIBs need to be converted into Python Modules.

You can simply do this by using the build-pysnmp-mib tool that is part of the pysnmp installation

build-pysnmp-mib -o SOME-CUSTOM-MIB.py SOME-CUSTOM-MIB.mib

build-pysnmp-mib is just a wrapper around smidump.

So alternatively you can also execute :

smidump -f python | libsmi2pysnmp >

Then you can either copy the generated python files to SPLUNK_HOME/etc/apps/snmp_ta/bin/mibs or build a Python "egg" of the generated python files(maybe tidier if you have many python files) and copy the egg to that same location.

In the configuration screen for the SNMP input in Splunk Manager , there is a field called “MIB Names” (see above). Here you can specify the MIB names you want applied to the SNMP input definition ie: IF-MIB,DNS-SERVER-MIB,BRIDGE-MIB The MIB Name is the same as the name of the MIB python module in your egg package.

thaddeuslim · ‎11-25-2018

Hi, if i have a zip files filled with .txt MIB files can I convert the entire zip file into .py? Is there a way to do so?

jtrucks · ‎12-16-2013

The docs for the SNMP Modular Input app indicates it comes with a conversion tool:

You can simply do this by using the
build-pysnmp-mib tool that is part of
the pysnmp installation

build-pysnmp-mib -o SOME-CUSTOM-MIB.py
SOME-CUSTOM-MIB.mib

build-pysnmp-mib is just a wrapper
around smidump.

So alternatively you can also execute
:

smidump -f python [HTML_REMOVED] |
libsmi2pysnmp > [HTML_REMOVED]

In addition, you can email the author Damien Dallimore as indicated on that page.

--
Jesse Trucks
Minister of Magic

splunk SNMP data reading

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!