Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SNMPTrap setup - no trap written in snmptrapd.log

OL
Communicator
‎05-23-2012 08:45 AM

Hello,

I know it is not a direct Splunk question, but I'm trying to SNMP Traps into Splunk and hope someone could help with it.

I followed the Splunk documentation to setup the NET-SNMP on my windows server (http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk). However, no trap is written in the snmptrap.log.

I have configured the snmptrapd.conf as documented. I don't get any errors in the log, just "NET-SNMP version 5.6.1.1" everytime I restart it.

I tried to remove "snmpTrapdAddr [System IP]:162" to listen to all interfaces.
I have checked that the snmptrapd is listening on 162.
I have installed Wireshark and saw that trap are indeed arriving on the server.

But still nothing in the log.

The only time I managed to have something is when I run a dummy trap (snmptrap -v 2c -c public xxx.xxx.xxx.xxx "" ucdStart sysContact.0 s "Dave") from the server to itself. The same trap from another server don't work.

Any idea anyone?

Regards,
Olivier

Tags (2)
0 Karma
Reply

christantoy
Path Finder
‎11-07-2012 11:15 PM

Hi

Same problem here can you assist me? how i can install net-snmp on my windows 7?

Thanks
Cris

0 Karma
Reply

OL
Communicator
‎05-23-2012 09:33 AM

Problem solved: it was the Windows Firewall which was blocking the snmptrapd.exe. Adding it to the exception list, and everything is working as described.

0 Karma
Reply

cqian02
Explorer
‎08-20-2012 01:16 PM

I followed the document to configure SNMPTRAP and I got the log file, but it does not show anything except "NET-SNMP version 5.5". I tried to unblock the file, but still didn't work. Do you have any idea what else reason can it be? Thank you very much.

0 Karma
Reply

jbueso
Path Finder
‎10-05-2015 04:29 AM

Hi, I have exact the same problem (rhel not windows system)

I just follow instructions from http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

but I can not receive anything in /var/log/snmp-traps. If I start tcpdump -i eth0 'port 162' I can see snmp events arriving my server, but looks like snmptrapd can not write them into file.

Anyone could give me a hint to advance? no iptables or any other firewall is running.

Thanks in advance

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...