I know it is not a direct Splunk question, but I'm trying to SNMP Traps into Splunk and hope someone could help with it.
I followed the Splunk documentation to setup the NET-SNMP on my windows server (http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk). However, no trap is written in the snmptrap.log.
I have configured the snmptrapd.conf as documented. I don't get any errors in the log, just "NET-SNMP version 220.127.116.11" everytime I restart it.
I tried to remove "snmpTrapdAddr [System IP]:162" to listen to all interfaces.
I have checked that the snmptrapd is listening on 162.
I have installed Wireshark and saw that trap are indeed arriving on the server.
But still nothing in the log.
The only time I managed to have something is when I run a dummy trap (snmptrap -v 2c -c public xxx.xxx.xxx.xxx "" ucdStart sysContact.0 s "Dave") from the server to itself. The same trap from another server don't work.
Any idea anyone?
I followed the document to configure SNMPTRAP and I got the log file, but it does not show anything except "NET-SNMP version 5.5". I tried to unblock the file, but still didn't work. Do you have any idea what else reason can it be? Thank you very much.
Hi, I have exact the same problem (rhel not windows system)
I just follow instructions from http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk
but I can not receive anything in /var/log/snmp-traps. If I start tcpdump -i eth0 'port 162' I can see snmp events arriving my server, but looks like snmptrapd can not write them into file.
Anyone could give me a hint to advance? no iptables or any other firewall is running.
Thanks in advance