Archive

SNMPTrap setup - no trap written in snmptrapd.log

Communicator

Hello,

I know it is not a direct Splunk question, but I'm trying to SNMP Traps into Splunk and hope someone could help with it.

I followed the Splunk documentation to setup the NET-SNMP on my windows server (http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk). However, no trap is written in the snmptrap.log.

I have configured the snmptrapd.conf as documented. I don't get any errors in the log, just "NET-SNMP version 5.6.1.1" everytime I restart it.

I tried to remove "snmpTrapdAddr [System IP]:162" to listen to all interfaces.
I have checked that the snmptrapd is listening on 162.
I have installed Wireshark and saw that trap are indeed arriving on the server.

But still nothing in the log.

The only time I managed to have something is when I run a dummy trap (snmptrap -v 2c -c public xxx.xxx.xxx.xxx "" ucdStart sysContact.0 s "Dave") from the server to itself. The same trap from another server don't work.

Any idea anyone?

Regards,
Olivier

Tags (2)
0 Karma

Path Finder

Hi

Same problem here can you assist me? how i can install net-snmp on my windows 7?

Thanks
Cris

0 Karma

Communicator

Problem solved: it was the Windows Firewall which was blocking the snmptrapd.exe. Adding it to the exception list, and everything is working as described.

0 Karma

Explorer

I followed the document to configure SNMPTRAP and I got the log file, but it does not show anything except "NET-SNMP version 5.5". I tried to unblock the file, but still didn't work. Do you have any idea what else reason can it be? Thank you very much.

0 Karma

Path Finder

Hi, I have exact the same problem (rhel not windows system)

I just follow instructions from http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

but I can not receive anything in /var/log/snmp-traps. If I start tcpdump -i eth0 'port 162' I can see snmp events arriving my server, but looks like snmptrapd can not write them into file.

Anyone could give me a hint to advance? no iptables or any other firewall is running.

Thanks in advance

0 Karma