Solved: How to receive snmp trap in window machine from th...

sony_1688 · ‎07-14-2010

I have to set windows xp machine as a server which has install splunk software to receive snamp trap from other remote network device(non window machine).

And I have done this step: In the splunk document Admin, there is one topic call:Send SNMP events to Splunk

assume that I configure this step correctly.

After that, how can I configure the Splunk to receive snmp...

In the Manager->Add data-> there is 9 input methods

Local Event Log Collection Remote Event Log Collection Files & Directories WMI Collection TCP UDP Registry monitoring Active Directory monitoring Scripts

I have tried the UDP option but it does not work

What should I do or may be I have choose the wrong option

Thank you

ftk · ‎07-14-2010

I recommend using NET-SNMP or the Kiwi Syslog Daemon on Windows to receive and log SNMP traps to file, then have splunk monitor that file. This way you can receive and log SNMP traps even if the splunk service is down for some reason (for example restarting it after changing configurations).

You will find some info on setting up NET-SNMP in the docs: http://www.splunk.com/base/Documentation/4.1.3/Admin/SendSNMPeventstoSplunk

Then set up a monitor for the snmp log file: http://www.splunk.com/base/Documentation/4.1.3/admin/MonitorFilesAndDirectories

View solution in original post

ftk · ‎07-14-2010

I recommend using NET-SNMP or the Kiwi Syslog Daemon on Windows to receive and log SNMP traps to file, then have splunk monitor that file. This way you can receive and log SNMP traps even if the splunk service is down for some reason (for example restarting it after changing configurations).

You will find some info on setting up NET-SNMP in the docs: http://www.splunk.com/base/Documentation/4.1.3/Admin/SendSNMPeventstoSplunk

Then set up a monitor for the snmp log file: http://www.splunk.com/base/Documentation/4.1.3/admin/MonitorFilesAndDirectories

sony_1688 · ‎07-15-2010

Thank you, I have solved the problem

gkanapathy · ‎07-14-2010

You need to monitor the file that is written by the snmptrapd service. Assuming that you did configure that step correctly. It should be easy to verify by simply examining the log file.

cqian02 · ‎08-20-2012

Hi, I am able to create the snmptrapd log file, but there's no data coming in. I'm not sure if I have done it correctly or not. Do you have any ideas why did this happen? Thank you very much.

jbueso · ‎10-05-2015

Hi, I have exact the same problem (rhel not windows system)

I just follow instructions from http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

but I can not receive anything in /var/log/snmp-traps. If I start tcpdump -i eth0 'port 162' I can see snmp events arriving my server, but looks like snmptrapd can not write them into file.

Anyone could give me a hint to advance? no iptables or any other firewall is running.

Thanks in advance

How to receive snmp trap in window machine from the remote network device?

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?