- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How to receive snmp trap in window machine from th...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have to set windows xp machine as a server which has install splunk software to receive snamp trap from other remote network device(non window machine).
And I have done this step: In the splunk document Admin, there is one topic call:Send SNMP events to Splunk
assume that I configure this step correctly.
After that, how can I configure the Splunk to receive snmp...
In the Manager->Add data-> there is 9 input methods
Local Event Log Collection Remote Event Log Collection Files & Directories WMI Collection TCP UDP Registry monitoring Active Directory monitoring Scripts
I have tried the UDP option but it does not work
What should I do or may be I have choose the wrong option
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I recommend using NET-SNMP or the Kiwi Syslog Daemon on Windows to receive and log SNMP traps to file, then have splunk monitor that file. This way you can receive and log SNMP traps even if the splunk service is down for some reason (for example restarting it after changing configurations).
You will find some info on setting up NET-SNMP in the docs: http://www.splunk.com/base/Documentation/4.1.3/Admin/SendSNMPeventstoSplunk
Then set up a monitor for the snmp log file: http://www.splunk.com/base/Documentation/4.1.3/admin/MonitorFilesAndDirectories
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I recommend using NET-SNMP or the Kiwi Syslog Daemon on Windows to receive and log SNMP traps to file, then have splunk monitor that file. This way you can receive and log SNMP traps even if the splunk service is down for some reason (for example restarting it after changing configurations).
You will find some info on setting up NET-SNMP in the docs: http://www.splunk.com/base/Documentation/4.1.3/Admin/SendSNMPeventstoSplunk
Then set up a monitor for the snmp log file: http://www.splunk.com/base/Documentation/4.1.3/admin/MonitorFilesAndDirectories
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, I have solved the problem
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to monitor the file that is written by the snmptrapd service. Assuming that you did configure that step correctly. It should be easy to verify by simply examining the log file.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I am able to create the snmptrapd log file, but there's no data coming in. I'm not sure if I have done it correctly or not. Do you have any ideas why did this happen? Thank you very much.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I have exact the same problem (rhel not windows system)
I just follow instructions from http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk
but I can not receive anything in /var/log/snmp-traps. If I start tcpdump -i eth0 'port 162' I can see snmp events arriving my server, but looks like snmptrapd can not write them into file.
Anyone could give me a hint to advance? no iptables or any other firewall is running.
Thanks in advance
Everything Community at .conf24!
Index This | I’m short for "configuration file.” What am I?
New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...
