Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SNMP Modular Input Custom MIB

bakdaulet
Loves-to-Learn Lots
‎09-04-2019 10:46 PM

Hello.

After installing snmp modular input have a problem with MIB. Logs are not human readable format.

Example:
notification_from_address = "10.253.242.15" notification_from_port = "55681" notification_enterprise = "1.3.6.1.4.1.18494.2" notification_agent_address = "10.253.242.15" notification_generic_trap = "'enterpriseSpecific'" notification_specific_trap = "1" notification_uptime = "1" 1.3.6.1.4.1.18494.2.1.1 = ObjectSyntax: simple=SimpleSyntax: string=atyn 1.3.6.1.4.1.18494.2.1.2 = ObjectSyntax: simple=SimpleSyntax: string=05/09/2019 1.3.6.1.4.1.18494.2.1.3 = ObjectSyntax: simple=SimpleSyntax: string=11:31:15 1.3.6.1.4.1.18494.2.1.4 = ObjectSyntax: simple=SimpleSyntax: string=MXS 1.3.6.1.4.1.18494.2.1.5 = ObjectSyntax: simple=SimpleSyntax: number=10023 1.3.6.1.4.1.18494.2.1.6 = ObjectSyntax: simple=SimpleSyntax: string=Info 1.3.6.1.4.1.18494.2.1.7 = ObjectSyntax: simple=SimpleSyntax: string=Communication 1.3.6.1.4.1.18494.2.1.8 = ObjectSyntax: simple=SimpleSyntax: string=Session Closed 1.3.6.1.4.1.18494.2.1.9 = ObjectSyntax: simple=SimpleSyntax: string=0x4d65737361676520506172746e6572204d54314f75742c2053657373696f6e20393833202d2053657373696f6e20636c6f7365640a20202020496e707574206d6573736167657320203a20616363657074656420303030303030202d2072656a6563746564203030303030300a202020204f7574707574206d65737361676573203a20616363657074656420303030303031202d2072656a6563746564203030303030300a2020202020202020202020202020202020202020202020202020202020202020202020202d20627970617373656420303030303030 1.3.6.1.4.1.18494.2.1.10 = ObjectSyntax: simple=SimpleSyntax: string=8370f116-2250-47c6-86d9-e435fa6127f5

I already converted MIB into Python Modules and put it /opt/splunk/etc/apps/snmp_ta/bin/mibs

My inputs.conf
[snmp://Swift_altyn]
activation_key = ***************************
communitystring = public
do_bulk_get = 0
do_get_subtree = 0
ipv6 = 0
snmp_mode = traps
snmp_version = 2C
sourcetype = swift_altyn
split_bulk_output = 0
trap_host = SERVERNAME
trap_port = 10162
trap_rdns = 0
v3_authProtocol = usmHMACMD5AuthProtocol
v3_privProtocol = usmDESPrivProtocol
mib_names = SAATRAP

Help please!!!

Tags (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...