Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Send SNMP trap to other systems

mznikkip
Engager
‎04-18-2012 07:03 AM

I've read the documentation on how to send SNMP traps to other systems, however, I'm confused. How does traphosts.pl know to run sendsnmptrap.pl? I have the IP addresses for my trap receivers but not sure which parameters to change in sendsnmptrap.pl.

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

briang67
Communicator
‎04-18-2012 08:33 AM

In the sendsnmptrap.pl you'll want to change the $hostPortSNMP wiith the IP and port of your trap receiver.

View solution in original post

Reply
Solved! Jump to solution
Solution

briang67
Communicator
‎04-18-2012 08:33 AM

In the sendsnmptrap.pl you'll want to change the $hostPortSNMP wiith the IP and port of your trap receiver.

Reply
Solved! Jump to solution

mznikkip
Engager
‎04-19-2012 11:22 AM

Ahhh got it. I did a yum install for net-snmp-utils and now it seems to be working. Thanks for your help through this matter!

0 Karma
Reply
Solved! Jump to solution

briang67
Communicator
‎04-19-2012 09:46 AM

The snmptrap binary is in a separate rpm: net-snmp-utils.

0 Karma
Reply
Solved! Jump to solution

mznikkip
Engager
‎04-19-2012 07:24 AM

Ok done and done. Sorry for all the questions! I installed Net-SNMP but snmptrap does not appear in /usr/bin. In the directory where I did install it, I still don't even see /bin directory or 'snmptrap'.

0 Karma
Reply
Solved! Jump to solution

briang67
Communicator
‎04-18-2012 08:56 AM

One way to test would be to just run a tcpdump or snoop on the receiving host to see if the trap was received.

0 Karma
Reply
Solved! Jump to solution

briang67
Communicator
‎04-18-2012 08:52 AM

You can set a second variable like #hostPortSNMP2 and just run the $cmd a second time substituting the new variable

0 Karma
Reply
Solved! Jump to solution

mznikkip
Engager
‎04-18-2012 08:36 AM

Is there a way to send to two different trap receivers? Or would I have to create another sendsnmptrap.pl?
Also, how do I test to make sure it's working?

0 Karma
Reply
Solved! Jump to solution

briang67
Communicator
‎04-18-2012 08:31 AM

We use the trap script extensively at my company for alerting purposes. With our setup we call a shell script from the saved search called sendtrap.sh - that calls a customized version of the perl script sendsnmptrap.pl. The script passes the parameters needed for the perl script.

The shell script looks like this:

 #!/bin/sh
cd /opt/splunk/bin/scripts
$(./sendtrapv15.pl "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8")
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...