Getting Data In

Sending SNMP to Splunk

Explorer

Still have some doubts about sending SNMP to Splunk

http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

About this step:
Edit C:\usr\etc\snmp\snmptrapd.conf:

snmpTrapdAddr [System IP]:162

authCommunity log [community string]

Is the system IP the one which Splunk is installed on?
I am able to create the log file on the local machine, but it always states:

couldn't open udp:162 -- errno 2 ("No such file or directory")

Are there any other configuration do I need?
Thanks very much.

Tags (1)

Contributor

If you're having problems with snmp modular input, may want to give this a try.
https://answers.splunk.com/answers/521362/found-a-simple-snmp-trap-receiver-for-windows-that.html#an...

0 Karma

New Member

Hi

So I have SNMPD running, however no SNMP traps are being written tp snmptrapd.log. I have installed wireshark and can see that the traps have arrived on the correct interface with the correct community.

Any ideas?

Thankyou

0 Karma

Ultra Champion
0 Karma

Motivator

you can put something like this:

snmpTrapdAddr udp:0.0.0.0:162

authCommunity log,execute,net public
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!