Hi leenguyen07, as an alternative to sending the snmp traps directly to splunk, you could leverage any existing trap collection mechanism, and write the events to that systems filesystem. Once it is written as a file, you can then configure a splunk forwarder to input that as a file
I'd also consider forwardering out syslog events from the network devices, writing them to a syslog server and inputing them just like the snmp traps.
Please let me know if this helps!
As i understand, has two way to monitor Switch/router.... use logging trap and use log snmp trap
1. THe first step: Configure logging trap on switch, it look as
Router(config)#Logging trap (trap level)
Router(config)#Logging host (Splunk Server) transport (tcp | udp) port (514)
Router(config)#Logging on
the Second step: setup Splunk to listen on port 514 (default), This way has success fully
But now my boss request me configure use snmp.
2. The first step, Configure use SNMP on router,switch it look as
Router(config)#snmp-server community (string) ro
Router(config)#snmp-server host (Splunk server) version (1,2,3) (string)
Router(config)#snmp-server enable trap snmp
the Second step, On Splunk i dont know what i do to get log trap from Router or switch. Can you help me do this tep?
If you has other way, can you recommend and write step by step to me. Thank you very much!
Good daytime, I wanted to ask you have you found the proper way to implement snmp logs receiving? I am having issues with this right now, so I wonder how you implemented this if u did
this is a very general question that can be answered by reviewing the documentation. please provide more details about what you're trying to achieve--what do you want to know about your routers, switches, etc? what does your environment look like?
in the meantime, i recommend you go through the tutorial, here:
http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial
thank you for your respond. This can easy with everyone, but i feed very hard. I read the documentation, but i didn't find what i need.
suppose i want to get log SNMP trap of router. I attempt enable SNMP on router, then on Splunk machine i add data -> monitor->tcp/udp->setup port 162 to listen snmp trap. But Splunk cann't get log SNMP trap correctly from router.
this is image:
http://www.upsieutoc.com/image/W912
UPPPPPPPPPPP