Getting Data In

how to monitor switch, router, firewall, etc?

leenguyen07
Explorer

If anyone out there has any relevant experience and could share some advice/guidance, that would be great.

Thanks!

Tags (2)
0 Karma

muebel
SplunkTrust
SplunkTrust

Hi leenguyen07, as an alternative to sending the snmp traps directly to splunk, you could leverage any existing trap collection mechanism, and write the events to that systems filesystem. Once it is written as a file, you can then configure a splunk forwarder to input that as a file

I'd also consider forwardering out syslog events from the network devices, writing them to a syslog server and inputing them just like the snmp traps.

Please let me know if this helps!

leenguyen07
Explorer

As i understand, has two way to monitor Switch/router.... use logging trap and use log snmp trap
1. THe first step: Configure logging trap on switch, it look as
Router(config)#Logging trap (trap level)
Router(config)#Logging host (Splunk Server) transport (tcp | udp) port (514)
Router(config)#Logging on
the Second step: setup Splunk to listen on port 514 (default), This way has success fully
But now my boss request me configure use snmp.
2. The first step, Configure use SNMP on router,switch it look as
Router(config)#snmp-server community (string) ro
Router(config)#snmp-server host (Splunk server) version (1,2,3) (string)
Router(config)#snmp-server enable trap snmp
the Second step, On Splunk i dont know what i do to get log trap from Router or switch. Can you help me do this tep?
If you has other way, can you recommend and write step by step to me. Thank you very much!

0 Karma

era_coding
New Member

Good daytime, I wanted to ask you have you found the proper way to implement snmp logs receiving? I am having issues with this right now, so I wonder how you implemented this if u did

0 Karma

piebob
Splunk Employee
Splunk Employee

this is a very general question that can be answered by reviewing the documentation. please provide more details about what you're trying to achieve--what do you want to know about your routers, switches, etc? what does your environment look like?
in the meantime, i recommend you go through the tutorial, here:
http://docs.splunk.com/Documentation/Splunk/latest/SearchTutorial/WelcometotheSearchTutorial

0 Karma

leenguyen07
Explorer

thank you for your respond. This can easy with everyone, but i feed very hard. I read the documentation, but i didn't find what i need.
suppose i want to get log SNMP trap of router. I attempt enable SNMP on router, then on Splunk machine i add data -> monitor->tcp/udp->setup port 162 to listen snmp trap. But Splunk cann't get log SNMP trap correctly from router.
this is image:
http://www.upsieutoc.com/image/W912

0 Karma

ledaipro
Explorer

UPPPPPPPPPPP

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...