Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- not receiving log SNMP traps
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
not receiving log SNMP traps
1- We have configured the router with the following commands
snmp-server enable traps
snmp-server host 192.168.1.111 version 2c albaraka
2-We have installed on the INDEXER net-snmp-5.6.1.1-1.x86 with the following config on windows server 2016.
C:\usr\etc\snmp
mibdirs C:/usr/share/snmp/mibs
persistentDir C:/usr/snmp/persist
tempFilePattern C:/usr/temp/snmpdXXXXXX
snmpTrapdAddr 192.168.1.111:162 (IP ADDR INDEXER)
authCommunity log albaraka
3-We also configured snmptrapd file under C:\usr\log in order that splunk monitor the file snmptrapd
However, we still not receiving log SNMP traps to file from cisco router/switch. we only receive the following errors.
c:/usr/etc/snmp/snmp.conf: line 6: Warning: Unknown token: snmpTrapdAddr.
c:/usr/etc/snmp/snmp.conf: line 7: Warning: Unknown token: authCommunity.
Warning: no access control information configured.
(Config search path: c:/usr/etc/snmp;c:/usr/share/snmp;c:/usr/lib)
This receiver will NOT accept any incoming notifications.
NET-SNMP version 5.6.1.1
No access configuration - dropping trap.
No access configuration - dropping trap.
2019-03-07 09:25:07 NET-SNMP version 5.6.1.1 Stopped.
Stopping snmptrapd
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The listening snmpTrapAddr and authCommnity should be in snmpd.conf - not snmp.conf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The listening snmpTrapAddr and authCommnity are already in snmpd.conf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hmm ok, are they also in snmp.conf. I went straight to the error lines, and it seems perhaps you have them in both?
c:/usr/etc/snmp/snmp.conf: line 6: Warning: Unknown token: snmpTrapdAddr.
c:/usr/etc/snmp/snmp.conf: line 7: Warning: Unknown token: authCommunity.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
