Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

not receiving log SNMP traps

sec_team_albara
New Member
‎03-07-2019 01:54 AM

1- We have configured the router with the following commands
snmp-server enable traps
snmp-server host 192.168.1.111 version 2c albaraka

2-We have installed on the INDEXER net-snmp-5.6.1.1-1.x86 with the following config on windows server 2016.
C:\usr\etc\snmp

mibdirs C:/usr/share/snmp/mibs
persistentDir C:/usr/snmp/persist
tempFilePattern C:/usr/temp/snmpdXXXXXX
snmpTrapdAddr 192.168.1.111:162 (IP ADDR INDEXER)
authCommunity log albaraka

3-We also configured snmptrapd file under C:\usr\log in order that splunk monitor the file snmptrapd

However, we still not receiving log SNMP traps to file from cisco router/switch. we only receive the following errors.

c:/usr/etc/snmp/snmp.conf: line 6: Warning: Unknown token: snmpTrapdAddr.
c:/usr/etc/snmp/snmp.conf: line 7: Warning: Unknown token: authCommunity.
Warning: no access control information configured.
(Config search path: c:/usr/etc/snmp;c:/usr/share/snmp;c:/usr/lib)
This receiver will NOT accept any incoming notifications.
NET-SNMP version 5.6.1.1
No access configuration - dropping trap.
No access configuration - dropping trap.
2019-03-07 09:25:07 NET-SNMP version 5.6.1.1 Stopped.
Stopping snmptrapd

Tags (2)
0 Karma
Reply

nickhills
Ultra Champion
‎03-07-2019 07:17 AM

The listening snmpTrapAddr and authCommnity should be in snmpd.conf - not snmp.conf

If my comment helps, please give it a thumbs up!
0 Karma
Reply

sec_team_albara
New Member
‎03-07-2019 07:41 AM

The listening snmpTrapAddr and authCommnity are already in snmpd.conf

0 Karma
Reply

nickhills
Ultra Champion
‎03-07-2019 07:44 AM

hmm ok, are they also in snmp.conf. I went straight to the error lines, and it seems perhaps you have them in both?
c:/usr/etc/snmp/snmp.conf: line 6: Warning: Unknown token: snmpTrapdAddr.
c:/usr/etc/snmp/snmp.conf: line 7: Warning: Unknown token: authCommunity.

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...