ok. We have spent hours on trying to get our snmp logs into Splunk. Everyone should be aware of the Hell. First, for Windows, you must install net-snmp. But guess what? The latest net-snmp binary doesn't actually perform an install, so you must download an old binary. But guess what? The old binary requires gnu_regex. But guess what? The links to this product don't provide a usable zip file, so you must search via google for something comparable. But guess what? Then you need openssl, so you install that but guess what? There are other dlls that already exist on your Windows box and cause dll conflicts (remember dll hell?) You ignore that and go on, but net-snmp now needs something called ActivePearl. So you download that, but guess what? net-snmp is version specific, so you must uninstall and re-install an older version of ActivePearl. O.K. Now the net-snmp will not start with the older version you downloaded (some dll error) so you overlay the older version of net-snmp with the new version of the binaries. Don't forget to also install some Microsoft C++ distributable dlls.
Now. Try must configure that net-snmp bastard.
The documentation for net-snmp absolutely sucks. snmptrapd will not accept traps in a default configuration so you must go to the documentation which has very few examples. The assumption is that you are an snmp guru that loves reading about snmp config options. After an hour of trying to understand text configuration files with multiple internal dependencies, you get snmptrapd to accept a trap.
Great. Now you decide that it would be wise to put the snmp output to a dedicated drive. Guess what? I still have not figure that out!
The snmptrapd.conf help file makes you "guess" at the correct option. I am guessing the option is "logOption" but that sends you to another help file called snmpcmd that is written in binary. Good luck to any and all who want to use Splunk to actually capture the system logs from things like the UPS devices and HP Enclosures. Awful, awful, awful. I can't wait to try to configure other integrations with splunk. Really?
If my constant use of "guess what" annoys you. You have seen nothing until you try it yourself. Hours will be wasted.
So, the two real outstanding questions :
What do I put in the config file for net-snmp to make it automatically load all the mib files in the mib directory?
How do I change the output location for the logging of the traps received?
... View more