Sending SNMP to Splunk

cqian02 · ‎09-04-2012

Still have some doubts about sending SNMP to Splunk

http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

About this step:
Edit C:\usr\etc\snmp\snmptrapd.conf:

snmpTrapdAddr [System IP]:162

authCommunity log [community string]

Is the system IP the one which Splunk is installed on?
I am able to create the log file on the local machine, but it always states:

couldn't open udp:162 -- errno 2 ("No such file or directory")

Are there any other configuration do I need?
Thanks very much.

cpt12tech · ‎04-19-2017

If you're having problems with snmp modular input, may want to give this a try.
https://answers.splunk.com/answers/521362/found-a-simple-snmp-trap-receiver-for-windows-that.html#an...

itnetworkteam · ‎01-30-2017

Hi

So I have SNMPD running, however no SNMP traps are being written tp snmptrapd.log. I have installed wireshark and can see that the traps have arrived on the correct interface with the correct community.

Any ideas?

Thankyou

Damien_Dallimor · ‎05-28-2013

Check out this new add-on : http://splunk-base.splunk.com/apps/88686/snmp-modular-input

MarioM · ‎09-05-2012

you can put something like this:

snmpTrapdAddr udp:0.0.0.0:162

authCommunity log,execute,net public

Sending SNMP to Splunk

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life