Still have some doubts about sending SNMP to Splunk
http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk
About this step:
Edit C:\usr\etc\snmp\snmptrapd.conf:
snmpTrapdAddr [System IP]:162
authCommunity log [community string]
Is the system IP the one which Splunk is installed on?
I am able to create the log file on the local machine, but it always states:
couldn't open udp:162 -- errno 2 ("No such file or directory")
Are there any other configuration do I need?
Thanks very much.
If you're having problems with snmp modular input, may want to give this a try.
https://answers.splunk.com/answers/521362/found-a-simple-snmp-trap-receiver-for-windows-that.html#an...
Hi
So I have SNMPD running, however no SNMP traps are being written tp snmptrapd.log. I have installed wireshark and can see that the traps have arrived on the correct interface with the correct community.
Any ideas?
Thankyou
Check out this new add-on : http://splunk-base.splunk.com/apps/88686/snmp-modular-input
you can put something like this:
snmpTrapdAddr udp:0.0.0.0:162
authCommunity log,execute,net public