Getting Data In

SNMP Traffic from windows to Splunk

kristiaan_d
Explorer

Hello Everyone, just after some help with Splunk and Windows SNMP data collection, ive had a bit of a read on here and some of the help docs which suggest i setup a seperate piece of software to log SNMP traffic on the server and have Splunk capture this.

I would much prefer to have Splunk capture the traffic directly to save having to admin a log files on servers and maintain extra software, i have setup my SNMP service in windows to point at the PC running Splunk but so far i cannot see anywhere in Splunk that shows me its acutally collecting data ?

can someone please offer some advice or help on how to configure the inbuilt snmp system with windows so that splunk can use it?

this is not a firewall problem btw ive already double checked that and both machines firewalls are disabled for this test.

Kris

Tags (1)
0 Karma
1 Solution

chris
Motivator

Hi Kris

You've probably come accross this: http://www.splunk.com/base/Documentation/latest/Admin/SendSNMPeventstoSplunk

The instructions are pretty clear, splunk will not be able to handle the SNMP Traps (you are talking about clients sending Traps to the Splunk Server right?)

We have setup an snmp daemon at our company which logs traps and it works fine.

Good luck

Chris

View solution in original post

chris
Motivator

Hi Kris

You've probably come accross this: http://www.splunk.com/base/Documentation/latest/Admin/SendSNMPeventstoSplunk

The instructions are pretty clear, splunk will not be able to handle the SNMP Traps (you are talking about clients sending Traps to the Splunk Server right?)

We have setup an snmp daemon at our company which logs traps and it works fine.

Good luck

Chris

chris
Motivator

Hi cqian02, do you see any network traffic on port 162 (or whatever you configured)?

0 Karma

cqian02
Explorer

Hi Chris, I've configured SNMPTRAP on a Windows server using Net-SNMP(according to the documentation), now I'm able to create the snmptrapd.log file, but I didn't see any data coming in the log file. Do you have any idea why this happened? Thank you very much.

0 Karma

chris
Motivator

don't worry, the Windows version is a bit behind, the linux binary distribution try: http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/5.5-binaries/

0 Karma

kristiaan_d
Explorer

ok at the risk of sounding dumb, ive searched the net-snmp site for a windows download and there only seems to be linux RPM files all over the place... wheres the windows version?

0 Karma

chris
Motivator

Hi Kris, yes we are using net-snmp.

0 Karma

kristiaan_d
Explorer

Hi Chris, just one final question, been as i now need an SNMP Daemon did you use the one suggested in the splunk article? or did you choose a different one? if you chose a different daemon can you let me know what it was please?

0 Karma

chris
Motivator

Hi Kris, I am afraid, that you won't get around setting up an snmp daemon. I'm not sure why Splunk does not have this integrated. But I guess it is because they would have to maintain and support an snmp daemon which will only capture one log source. And there already are good tools that will generate data Splunk can read.

0 Karma

kristiaan_d
Explorer

Hi Chris,
thanks for the reply, yes i basically want my web server to send snmp traffic to splunk and have splunk capture it, however if im reading your reply correctly and other peoples experiences, this is not possible i have to setup a system to capture this and write it to a txt file??

not sure where the logic for this was thought up but if thats the only way i can do it i will look at trapping the data..

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...