Alerting

Problem with sending SNMP traps to other systems

fahoerma
New Member

I tried to set up an alert Script in Pearl sending SNMP traps to other host like here. I Changed the Host:Port to my values, but when i try to run this script i got this error:


No log handling enabled - turning on stderr logging

1.3.6.1.4.1.27389.1.1: Value out of range (1.3.6.1.4.1.27389.1.2)


Im not very good in Perl, so how can I fix this problem?

0 Karma

rodrigorsilva
Communicator

Hi, depending on the distribution used some packages must be installed to make use of snmptrap:

net-snmp
net-snmp-libs
net-snmp-utils
lm_sensors-libs

Which distribution you using?

butzowj
Path Finder

Rodrigo -

Thanks for the assistance, it turns out that it was a net-snmp dependency issue on two of our three search heads. I am still seeing the error above when I manually execute the script, but when the script is fired as part of a Splunk alarm, it works properly.

Thanks for your help!
JB

0 Karma

rodrigorsilva
Communicator

Can you post the code in PERL?

Rodrigo Ribeiro

butzowj
Path Finder

Rodrigo -

I am having the exact same problem as the poster above, using the Splunk-provided SNMP perl script (pasted below).

#!/usr/bin/perl
#
# sendsnmptrap.pl: A script to enable using Splunk alerts to send an SNMP trap.
#
# Modify the following code as necessary for your local environment.
#
$hostPortSNMP = "qa-tm1:162"; # Host:Port of snmpd or other SNMP trap handler
$snmpTrapCmd = "/usr/bin/snmptrap"; # Path to snmptrap, from http://www.net-snmp.org
$TRAPOID = "1.3.6.1.4.1.27389.1.2"; # Object IDentifier for traps/notifications 
$OID = "1.3.6.1.4.1.27389.1.1"; # Object IDentifier for objects, Splunk Enterprise OID is 27389
# Parameters passed in from the alert.
# $1-$9 is the positional parameter list. $ARGV[0] starts at $1 in Perl.
$searchCount = $ARGV[0]; # $1 - Number of events returned
$searchTerms = $ARGV[1]; # $2 - Search terms
$searchQuery = $ARGV[2]; # $3 - Fully qualified query string
$searchName = $ARGV[3]; # $4 - Name of saved search
$searchReason = $ARGV[4]; # $5 - Reason saved search triggered
$searchURL = $ARGV[5]; # $6 - URL/Permalink of saved search
$searchTags = $ARGV[6]; # $7 - Always empty as of 4.1
$searchPath = $ARGV[7]; # $8 - Path to raw saved results in Splunk instance (advanced)

# Send trap, with the parameter list above mapping down into the OID.
$cmd = qq/$snmpTrapCmd -v 2c -c public $hostPortSNMP '' $TRAPOID $OID.1 i $searchCount $OID.2 s "$searchTerms" $OID.3 s "$searchQuery" $OID.4 s "$searchName" $OID.5 s "$searchReason" $OID.6 s "$searchURL" $OID.7 s "$searchTags" $OID.8 s "$searchPath"/;
 system($cmd);

If you could provide any assistance I would greatly appreciate it.

Thanks!
JB

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...