All Apps and Add-ons

snmp.py CarrierError: bind() for ('localhost', 162) failed: [Errno 13] Permission denied

matrix154
New Member

Hi all,

i've installed splunk on ubuntu with the user "splunker", which is member of sudoers. Then I have installed the app snmp_ta to handle the snmp traps send by remote devices (they are already configured to send traps to splunk server). All MIBs needed I've converted to *.py and moved to /home/splunker/etc/apps/snmp_ta/bin/mibs/

After starting the app I get following error message "ERROR ExecProcessor - message from "python /home/splunker/splunk/etc/apps/snmp_ta/bin/snmp.py" CarrierError: bind() for ('localhost', 162) failed: [Errno 13] Permission denied"

Either with snmptrapd started or stoped I get the same message error.

What should i do to fix this issue?

Thanks a lot for any help
Mourad

0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi matrix154,

looks like you enabled the trap host in inputs.conf and set the trap port to be 162, right?

*The TRAP port to listen on. Defaults to 162
trap_port= <value>

*The trap host. Defaults to localhost
trap_host= <value>

if so, does the user running Splunk has the *nix System permission to open up a privileged port ( the TCP ports below 1024 ) ?

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi matrix154,

looks like you enabled the trap host in inputs.conf and set the trap port to be 162, right?

*The TRAP port to listen on. Defaults to 162
trap_port= <value>

*The trap host. Defaults to localhost
trap_host= <value>

if so, does the user running Splunk has the *nix System permission to open up a privileged port ( the TCP ports below 1024 ) ?

cheers, MuS

Damien_Dallimor
Ultra Champion

If you look at the build-pysnmp-mib script , it uses smidump. So your smidump program is probably not parsing your FORTINET-FORTIGATE-MIB.mib file correctly because you don't have your smidump environment setup correctly to resolve the mib dependencys that FORTINET-FORTIGATE-MIB.mib refers to.Ergo, it pipes through "empty input" to the libsmi2pysnmp program which is what turns the smidump output into python modules for the SNMP Modular Input to load. In my environment , there are entrys in /etc/smi.conf for the directorys where mibs live that will be resolved by smidump.

0 Karma

matrix154
New Member

Hi Damien,
yes i did, but same behavior.
I've noticed that the builder "build-pysnmp-mib" some times is not able to read the source file *.mib

Here an example:
-rw-r--r-- 1 root root 166605 Jan 29 11:03 /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib
root@xxx#
root@xxx# build-pysnmp-mib -o /home/splunker/splunk/etc/apps/snmp_ta/bin/mibs/FORTINET-FORTIGATE-MIB.py /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib
Empty input
smidump -f python /usr/share/mibs/netsnmp/FORTINET-FORTIGATE-MIB.mib | libsmi2pysnmp fails
root@xxx#

Thank you

0 Karma

Damien_Dallimor
Ultra Champion

Aside from converting the MIB files to python modules and placing them in /home/splunker/etc/apps/snmp_ta/bin/mibs/ , have you also listed the MIB names you want applied in the SNMP input ?

0 Karma

MuS
SplunkTrust
SplunkTrust

you're welcome. please feel free to accept the answer

0 Karma

matrix154
New Member

thank you.
I wished to solve this without predefining any highports.

It works now! How ever the output shows extrem strange as it is unable to handle the MIB files.

This is now another issue.

Thank you

0 Karma

MuS
SplunkTrust
SplunkTrust

personally I would set it to listen some higher port like 8162 and setup a iptables NAT rule to route 162 to 8162.

0 Karma

matrix154
New Member

Hi Mus,

yes i left these field empty so that it take the default values. For the permissions the user "splunker" is member of sudoers.

Futher i've set ubuntu to allow the script snmp.py to listen to port 162 with this command "setcap 'cap_net_bind_service=+ep' /home/splunker/splunk/etc/apps/snmp_ta/bin/snmp.py"

Thanks

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...