Getting Data In

Send SNMP trap to other systems

mznikkip
Engager

I've read the documentation on how to send SNMP traps to other systems, however, I'm confused. How does traphosts.pl know to run sendsnmptrap.pl? I have the IP addresses for my trap receivers but not sure which parameters to change in sendsnmptrap.pl.

Tags (3)
0 Karma
1 Solution

briang67
Communicator

In the sendsnmptrap.pl you'll want to change the $hostPortSNMP wiith the IP and port of your trap receiver.

View solution in original post

briang67
Communicator

In the sendsnmptrap.pl you'll want to change the $hostPortSNMP wiith the IP and port of your trap receiver.

mznikkip
Engager

Ahhh got it. I did a yum install for net-snmp-utils and now it seems to be working. Thanks for your help through this matter!

0 Karma

briang67
Communicator

The snmptrap binary is in a separate rpm: net-snmp-utils.

0 Karma

mznikkip
Engager

Ok done and done. Sorry for all the questions! I installed Net-SNMP but snmptrap does not appear in /usr/bin. In the directory where I did install it, I still don't even see /bin directory or 'snmptrap'.

0 Karma

briang67
Communicator

One way to test would be to just run a tcpdump or snoop on the receiving host to see if the trap was received.

0 Karma

briang67
Communicator

You can set a second variable like #hostPortSNMP2 and just run the $cmd a second time substituting the new variable

0 Karma

mznikkip
Engager

Is there a way to send to two different trap receivers? Or would I have to create another sendsnmptrap.pl?
Also, how do I test to make sure it's working?

0 Karma

briang67
Communicator

We use the trap script extensively at my company for alerting purposes. With our setup we call a shell script from the saved search called sendtrap.sh - that calls a customized version of the perl script sendsnmptrap.pl. The script passes the parameters needed for the perl script.

The shell script looks like this:

 #!/bin/sh
cd /opt/splunk/bin/scripts
$(./sendtrapv15.pl "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8")
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...