Splunk Search

SNMPTrap setup - no trap written in snmptrapd.log

OL
Communicator

Hello,

I know it is not a direct Splunk question, but I'm trying to SNMP Traps into Splunk and hope someone could help with it.

I followed the Splunk documentation to setup the NET-SNMP on my windows server (http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk). However, no trap is written in the snmptrap.log.

I have configured the snmptrapd.conf as documented. I don't get any errors in the log, just "NET-SNMP version 5.6.1.1" everytime I restart it.

I tried to remove "snmpTrapdAddr [System IP]:162" to listen to all interfaces.
I have checked that the snmptrapd is listening on 162.
I have installed Wireshark and saw that trap are indeed arriving on the server.

But still nothing in the log.

The only time I managed to have something is when I run a dummy trap (snmptrap -v 2c -c public xxx.xxx.xxx.xxx "" ucdStart sysContact.0 s "Dave") from the server to itself. The same trap from another server don't work.

Any idea anyone?

Regards,
Olivier

Tags (2)
0 Karma

christantoy
Path Finder

Hi

Same problem here can you assist me? how i can install net-snmp on my windows 7?

Thanks
Cris

0 Karma

OL
Communicator

Problem solved: it was the Windows Firewall which was blocking the snmptrapd.exe. Adding it to the exception list, and everything is working as described.

0 Karma

cqian02
Explorer

I followed the document to configure SNMPTRAP and I got the log file, but it does not show anything except "NET-SNMP version 5.5". I tried to unblock the file, but still didn't work. Do you have any idea what else reason can it be? Thank you very much.

0 Karma

jbueso
Path Finder

Hi, I have exact the same problem (rhel not windows system)

I just follow instructions from http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

but I can not receive anything in /var/log/snmp-traps. If I start tcpdump -i eth0 'port 162' I can see snmp events arriving my server, but looks like snmptrapd can not write them into file.

Anyone could give me a hint to advance? no iptables or any other firewall is running.

Thanks in advance

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...