Solved: snmp-ma: How to resolve error "ERROR snmp:82 - No...

DougMelstrom · ‎06-06-2017

I installed the snmp-ma add-on into our test environment, created a test alert with settings below.

Did I miss a step in the install for the add-on or are my settings off?

snip-it of the advance edit of the alert for snmp:
action.snmp.command
sendalert $action_name$ results_file="$results.file$" results_link="$results.url$"

action.snmp.description
Generic SNMP TRAP to a specified server

action.snmp.disabled
0

action.snmp.hostname
dxvmnpmxxx.customer.com

action.snmp.icon_path
snmp.png

action.snmp.is_custom
1

action.snmp.label
SNMP Trap

action.snmp.maxresults
10000

action.snmp.maxtime
5m

action.snmp.param.community
public

action.snmp.param.mibname
SNMPv2-MIB

action.snmp.param.mibobject
1.3.6.1.2.1.1

action.snmp.param.port
162

action.snmp.param.serverip
10.22.210.36

action.snmp.payload_format
json

action.snmp.track_alert
0

action.snmp.ttl
10p

info in /opt/splunk/var/log/splunk/python.log

2017-06-02 15:54:06,262 -0600 INFO      snmp:64 - splunkapp: search, splunksearch: snmp-trap2, snmp_server: 10.22.218.36, snmp_port: 162, snmp_community: public, snmp_mibname: SNMPv2-MIB, snmp_mibobject: 1.3.6.1.2.1.1
2017-06-02 15:54:06,355 -0600 ERROR     snmp:82 - No symbol SNMPv2-MIB::1.3.6.1.2.1.1 at . Traceback: Traceback (most recent call last):
  File "/opt/splunk/etc/apps/snmp-ma/bin/snmp.py", line 74, in execute
    NotificationType(ObjectIdentity(mibname, mibobject))
  File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/hlapi/asyncore/sync/ntforg.py", line 114, in sendNotification
    lookupMib=options.get('lookupMib', True))
  File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/hlapi/asyncore/ntforg.py", line 145, in sendNotification
    vbProcessor.makeVarBinds(snmpEngine, varBinds),
  File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/hlapi/varbinds.py", line 51, in makeVarBinds
    varBinds.resolveWithMib(mibViewController)
  File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/smi/rfc1902.py", line 1130, in resolveWithMib
    self.__objectIdentity.resolveWithMib(mibViewController)
  File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/smi/rfc1902.py", line 477, in resolveWithMib
    self.__modName, self.__symName
  File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/smi/builder.py", line 381, in importSymbols
    'No symbol %s::%s at %s' % (modName, symName, self)
SmiError: No symbol SNMPv2-MIB::1.3.6.1.2.1.1 at

Info in /opt/splunk/var/log/splunk/dplunkd.log

06-01-2017 08:36:05.407 -0600 INFO  sendmodalert - Invoking modular alert action=snmp for search="snmp-trap2" sid="scheduler__admin__search__RMD5d388e7465c0cfc4c_at_1496327760_8945" in app="search" owner="admin" type="saved"
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:payload = {u'owner': u'admin', u'search_name': u'snmp-trap2', u'app': u'search', u'configuration': {u'mibname': u'SNMPv2-MIB', u'port': u'162', u'community': u'public', u'serverip': u'10.22.218.36', u'mibobject': u'1.3.6.1.2.1.1'}, u'results_file': u'/opt/splunk/var/run/splunk/dispatch/scheduler__admin__search__RMD5d388e7465c0cfc4c_at_1496327760_8945/results.csv.gz', u'server_uri': u'https://127.0.0.1:8089', u'session_key': u'Gcp_7mgJsYNzALPvPeCtMEQ8qsAVI9sdNJLxudpN8x58wipnE8T50MDB7NRvgTWaT_y0e5z5qDnWm1czIUgQcKDlooS1ckXdJ1FRiCRUtzDi9aM_zEo8QoU8cp^J9iagMpGkvYNonpeiXo', u'sid': u'scheduler__admin__search__RMD5d388e7465c0cfc4c_at_1496327760_8945', u'server_host': u'd0xvmnpqsxxx', u'results_link': u'https://d0xvmnpqsxxx:8000/app/search/@go?sid=scheduler__admin__search__RMD5d388e7465c0cfc4c_at_1496327760_8945', u'result': {u'count': u'4806339'}}
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:config = {u'mibname': u'SNMPv2-MIB', u'port': u'162', u'community': u'public', u'serverip': u'10.22.218.36', u'mibobject': u'1.3.6.1.2.1.1'}
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:splunkapp = search
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:splunksearch = snmp-trap2
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:serverip = 10.22.218.36
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:port = 162
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:community = public
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:mibname = SNMPv2-MIB
06-01-2017 08:36:05.632 -0600 ERROR sendmodalert - action=snmp STDERR -  CRITICAL:root:mibobject = 1.3.6.1.2.1.1
06-01-2017 08:36:05.633 -0600 ERROR sendmodalert - action=snmp STDERR -  INFO:splunk:splunkapp: search, splunksearch: snmp-trap2, snmp_server: 10.22.218.36, snmp_port: 162, snmp_community: public, snmp_mibname: SNMPv2-MIB, snmp_mibobject: 1.3.6.1.2.1.1
06-01-2017 08:36:05.722 -0600 ERROR sendmodalert - action=snmp STDERR -  ERROR:splunk:No symbol SNMPv2-MIB::1.3.6.1.2.1.1 at . Traceback: Traceback (most recent call last):
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -    File "/opt/splunk/etc/apps/snmp-ma/bin/snmp.py", line 74, in execute
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -      NotificationType(ObjectIdentity(mibname, mibobject))
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -    File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/hlapi/asyncore/sync/ntforg.py", line 114, in sendNotification
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -      lookupMib=options.get('lookupMib', True))
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -    File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/hlapi/asyncore/ntforg.py", line 145, in sendNotification
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -      vbProcessor.makeVarBinds(snmpEngine, varBinds),
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -    File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/hlapi/varbinds.py", line 51, in makeVarBinds
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -      varBinds.resolveWithMib(mibViewController)
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -    File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/smi/rfc1902.py", line 1130, in resolveWithMib
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -      self.__objectIdentity.resolveWithMib(mibViewController)
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -    File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/smi/rfc1902.py", line 477, in resolveWithMib
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -      self.__modName, self.__symName
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -    File "/opt/splunk/etc/apps/snmp-ma/bin/pysnmp/smi/builder.py", line 381, in importSymbols
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -      'No symbol %s::%s at %s' % (modName, symName, self)
06-01-2017 08:36:05.723 -0600 ERROR sendmodalert - action=snmp STDERR -  SmiError: No symbol SNMPv2-MIB::1.3.6.1.2.1.1 at 
06-01-2017 08:36:05.743 -0600 INFO  sendmodalert - action=snmp - Alert action script completed in duration=334 ms with exit code=0

DougMelstrom · ‎02-21-2018

hi, I switched over to he SNMP Trap Splunk Modular Alert App for Netcool, and that is working, did not try the changes you recommended. If I get another request for a non-netcool app, I will try it.

View solution in original post

DougMelstrom · ‎02-21-2018

hi, I switched over to he SNMP Trap Splunk Modular Alert App for Netcool, and that is working, did not try the changes you recommended. If I get another request for a non-netcool app, I will try it.

jkat54 · ‎07-15-2017

It doesn't like the mib object 1.3.6.1.2.1.1 which is referring to System. However you should be providing further details such as .1-.7

1.3.6.1.2.1.1.1 - sysDescr
1.3.6.1.2.1.1.2 - sysObjectID
1.3.6.1.2.1.1.3 - sysUpTime
1.3.6.1.2.1.1.4 - sysContact
1.3.6.1.2.1.1.5 - sysName
1.3.6.1.2.1.1.6 - sysLocation
1.3.6.1.2.1.1.7 - sysServices

2017-06-02 15:54:06,262 -0600 INFO snmp:64 - splunkapp: search, splunksearch: snmp-trap2, snmp_server: 10.22.218.36, snmp_port: 162, snmp_community: public, snmp_mibname: SNMPv2-MIB, snmp_mibobject: 1.3.6.1.2.1.1

Or you could try using the name instead, ex: sysUptime

jkat54 · ‎08-17-2017

@DougMelstrom

Did my answer help?

jkat54 · ‎10-21-2017

@DougMelstrom can you come back to this thread please?

jkat54 · ‎12-02-2017

@DougMelstrom can you please let us know if you have found a solution?

snmp-ma: How to resolve error "ERROR snmp:82 - No symbol" in python.log?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor