Re: SNMP Modular Input: Is it possible to listen f...

cafissimo · ‎06-24-2016

Hello,

Please, I would like to know if it is possible to listen for snmp trap v2 AND snmp trap v3 on the same Splunk instance at the same time.

Thanks in advance.

Damien_Dallimor · ‎06-24-2016

You should be able to. Just setup 2 separate SNMP stanzas on different trap listening ports.

cafissimo · ‎06-27-2016

Hello Damien,
thank you, but I need to set both listener (v2 and v3) on the same port, do you think this is feasible?
If not, is there any kind of workaround you suggest?
For example, I was thinking to create another network interface on the splunk host, then set v2 to listen on an interface, v3 on the other one and having packet forwarded via iptables from one interface to another.
With this config the v2 listener will discard v3 udp packets (but forward all traps to the other interface) and v3 listener will discard v2 packets and keep v3 packets.

Stevelim · ‎06-24-2016

In case the SNMP Modular input dont work, check out Kepware's SNMP Driver. It is GUI driven, combined with the IDF, you can accquire and listen to the SNMP traps.

https://www.kepware.com/products/kepserverex/drivers/snmp/

SNMP Modular Input: Is it possible to listen for SNMP trap v2 and trap V3 at the same time on the same Splunk instance?

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!