- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Configure NET-SNMP (Windows) for Splunk to send tr...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Configure NET-SNMP (Windows) for Splunk to send traps to NMS
I am having a heck of a time understanding NET-SNMP configuration and am hoping that has successful done this for windows can assist me. Please do not post links to NET-SNMP tutorials etc as I have been through ALL of them and I am still having issues.
Really all I need to figure out is how change the port on the NET-SNMP and NET-SNMPtrap service to use ports 1161 and 1162. I have tried snmpconf -i and did not have much luck.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, I found a useful debugging link -> http://wiki.splunk.com/Community:TroubleshootingAlertScripts
Which helped me create a batch (Windows) script that really worked.
Here it is. Maybe it will help the next person.
Change content to meet your specific needs.
Uncomment the echo lines for debug.
@echo off
:echo ---------------------------------------- >> "n:\temp\test_output.txt"
:echo %0, %1, %2, %3, %4, %5, %6, %7, %8 >> "n:\temp\test_output.txt"
:date /T >> "n:\temp\test_output.txt"
:time /t >> "n:\temp\test_output.txt"
set SNMPAGENTHOST=10.2.192.32
set SNMPAGENTPORT=162
set TRAPOID=1.3.6.1.4.1.27389.1.2
set OID=1.3.6.1.4.1.27389.1.1
set SNMPCOMMUNITY=public
set SNMPTRAPCMD=C:\Net-SNMP\bin\snmptrap.exe
for /f "usebackq" %%h in (`hostname`) do @set myhost=%%h
set num=%~1
set num=%num:'=%
set terms=%2
set query=%3
set sname=%4
set reason=%5
set permalink=%6
set tags=%7
set resultspath=%8
:echo %SNMPTRAPCMD% -v 2c -c %SNMPCOMMUNITY% %SNMPAGENTHOST%:%SNMPAGENTPORT% '' %TRAPOID% %OID%.1 i %num% %OID%.2 s %terms% %OID%.3 s %query% %OID%.4 s %sname% %OID%.5 s %reason% %OID%.6 s %permalink% %OID%.7 s %tags% %OID%.8 s %resultspath% >> "n:\temp\test_output.txt"
%SNMPTRAPCMD% -v 2c -c %SNMPCOMMUNITY% %SNMPAGENTHOST%:%SNMPAGENTPORT% '' %TRAPOID% %OID%.1 i %num% %OID%.2 s %terms% %OID%.3 s %query% %OID%.4 s %sname% %OID%.5 s %reason% %OID%.6 s %permalink% %OID%.7 s %tags% %OID%.8 s %resultspath%
:echo error level returned from command is %errorlevel% >> "n:\temp\test_output.txt"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jan could you forward the original on to me once you receive it...Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear wsnyder.
I see that the backslashes are missing. In some cases I could figure out which ones but could you send me a pm with the original script? Would be nice,
thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do not have the answer but a similar problem.
We are trying to get alerts from Splunk to generate snmp traps which we want to set to another vendor's snmp server. We have tried both batch and perl scripts at
link text
But no luck. We have been able to get splunk alerts to run echo.bat but not script that send snmp traps. Very frustrating.
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
