Solved: Re: SNMP Traffic from windows to Splunk

kristiaan_d · ‎01-28-2011

Hello Everyone, just after some help with Splunk and Windows SNMP data collection, ive had a bit of a read on here and some of the help docs which suggest i setup a seperate piece of software to log SNMP traffic on the server and have Splunk capture this.

I would much prefer to have Splunk capture the traffic directly to save having to admin a log files on servers and maintain extra software, i have setup my SNMP service in windows to point at the PC running Splunk but so far i cannot see anywhere in Splunk that shows me its acutally collecting data ?

can someone please offer some advice or help on how to configure the inbuilt snmp system with windows so that splunk can use it?

this is not a firewall problem btw ive already double checked that and both machines firewalls are disabled for this test.

Kris

chris · ‎01-29-2011

Hi Kris

You've probably come accross this: http://www.splunk.com/base/Documentation/latest/Admin/SendSNMPeventstoSplunk

The instructions are pretty clear, splunk will not be able to handle the SNMP Traps (you are talking about clients sending Traps to the Splunk Server right?)

We have setup an snmp daemon at our company which logs traps and it works fine.

Good luck

Chris

View solution in original post

chris · ‎01-29-2011

Hi Kris

You've probably come accross this: http://www.splunk.com/base/Documentation/latest/Admin/SendSNMPeventstoSplunk

The instructions are pretty clear, splunk will not be able to handle the SNMP Traps (you are talking about clients sending Traps to the Splunk Server right?)

We have setup an snmp daemon at our company which logs traps and it works fine.

Good luck

Chris

chris · ‎09-06-2012

Hi cqian02, do you see any network traffic on port 162 (or whatever you configured)?

cqian02 · ‎09-04-2012

Hi Chris, I've configured SNMPTRAP on a Windows server using Net-SNMP(according to the documentation), now I'm able to create the snmptrapd.log file, but I didn't see any data coming in the log file. Do you have any idea why this happened? Thank you very much.

chris · ‎01-31-2011

don't worry, the Windows version is a bit behind, the linux binary distribution try: http://sourceforge.net/projects/net-snmp/files/net-snmp%20binaries/5.5-binaries/

kristiaan_d · ‎01-31-2011

ok at the risk of sounding dumb, ive searched the net-snmp site for a windows download and there only seems to be linux RPM files all over the place... wheres the windows version?

chris · ‎01-31-2011

Hi Kris, yes we are using net-snmp.

kristiaan_d · ‎01-31-2011

Hi Chris, just one final question, been as i now need an SNMP Daemon did you use the one suggested in the splunk article? or did you choose a different one? if you chose a different daemon can you let me know what it was please?

chris · ‎01-31-2011

Hi Kris, I am afraid, that you won't get around setting up an snmp daemon. I'm not sure why Splunk does not have this integrated. But I guess it is because they would have to maintain and support an snmp daemon which will only capture one log source. And there already are good tools that will generate data Splunk can read.

kristiaan_d · ‎01-31-2011

Hi Chris,
thanks for the reply, yes i basically want my web server to send snmp traffic to splunk and have splunk capture it, however if im reading your reply correctly and other peoples experiences, this is not possible i have to setup a system to capture this and write it to a txt file??

not sure where the logic for this was thought up but if thats the only way i can do it i will look at trapping the data..

SNMP Traffic from windows to Splunk

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability