By Damien Dallimore
This is a Splunk modular input add-on for polling SNMP attributes and catching traps.
You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key
Settings -> Data Inputs -> SNMPto add a new Input stanza via the UI
inputs.conffile should be placed in a
localdirectory under an App or User context.
If you are using SNMP version 3 , you have to obtain, build and add the pycrypto package yourself :
The simplest way is to build pycrypto and drop the "Crypto" directory in $SPLUNKHOME/etc/apps/snmpta/bin. I don't recommend installing the pycrypto package to the Splunk Python runtime's site-packages, this could have unforeseen side effects.
I do not bundle the pycrypto module with the core release , because :
So , here are a few instructions for building and installing pycrypto yourself :
Download the pycrypto package from https://pypi.python.org/pypi/pycrypto
Then run these 3 commands (note : you will need to use a System python 2.7 runtime , not the Splunk python runtime)
python setup.py build python setup.py install python setup.py test
Browse to where the Crypto module was installed to ie: /usr/local/lib/python2.7/dist-packages/Crypto
Copy the "Crypto" directory to $SPLUNKHOME/etc/apps/snmpta/bin
The pysnmp library is used under the hood so you need to convert your plain text MIB files into python modules.
Many industry standard MIBs ship with the Modular Input. You can see which MIBs are available by looking in SPLUNKHOME/etc/apps/snmpta/bin/mibs/pysnmp_mibs-0.1.4-py2.7.egg
Any additional custom MIBs need to be converted into Python Modules.
You can simply do this by using the build-pysnmp-mib tool that is part of the pysnmp installation. Note ,that you will need to install pysnmp version 4.2.5 in order to get the utility tools , as the latest releases of pysnmp no longer contain these tools. https://pypi.python.org/pypi/pysnmp/4.2.5
build-pysnmp-mib -o SOME-CUSTOM-MIB.py SOME-CUSTOM-MIB.mib
build-pysnmp-mib is just a wrapper around smidump.
So alternatively you can also execute :
smidump -f python <mib-text-file.txt> | libsmi2pysnmp > <mib-text-file.py>
Then you can either copy the generated python files to SPLUNKHOME/etc/apps/snmpta/bin/mibs or build a Python "egg" of the generated python files(maybe tidier if you have many python files) and copy the egg to that same location.
In the configuration screen for the SNMP input , there is a field called “MIB Names” (see above).
Here you can specify the MIB names you want applied to the SNMP input definition ie: IF-MIB,DNS-SERVER-MIB,BRIDGE-MIB
The MIB Name is the same as the name of the MIB python module in your egg package.
You can provide your own custom Response Handler. This is a Python class that you should add to the snmp_ta/bin/responsehandlers.py module.
You can then declare this class name and any parameters in the SNMP Modular Input setup page.
For the most part the Default Response Handler should suffice.
But there may be situations where you want to format the response in a manner that is more convenient for handling your data ie: CSV or JSON.
Furthermore , you can also use a custom Response Handler implementation to perform preprocessing of your raw response data before sending it to Splunk.
Any modular input log errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log
These are also searchable in Splunk :
index=_internal error snmp.py