SNMP Modular Input v1.4.2

By Damien Dallimore

Overview

This is a Splunk modular input add-on for polling SNMP attributes and catching traps.

Activation Key

You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key

Features

Dependencies

Setup

SNMP Version 3 Crypto Libraries

If you are using SNMP version 3 , you have to obtain, build and add the pycrypto package yourself :

https://pypi.python.org/pypi/pycrypto

The simplest way is to build pycrypto and drop the "Crypto" directory in $SPLUNKHOME/etc/apps/snmpta/bin. I don't recommend installing the pycrypto package to the Splunk Python runtime's site-packages, this could have unforeseen side effects.

Building and installing PyCrypto

I do not bundle the pycrypto module with the core release , because :

So , here are a few instructions for building and installing pycrypto yourself :

Adding Custom MIBs

The pysnmp library is used under the hood so you need to convert your plain text MIB files into python modules.

Many industry standard MIBs ship with the Modular Input. You can see which MIBs are available by looking in SPLUNKHOME/etc/apps/snmpta/bin/mibs/pysnmp_mibs-0.1.4-py2.7.egg

Any additional custom MIBs need to be converted into Python Modules.

You can simply do this by using the build-pysnmp-mib tool that is part of the pysnmp installation. Note ,that you will need to install pysnmp version 4.2.5 in order to get the utility tools , as the latest releases of pysnmp no longer contain these tools. https://pypi.python.org/pypi/pysnmp/4.2.5

build-pysnmp-mib -o SOME-CUSTOM-MIB.py SOME-CUSTOM-MIB.mib

build-pysnmp-mib is just a wrapper around smidump.

So alternatively you can also execute :

smidump -f python <mib-text-file.txt> | libsmi2pysnmp > <mib-text-file.py>

Then you can either copy the generated python files to SPLUNKHOME/etc/apps/snmpta/bin/mibs or build a Python "egg" of the generated python files(maybe tidier if you have many python files) and copy the egg to that same location.

In the configuration screen for the SNMP input , there is a field called “MIB Names” (see above).

Here you can specify the MIB names you want applied to the SNMP input definition ie: IF-MIB,DNS-SERVER-MIB,BRIDGE-MIB

The MIB Name is the same as the name of the MIB python module in your egg package.

Custom Response Handlers

You can provide your own custom Response Handler. This is a Python class that you should add to the snmp_ta/bin/responsehandlers.py module.

You can then declare this class name and any parameters in the SNMP Modular Input setup page.

For the most part the Default Response Handler should suffice.

But there may be situations where you want to format the response in a manner that is more convenient for handling your data ie: CSV or JSON.

Furthermore , you can also use a custom Response Handler implementation to perform preprocessing of your raw response data before sending it to Splunk.

Logging

Any modular input log errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log

These are also searchable in Splunk : index=_internal error snmp.py

Troubleshooting