SNMP monitoring: Tips to use the Simple Network Management Protocol

March 10, 2017

SNMP monitoring: Tips to use the Simple Network Management Protocol

This post is also available in: Spanish

What is SNMP monitoring?

In the most general terms, network monitoring means the use of available communication protocols to collect information on the status of communication systems, whether they be routers, land line communications or cell phones. This article will talk about one of the most currently-used protocols, SNMP, and how to exploit it in order to harvest data, covering all that you need to know to begin using SNMP monitoring. SNMP, or Simple Network Management Protocol, belongs to the application layer of a network, and allows information to be exchanged between network devices.

SNMP works in two ways: by polling or by traps. Polling consists of launching remote queries, either actively or on demand, carrying out operation queries synchronously. Traps, meanwhile, are messages sent by SNMP devices asynchronously, according to changes or events, to configured addresses. To get the most out of SNMP monitoring, it’s best to use both modes when setting up a monitoring system. Incidentally, the protocol has three versions; 1 (SNMPv1) and 2 (SNMPv2), most frequently found on professional setups, and SNMPv3, which has extra security features, but has struggled to find a market.

SNMP polling

The protocol works by launching a query against an IP address, and requires a specific parameter: the SNMP community string, an alphanumeric chain used to authorize the operation, and which adds an extra layer of security. When an SNMP check is launched against a compatible device, you get a list containing a lot of data that can be difficult to interpret at first:

# snmpwalk –v 1 –c public

snmp monitoring

monitorizacion snmp

Each line returned by snmpwalk has an OID (object identifier) and corresponds to a piece of data determined by the device. To better understand what the values returned by the SNMP check are, you can install the system manufacturer’s MIBs (management information base). MIBs are libraries that translate these numeric chains into a legible format allowing us to interpret the data.

Let’s look at some data we’ve got back after executing an SNMP check with the MIBs installed:

snmp monitoring

There are also web sites where you can consult any of these OIDs in case of doubt. If you know the OIDs you want to monitor, you can carry out the query like this by indicating the alphanumeric code that appears after the IP address in question:

monitorizacion snmp

# snmpwalk –v 1 –c public IF-MIB::ifPhysAddress.2

snmp monitoring

Done like this, only the values of the SNMP object queried will be shown, so if you have a monitoring tool the data will be included in the different checks. In this case, we created a basic SNMP monitoring for a few devices using Pandora FMS, and the result is as follows:

snmp monitoring

snmp monitoring

SNMP polling alerts

Once data collection on modules via SNMP polling is being carried out, we can create alerts on Pandora FMS for those modules, executing actions proactively in function of the thresholds we’ve configured, and they work in the same way as any other alerts for any modules on Pandora FMS.

SNMP trap monitoring

First configure your devices to send traps when specific circumstances are met, and secondly set up a tool that can collect the SNMP traps it receives, whether it be a machine with the necessary services, or a piece of monitoring software. How you configure the SNMP devices will depend on the manufacturer’s model and the device itself, and is carried out from a management interface accesible via a browser and its IP address.

Traps can be received in Linux by using the demon snmptrapd, installed as follows, e.g. on CentOS systems:

# yum install net-snmp-utils net-snmp-libs net-snmp

In our example we’re going to use Pandora FMS to receive and process the SNMP traps. If you already have a Pandora FMS server installed you won’t need any new dependencies, but you’ll have to enable it to receive the traps. Search for snmpconsole in the pandora_server.conf file and enable it as follows:

snmpconsole 1

Once the SNMP traps console is enabled Pandora FMS will be able to receive and process them and display them in the corresponding section:

snmp monitoring

To ensure the incoming traps are arriving correctly, you can consult the corresponding log file, usually at: /var/log/snmptrapd.log.

SNMP trap alerts

Alerts can also be configured via SNMP monitoring for the traps we prepared. In this case they won’t function in the same way as any other module, unlike with SNMP polling, but instead are based on filtering rules. Using these rules we can identify traps belonging to other devices, filter the contents of said trap, OID, etc..

In the next screenshot you can see various alerts created with different filtering options, and actions checking that everything is working fine:

snmp monitoring

    Written by:

    1. […] HP Operations Manager®, which is its original name? Although Tivoli® was founded in 1989, it was not until 1991 that its software was released and then acquired by IBM® in 1996. In the meantime, exactly in 1993, what would later become the HP Operations Manager was launched. In that first release it was called HP OpenView Operations®, a name under which we will find a lot of old information, but still echoes in today’s web search engines. Yes, we said it’s legendary software, don’t be surprised. Maybe some of the readers will be more familiar with that name. In 1999 it became known as HP OpenView Operations ITO®, when they added support for SNMP monitoring. […]

    Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.