Today no script but a small informative post explaining the bare bone basics of SNMP.
Anyone with any knowledge about SNMP will have no use for this information so this really will be more of an introduction into this subject.
So.. What is SNMP?
SNMP is short for Simple Network Management Protocol. This is a protocol used by devices to communicate/read/write information about the device itself.
A second term that should be known is OID. SNMP makes use of a list of OID's, these are basically long numbers. Each OID/number correlates to a statistic or property of the device. A server for example would have a single OID for the temperature of the CPU or one for the status of a disk while a router might have an OID for the amount of VPN sessions that is active. Each property/statistic of a device has an OID attached to it.
So basically the devices has a huge list of long numbers (the OID's) that have values behind them. (For example 55 .. If the OID corresponds to a temperature sensor this means the OID is showing us that the temperature the sensor is detecting is 55 degrees)
How can that help us?
Easy. There are 2 ways we can make use of the SNMP protocol on devices. One is active, the other passive.
Before I start explaining the active method however there are some things we need to know about SNMP.
SNMP by default is either off or set to default settings on devices. With network devices SNMP mostly can be turned on and set up through either web UI or CLI, desktops and servers need to have the SNMP feature installed and can then reach the settings by going into services -> SNMP -> Properties -> Security
Here you can set a community (this is the name that allows further use of SNMP, this can be set to anything you like) and hosts that are allowed to reach the SNMP.
SNMP (and therefor the OID's) can be reached depending on version of the SNMP. As of this post the most used versions are v1 (old devices), v2c (Common and easy set up) and v3 (Common, better security than v2c).
v1 and v2c are easiest to set up as they only require a made up community name and be used from an allowed host. v3 however requires you to also make up account information (and possible security group) that will be used as additional security.
The setting up itself is easily done once understood. However, we now have SNMP but no use yet? Let's get into the active method first.
You can actively have software read out (or sometimes even write) OID's on a device which can allow you to monitor hardware statuses (even remotely) of devices that normally will not warn you.
Most monitoring software created to monitor devices in any way will allow the monitoring of SNMP as well.
To summarize.. When you know what OID belongs to what status, you can let software retrieve the value from that OID and determine whether the status is as it should be.
Example below whereby I have set up the monitor software I manage to retrieve the battery status of an UPS and report to me when it is not "2" which in this case is "Normal".
How do we get the OIDs in the first place?
Well, we first have to read out the device. Some people prefer using command lines for it, i myself prefer more GUI-based software. I usually run iReasoning MIB Browser for this.
By filling in the target IP, community name and other required information i can get a massive list of OIDs from the device.
The OID is simply a long number though so it is normal that we do not know what OID belongs to what status.
While some OIDs might be named, a good few of them won't be. Some OIDs, you will be able to identify by looking at the values and matching them to the hardware statuses shown in webUI or somewhere else.
There is a method developers use to help us find the correct OID's though. It is called MIB. A MIB is simply a file containing a lot of OIDs and what device properties they belong to.
The good part is that these MIB's can be loaded into either the monitor software directly or into the iReasoning MIB Browser. This will make it a lot easier to find the correct OID's.
The bad part is the OID's have a tendency to change through device-releases and some times even firmware updates. Combine this with not all developers releasing MIB's frequently makes it so that there is always a good chance of an MIB file containing outdated OID's and thus can not be used.
Aside from reading the values, some OIDs can also be written to. This means that you can overwrite the information on it. This could have use when you for example want the device description, location or other text-setting to be adjusted.
To conclude the active SNMP part.
- Set up SNMP on the target with community name and allowed hosts
- Connect to the device using iReasoning MIB Browser, command line or retrieve information out of an MIB directly. Retrieve the OIDs that are important to you.
- Have monitoring software read out the SNMP using the community name and OID. Allowing it to read out the value and perhaps check on whether the value is within set limits makes it so that any automatic monitoring software will allow you to keep every part of the device in check
This way you can be alerted the moment the device has any issues at all. Below an example of a device that I monitor through monitoring software (In this case a NAS).
That was the active method as there is other software actively retrieving information from the device.
The passive method is called SNMP traps and this is initiated from the target device itself.
From the device's webUI, CLI or the settings from the SNMP service you can turn on SNMP traps. What this mean is that it will send information to the destination you have set up instead of waiting for software to ask for OIDs.
There are different software packages that support receiving snmp traps and a few device-brands have their own monitoring software that use snmp traps to notify the software of issues and respond to those. The end result is the same in that the software receives a value which it can then monitor.
As with the other method, all that is needed is a made up community name. Only difference is that this way it will require software that is capable of receiving traps instead of asking for OID's itself.
The technical details and steps differ per device, software and method and as such are better to be searched for on the internet using your specific scenario.
Hopefully this wall of text has helped with realizing what SNMP is and how it can be used.
Categories: SNMP, Informational, Basics
Patrick Berger AKA Powershellder.
[ i ] Parallax section below. Click on the section below to upload image. Don't worry if it looks weird in the Weebly editor. It'll look normal on your published site.
To edit or delete your image, press the "toggle" button below. Then, hover over your image until a popup appears with the "edit" and "delete" options. If you don't want a white content section, leave it blank. It will disappear on your live website.