Get More Out Of Network Monitoring With SNMP

Learning IP addressing was a little traumatic for me. All that math, bit boundaries, network vs. host portion of the addresses, and on and on.

So when it came to learning SNMP, I wasn’t looking forward to untangling something that looked like this called an Object Identifier (OID):

1.3.6.1.4.1.2.1.13.1.1.7.6.1.8

Thankfully I learned that if I had the community string (essentially a password) I could give that to SolarWinds or [insert monitoring software here] and it would happily go off and get me the basic information from that device: CPU, memory, interface details, and volume types, sizes, and consumption.

But what if your device can provide more than that?

Battery level and power consumption of your UPS? Humidity in your data center from your NetBotz appliance? The current status (primary/secondary) of your HSRP pair?

All of this and more is at your fingertips if you know a little more about SNMP. So, onward then.

The first four numbers 1.3.6.1 start the Internet (more than one computer connected, not the Internet) tree of the SNMP protocol. Their values are:

  • 1 = iso
  • 3 = org
  • 6 = dod
  • 1 = internet

At that point, it splits off into two paths – management (2.1) and private (4.1) and represent numeric paths to information in a tree.

It works just as if you were navigating to C:\Windows\System32\Drivers\etc\hosts. If you were to do that numerically (at least on my system, counting from the first folder alphabetically), it would look like C: (1), Widows (12), System32 (62), Drivers (32), etc (2), hosts (1) or, written out:

1.12.62.32.2.1

Standard (1.3.6.1.2.1…)

The former is going to be “standard” objects like CPU, memory, number of interfaces, details about the device (system name, system contact, system location, etc.) and some generic details about broad types of devices.

For example,

  • 1.3.6.1.2.1.1.1 – sysDescr (system description)
  • 1.3.6.1.2.1.1.2 – sysObjectID (identifier for this particular model of device)
  • 1.3.6.1.2.1.1.3 – sysUpTime (system uptime)
  • 1.3.6.1.2.1.1.4 – sysContact (system contact – configurable on the device)
  • 1.3.6.1.2.1.1.5 – sysName (system name – what the device believe it’s called)
  • 1.3.6.1.2.1.1.6 – sysLocation (system location – configurable on the device)
  • 1.3.6.1.2.1.1.7 – sysServices (services offered by this device – a sum of the OSI layers)

Private (1.3.6.1.4.1…)

The latter is going to be “private” enterprise objects that are provided by the vendor. That can vary depending on the complexity of the device, the vendor providing it, and the software installed on the device. The OIDs start with 1.3.6.1.4.1 and the very next value is the enterprise number of the vendor (e.g., 1 = Proteon, 9 = Cisco, 11 = Hewlett-Packard).

Every value beyond the enterprise number is up to the vendor. Thankfully SolarWinds has you covered and all the products that deal with SNMP have all the MIBs (basically lookup tables for this information) pre-compiled into them. Each time you patch, you get the latest versions.

For example,

  • 1.3.6.1.4.1.9.9.13.1 – ciscoEnvMonPresent (flag indicating whether this Cisco has environmental monitors)
  • 1.3.6.1.4.1.9.9.13.1.3.1.2 – ciscoEnvMonTemperatureStatusDescr (name of each temperature sensor in the device)
  • 1.3.6.1.4.1.9.9.13.1.3.1.3 – ciscoEnvMonTemperatureStatusValue (Celsius value of each temperature sensor in the device)
  • 1.3.6.1.4.1.9.9.13.1.3.1.6 – ciscoEnvMonTemperatureState (numeric state [see Cisco for the meaning of each value] indicating how close the device is to shutting down based on its tolerance for heat)

So now that you know what you’re looking for, what do you do with it?

Enter: Universal Device Poller

There is an often-overlooked utility called the Universal Device Poller (UnDP) that comes installed with Network Performance Monitor. You can get to it via Remote Desktop (RDP) to the system where the software is installed and looking for it by name.

Step 1: Find the What You Want to Monitor

There are a few ways to do this:

First, you can ask the system what information it’s capable of providing by doing a “MIB walk” that produces a spreadsheet of the OIDs, the names of each piece of information, and the current value. The simplest way to do this is with the MIB Walk utility included in the SolarWinds Engineer’s Toolset. You can download a trial to give it a try, but it’s well worth the money the first couple times you use it.

Second, you can do a Google search for want using keywords like “cisco temperature state oid” and more often than not you’re going to find someone with a blog post like this one, a forum where the question has been asked and answered, or something from the vendor answering that very question.

Third, you can use Universal Device Poller’s browse utility demonstrated here to hunt for the information. The downside, unless you’ve got a pretty current/high-end device is that you may get frustrated with “OID not supported” messages while you’re searching. If you do have that issue, I recommend option 1 above, running the MIB Walk. It takes a lot of the guesswork out.

Step 2: Create a Poller

I won’t go into the particulars of this process because there are plenty of videos explaining it, but I will say that there are 2 types of pollers: GET and GET TABLE.

Early on there was a need for a third option (GET NEXT) when SolarWinds didn’t support alerting on tables of values, but that’s no longer the case. Always stick to GET for single values (the number of interfaces or the name of the system or the current state of HSRP pair) and GET TABLE for multiple values (the temperature status of all your temperature sensors).

Step 3: Assign the Poller to Your Nodes/Interfaces

Once you have a poller, you need to make sure you assign it to the appropriate devices/interfaces depending on its purpose. A node poller would be something like HSRP status whereas an interface poller would be like the current port security setting or maximum number of MAC addresses allowed.

Step 4: Web Display (Decide Where to See It)

This step is often overlooked, but make sure you pay special attention to this portion of the video. If you don’t enable web display and choose where you want it to show up (e.g., the Node Details – Summary view/tab) it will only be available to back-end things like alerting and reporting. That isn’t necessarily a bad thing, but you may be frustrated when the fruits of your labor aren’t immediately obvious.

That’s it!

The world is your monitoring oyster and you can spend that money you would have otherwise used on a book to learn SNMP to buy delicious things like coffee. You are now an SNMP master.

Steven Klassen
Programmer Analyst

IT-Project-Help