Understanding SNMP

SNMP Overview

The question keeps getting asked on the mailing list, how do I learn about SNMP?

Here are a few snmp overviews already on the web :

Managengine What is SNMP?

SNMPlink.org Beginner’s Guide

TheGeekStuff.com SNMP Introduction

The best way to learn about snmp is to do it. Have a couple of test elements to query. The easiest thing to do is spin up a Linux (any flavor) VM and have NET-SNMP installed, or have a SOHO piece of equipment in a lab environment not routed to your production network.

SNMP uses a tree structure with the root at ‘.’, so OIDs (numerical object identifiers which can be translated with a MIB (management information base – a human-readable text file which translates those numbers to names)) all start with ‘.’ Many people omit the dot because it makes more sense to start with the OID 1 instead.

All snmp-enabled nodes are supposed to follow the SNMP RFCs. Wikipedia’s page on SNMP gives an in-depth history of which RFCs go where.

SNMPv1 is old, but still supported by many vendors. SNMPv2c is newer, and supported almost everywhere. SNMPv3 is the newest version, which is adopted in small pockets of industry. SNMPv1 and v2c are UDP protocol (which I think of as the routers shouting into the void of the network), and sometimes get lost when your network engineers start packet-shaping, which is something you might want to look out for when your datacollection graphs start looking weird.

What Every Node Will Tell You

Every SNMP node should give you the system tree, identify its hostname, and its SYSOID which tells you what kind of thing it is. These OIDS will start with .1.3.6.1.2.1.1

This is the first query I do on a node that I’m going to start to monitor (shown for my onms box slightly anonymized, and translated for human consumption by snmpwalk) :

me@onms:~$ snmpwalk -v2c -cpublic localhost system
:SNMPv2-MIB::sysDescr.0 = STRING: Linux onms 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:43:26 UTC 2013 x86_64
:SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-TC::linux
:DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1822326357) 210 days, 22:01:03.57
:SNMPv2-MIB::sysContact.0 = STRING: Systems Admin <admin@yourorganization.com>
:SNMPv2-MIB::sysName.0 = STRING: onms
:SNMPv2-MIB::sysLocation.0 = STRING: Datacenter

The same output numerically :

me@onms:~$ snmpwalk -v2c -cpublic -On localhost system
:.1.3.6.1.2.1.1.1.0 = STRING: Linux onms 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:43:26 UTC 2013 x86_64
:.1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.8072.3.2.10
:.1.3.6.1.2.1.1.3.0 = Timeticks: (1822326357) 210 days, 22:01:03.57
:.1.3.6.1.2.1.1.4.0 = STRING: Systems Admin <admin@yourorganization.com>
:.1.3.6.1.2.1.1.5.0 = STRING: onms
:.1.3.6.1.2.1.1.6.0 = STRING: Datacenter

Every SNMP-enabled system should give you this kind of output.

It should also give you the interfaces tree (.1.3.6.1.2.1.2) which tells you how many network interfaces it has, their names, capacity, octets in and out (32-bit and 64-bit counters), errors, discards, etc.

You’ll also have an IP tree (which enumerates which ip addresses belong to which interfaces), maybe you’ll support the IP-FORWARD MIB (which gives routing info).

Usually you get something down the host-resources tree (memory and disk space), and the TCP sessions tree (how many and to what, and status).

All of the above are STANDARD MIBS, generally listed in the RFCs.

More Specific Info for Your Node

Any of the most useful things will be using whatever MIB is provided by your manufacturer. These are down the ‘private enterprises’ section of the MIB tree.

You can find the PEN (private enterprise number) at IANA, if you’re looking at a numeric sysoid you have no clue what is.

Everything here will be .1.3.6.1.4.1.x with x being the PEN of the vendor.

For example, this is Cisco : .1.3.6.1.4.1.9.x, and this is HP : .1.3.6.1.4.11.x, and this one is Net-SNMP : .1.3.6.1.4.1.8072

You can tell that the SYSOID above (.1.3.6.1.4.1.8072.3.2.10) is a Net-SNMP OID, and then it further specifies the OS, ending at Linux.

3 Likes