Network Device Monitoring with SNMP - IT Geek

Understanding the Simple Network Management Protocol (SNMP)

Do you require insight into the data a remote device reports for a specific measurement? This article details the Simple Network Management Protocol (SNMP) and demonstrates its utility in overseeing network infrastructure.

What is SNMP?

SNMP is a widely used protocol for managing and monitoring network devices. It allows administrators to gather information from, and configure, devices on an IP network.

Essentially, SNMP functions as a communication pathway between network devices and a central management system. This enables proactive identification and resolution of network issues.

How Does SNMP Work?

SNMP operates on a manager-agent model. Network devices, such as routers, switches, and servers, run SNMP agents.

These agents collect data about the device's operation and make it available to a central SNMP manager. The manager can then request specific information or receive unsolicited alerts from the agents.

Data is structured within SNMP using Management Information Bases (MIBs). MIBs define the types of data that can be accessed and their corresponding identifiers.

Key Components of SNMP

• SNMP Agent: Software residing on the managed device, responsible for collecting and storing management information.
• SNMP Manager: Central system used to monitor and control network devices.
• MIB (Management Information Base): A database containing definitions of managed objects on a device.
• OIDs (Object Identifiers): Unique identifiers for each managed object within a MIB.

The manager utilizes OIDs to specifically request data from the agents. This targeted approach ensures efficient data retrieval.

Uses for SNMP Monitoring

SNMP monitoring provides a comprehensive view of network health and performance. It can be used to track various metrics, including:

• CPU utilization
• Memory usage
• Network interface traffic
• Disk space
• System uptime

By monitoring these metrics, administrators can identify potential bottlenecks, detect security threats, and optimize network performance. Alerts can be configured to notify administrators of critical events.

Image by istargazer

In conclusion, SNMP is a powerful tool for network administrators seeking to maintain a stable and efficient network environment. Its ability to provide real-time data and proactive alerts makes it an invaluable asset for modern network management.

Understanding SNMP

The Simple Network Management Protocol (SNMP) provides a standardized framework for network administrators. It allows for consistent access to device information across various manufacturers' products.

Through SNMP, administrators can remotely monitor crucial data points. These include CPU utilization, routing table contents, and detailed network traffic statistics, among numerous other parameters.

While SNMP can also be utilized for device configuration, this guide concentrates on its monitoring capabilities.

SNMP Community Strings

Data exchange with SNMP relies on a "Community" string. This string acts as a password and must be configured by the network administrator.

Proper configuration of the Community string is essential for securing network devices. Examples of how to implement this are detailed further below.

Utilizing Object Identifiers (OIDs)

After establishing a connection to a device, information is retrieved by querying it for specific data using Object Identifiers, or OIDs.

Each OID corresponds to a unique piece of information. While this guide focuses on network traffic data, exploring the broader range of available OIDs is highly recommended.

The process of discovering and utilizing these OIDs will be explained in the following sections.

Personal Experience with Router Information Access

My practice of regularly checking router information began early in my exploration of DD-WRT firmware. Currently, lacking this access feels significantly limiting.

The benefit of this approach is substantial. When a user reports slow network performance, being able to immediately review the border router’s utilization data allows for swift problem resolution.

The Value of Real-Time Data

It’s difficult to overstate how useful this capability is. Having a quick overview of the router’s status provides critical insights.

This immediate access to data streamlines troubleshooting. Instead of lengthy diagnostics, potential bottlenecks are quickly identified.

Improving Network Support

This method has become an indispensable part of my network support workflow. It allows for a more proactive and efficient response to user issues.

The ability to instantly assess utilization levels on the border router is a key component of effective network management.

Understanding and Visualizing SNMP Data (OIDs)

To provide immediate value, this article begins with instructions on accessing SNMP information, recognizing that many users will primarily need this functionality and not the initial configuration steps.

Assuming your device is already configured for SNMP – guidance on this is available below – the next question is: how do you determine which Object Identifiers (OIDs) to query, and how do you actually perform the query? A variety of both commercial and freely available software solutions exist to accomplish this. We will concentrate on a couple of cost-free options suitable for graphing or comprehensively browsing the OID namespace.

Solarwinds Bandwidth Monitor (Graphing)

When discussing “network monitoring,” Solarwinds is frequently mentioned as a leading vendor in the industry. We won’t delve into the extensive range of networking products offered by Solarwinds, but will instead highlight a complimentary utility called "FREE Real-Time Bandwidth Monitor".

This utility does have a couple of limitations:

• Its primary function is to display network bandwidth usage, making it less suitable for retrieving other types of SNMP data.
• It lacks the ability to save or open configuration files.

If these limitations present a challenge, explore the alternative options detailed further on.

Installation follows a standard procedure: simply proceed through the "Next" -> "Next" -> "Finish" prompts and then launch the program.

A wizard will appear, as illustrated below. Input the target device’s “IP” address and “community” string, then click "Next".

The program will then query the device for its interfaces, presenting them in a user-friendly, color-coded, and clearly labeled list.

Select the interfaces you want to monitor – multiple selections are possible using the CTRL key – and click "Next".

In the example shown, two interfaces, "DSL wan1" and "ATM wan2", have been chosen. Accept the default settings and click "Launch Monitor".

A graph window, similar to the one above, will open and begin displaying traffic information, refreshing every 5 seconds (this interval is configurable).

Regarding the refresh interval: A key benefit of this program is its ability to alert you if your refresh rate is too fast. Of all the tools I’ve tested, this was the only one that provided this warning. Recently, I encountered an issue with SNMP readouts, discovering that some devices cannot (or will not) update their statistics more frequently than a certain rate (7 times per second for Juniper devices). This program correctly identified that my refresh interval was too short, explaining the inaccurate results.

If you haven't already, you may need to enable SNMP on the target device (see instructions below).

With that complete, your setup is finished.

You can now proceed with your network monitoring tasks.

Flowalyzer by Plixer (Graphing)

This complimentary utility, known as Flowalyzer, is remarkably straightforward to use. It appears Plixer based it on the established STG utility – detailed below – and presented it within a more accessible interface.

It also incorporates the functionality to translate Object Identifiers (OIDs) into their corresponding names. A key benefit of this tool, when contrasted with the Solarwinds offering, is its ability to extract OIDs in their numerical format.

However, it does possess two significant limitations:

• I have observed that the program is not ideal for extended monitoring sessions, as it can unexpectedly and randomly terminate.
• While it offers the convenience of saving its configuration to files and then launching via file association, it is quite sensitive to the file storage location. If the directory path containing the saved files includes spaces, the program will generate an error when attempting to launch.

In conclusion, this program is best utilized to acquire the OIDs and then utilize them with the STG program, or alternatively, discontinue its use.

Upon launching the program, you will encounter the window shown below.

Select an SNMP credential from the dropdown menu and then choose "Create/Edit".

Input the necessary details for your target devices, primarily the community string, and then save the configuration.

Enter the IP address of the device you wish to monitor and click "Get".

After doing so, the lower portion of the program window should populate with data retrieved from the device, as illustrated below.

Selecting a line item will display a monitoring window, similar to the one shown below.

To locate the desired OID, navigate to "View" then "Settings".

The subsequent window will reveal the OIDs associated with incoming and outgoing traffic.

You have successfully obtained the OIDs!

Simple Traffic Monitor (STG) by Leonid Mikhailov (Graphing)

This free utility represents the oldest option available, yet it functions reliably for many years and allows for shareable configuration files. Its primary limitation is the requirement to obtain OIDs through alternative methods.

You can download the program from our site (to prevent hotlinking) or directly from the author.

Extract the contents of the zip file to a location of your preference and then execute the program. A blank window will appear.

Select "View" and then "Settings".

In the following window, you must input the OIDs that you have acquired from other sources (as demonstrated in this guide).

If everything is configured correctly, the main window should populate with data and resemble the image below.

Exploring Network Devices with GetIF by SNMP4tPC (Navigating the OID Tree)

Although an older application, GetIF by SNMP4tPC remains a valuable tool, particularly due to its free availability and functionality. It served as my initial introduction to network monitoring, and acknowledging its contribution is essential.

Employing this program, or a similar utility, allows for the retrieval of a broader range of data than simply the device’s interface details. For clarity, we will focus on interface information as a practical example throughout this guide.

The program can be downloaded from either our site, to circumvent potential hotlinking issues, or directly from the original author.

Installation follows a standard procedure: proceed through the "Next" prompts, culminating in the "Finish" screen, and then launch the application.

Input the necessary details for the target network device and initiate the process by clicking "Start".

To traverse the Object Identifier (OID) tree, navigate to the "MBrowser" tab.

Select the desired segment of the tree you wish to examine and then click "Start" to retrieve its data.

To obtain interface information comparable to that gathered by the previously mentioned programs, navigate through the following OID path: iso -> org -> dod -> internet -> mgmt -> mib-2 -> interfaces -> ifTable -> ifEntry ->ifDescr, and then click "Start".

The lower portion of the window will then display the names assigned to the interfaces on the target device. To access the traffic OIDs, identify the interface number (for instance, wan2 corresponds to interface7) and proceed to the "ifInOctets" & "ifOutOctets" subtrees.

These subtrees are located at: iso -> org -> dod -> internet -> mgmt.mib-2 -> interfaces -> ifTable -> ifEntry -> ifInOctets.

Select the interface for which you want to monitor traffic and record the OID displayed in the bottom left corner of the window.

With the collected OIDs, you can now configure one of the previously discussed monitoring programs to begin tracking network performance.

Enabling SNMP on Network Devices

The vast majority of network-capable devices support exposing their data via SNMP (Simple Network Management Protocol). However, activation isn't always automatic; you may need to consult the device’s documentation for specific instructions. The following outlines procedures for several common devices, though this isn’t an exhaustive compilation.

On DD-WRT

Access the WebGUI and navigate to the "Services" section. Scroll down the page to locate the "SNMP" radio button.

Select the "Enabled" radio button and save the configuration changes.

Upon enabling, you’ll be presented with configurable details. It’s crucial to record the "RO community" string in use. The default is typically "public," but this can be altered to a value of your choosing. Save and apply the updated settings.

On Fortigate (FortiOS)

Within a recent version of FortiOS (v4 or later), expand the "Config" pane in the main window and select "SNMP".

Note: The screenshot provided is from FortiOS v5.

To establish a new "SNMP v1/v2c" community, click "Create New".

Populate the required information, including the "community name," the permitted range of accessing IP addresses, and the source "interface." Click "OK" at the page's bottom to save your settings.

You must also enable SNMP traffic on the interface from which you intend to retrieve information. Navigate to "Config" then "Network".

In this example, "port8" is used, so we will edit that specific interface.

Check the "SNMP" checkbox and click "OK" at the bottom of the page to apply the changes.

If VDOMs are enabled, ensure the interface you are querying via SNMP resides within the "management Vdom." Adjusting the management Vdom is outside the scope of this guide.

On Juniper (JunOS)

In the WebGUI, go to "Configure" -> "Services" -> "SNMP".

Click on "Add".

Enter your desired "Community name" and select the appropriate "Authorization" type.

Save and Commit your changes to activate them.

On NetAPP

Open the "NetApp OnCommand System Manager" and log in to your storage device. Under "Configuration" -> "System Tools", click on "SNMP" and then "Edit".

Click "Add".

This will allow you to add a new "Community" string.

Fill in the desired name and click "OK" to save all settings.

On Windows

Activating SNMP on Windows is possible, though it’s infrequently utilized or discussed. First, the service must be installed.

Initiate the installation through "Programs and Features".

Select "Turning Windows features on or off".

Scroll to locate "Simple Network Management Protocol (SNMP)". Check the checkbox and click "OK" to begin the installation process.

Once installed, configure the community string by opening "Services".

Scroll to find the service and access its properties.

Navigate to the "Security" tab.

To add a community, click on "Add".

Enter the desired community name and click "Add" and "OK" to apply the settings.

Note: Further property adjustments may be necessary to enable remote machine access, but this falls outside the scope of this guide.

With these steps completed, you should be prepared to graph your network’s information. You are encouraged to explore the broader capabilities of the SNMP protocol, including MIBs and traps.

“We are all the sum of our tears. Too little and the ground is not fertile, and nothing can grow there. Too much, the best of us is washed away.” (Babylon 5, G'kar)