Skip to main content
Version: 2.10.2

Getting Started Guide: SNMP Polling

You can get your SNMP polling and traps data into your network monitoring system or SIEM.

Overview

This guide describes how to use NetFlow Optimizer to perform SNMP polling from your devices and send this data in Syslog or JSON format to your monitoring system or SIEM. To start SNMP polling with NFO please follow the steps below:

  1. Configure NFO SNMP Service
  2. Enable and configure SNMP polling Modules
  3. Configure NFO output

NFO provides built-in SNMP Service and two Modules for SNMP polling:

NFO SNMP Service

NFO SNMP Service configuration includes the following:

  1. Configure SNMP credentials
  2. Configure the list of devices to be polled
  3. Optionally add SNMP MIBs to build custom OID sets

For more information about NFO SNMP Service, visit NFO Administration Guide SNMP Polling and Traps section.

SNMP Credentials

SNMP polling typically requires authentication. NFO supports SNMP v2c community string authentication and SNMP v3 user-based authentication.

Select Servces on the left navigation menu and go to the SNMP Polling and Traps tab.

Press on the SNMP Credentials bar, and click the button.

Enter Credential ID (it will be used in later steps), select your SNMP Version, and complete the rest of the form. Press Save to save your first credential. You may add as many credentials as you need.

List of Devices

Now you need to create the list of devices to be polled. You can create this list by one of the following ways:

  • Type comma-separated entries in this window
  • Create a CSV file using the provided template and upload it
  • Use the External Data Feeder Agent for NFO (EDFN) to update this list on the specified cron schedule from a CSV file created by an external process

In the list of datasets (Watchlists), click on IPv4 device list or IPV6 device list.

and you will be presented with the following popup window:

You can create this list by one of the following ways:

  • Type comma-separated entries in this window
  • Create a CSV file using the provided template and upload it
  • Use the External Data Feeder Agent for NFO (EDFN) to update this list on the specified cron schedule from a CSV file created by an external process

This CSV list has the following format:

Exporter IP,Management IP,Port,Credentials ID,Group,Comment

Where

  • Exporter IP: IP address of network device sending NetFlow
  • Management IP: SNMP Management IP address of the device
  • Port: SNMP polling port, default is 161
  • Credentials ID: Credential ID for this device, created in step one
  • Group: (optional) Group name. If specified, used in SNMP Custom OID Sets Monitor Module
  • Comment: (optional) Any comment for this line. Not used in processing

This is all you need to do if you’d like to get information about network devices (sysName) and interfaces. For detail, visit SNMP Information Monitor Module.

SNMP MIBs

NetFlow Optimizer includes a number of pre-loaded SNMP Management Information Bases (MIBs), also known as Standard MIBs. These MIBs allow you to navigate the SNMP tree and build sets of OIDs for SNMP polling. If your OIDs or MIBs are not in the list of Standard MIBs, you can upload them using the User MIBs tab. Click on MIB library as shown below.

and upload your MIBs on User MIBs tab

Other SNMP Service Parameters

  • SNMP Trap Inputs: Enter a CSV list containing SNMP Port and Credentials ID. This port and credentials are used by devices when sending SNMP traps to NFO. Note: For SNMPv3 make sure you specify Engine ID in Credentials
  • IPv4 and IPv6 Interfaces overrides: Use these lists if you need to override values returned by polling interface data, for example interfce speed - ifSpeed or interface name - ifName

SNMP Polling Modules

SNMP Information Monitor

This Module is designed to get information from network devices configured to send NetFlow data to NFO. SNMP OIDs in this Module are preconfigured. For a list of the preconfigured SNMP OIDs, visit SNMP Information Monitor section in NFO User Guide.

SNMP Custom OID Sets Monitor

This Module is designed to poll any OIDs from any device, regardless of whether the device is sending, or even incapable (e.g. printers, power supplies, etc.) of sending flow data. You can jump to this Module by clicking the Configure custom OID sets button.

You will be presented with the following screen.

Configuring OID Sets

There are two options for creating Custom OID sets.

To create a new OID set, click on button, which will open the following popup window:

In this window:

  • OID Set name: the name of your custom OID set. It is exported as key-value pair ois_set_name=your_set_name
  • Data Collection Interval: SNMP polling interval for this OID set
  • SNMP device group: this is an optional parameter. You can assign this OID set to a specific group, defined in the List of devices while configuring the SNMP Service
  • OID elements: you can build a list of OIDs, selecting them by clicking check boxes

If your OID is not in the tree, you can add an SNMP MIB, containing the required OID by clicking the button.

The second option is upload OID set YAML configuration by clicking on the button.

Here is an example of OID set YAML to monitor CPU utilization of Cisco devices:

---
#
# OID set for Cisco CPU
# MIB: SNMPv2-MIB (preloaded)
# MIB: CISCO-PROCESS-MIB https://www.circitor.fr/Mibs/Mib/C/CISCO-PROCESS-MIB.mib
#
oidSet: "cisco_cpu" # [string] Name of OID set
interval: 120 # [number] SNMP polling interval
deviceGroup: "" # [string] Device Group. Make sure Device Group is present in the list of devices
enabled: true # [boolean] true / false
objects:
- oid: "1.3.6.1.2.1.1.5.0" # [string] OID
customName: "sysName" # [string] OID name (Optional if MIB is loaded into NFO) or custom name
type: # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
# - oid: "1.3.6.1.4.1.9.9.109.1.1.1.1.7" # cpmCPUTotal1minRev
# customName: "cpu_load_percent"
# type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.109.1.1.1.1.8" # cpmCPUTotal5minRev
customName: "cpu_load_percent"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
...

This OID set YAML is to monitor memory utilization of Cisco devices:

---
#
# OID set for Cisco memory
# MIB: SNMPv2-MIB (preloaded)
# MIB: CISCO-MEMORY-POOL-MIB https://www.circitor.fr/Mibs/Mib/C/CISCO-MEMORY-POOL-MIB.mib
#
oidSet: "cisco_mem" # [string] Name of OID set
interval: 120 # [number] SNMP polling interval
deviceGroup: "" # [string] Device Group. Make sure Device Group is present in the list of devices
enabled: true # [boolean] true / false
objects:
- oid: "1.3.6.1.2.1.1.5.0" # [string] OID
customName: "sysName" # [string] OID name (Optional if MIB is loaded into NFO) or custom name
type: # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.48.1.1.1.5" # ciscoMemoryPoolUsed
customName: "mem_used"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.48.1.1.1.6" # ciscoMemoryPoolFree
customName: "mem_free"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
...

For additional YAML configurations, please contact support@netflowlogic.com.

Reporting OID Sets

The success of SNMP polling and the subsequent data collection heavily rely on the availability and responsiveness of the polled devices. Depending on the device status and the specific OIDs queried, the following outcomes may occur:

Potential issuesOutput
Device is unresponsiveNone. Check the log for unresponsive devices: nfo_audit.log
Requested OID is not supported by the deviceThe OID is not included in the output
OID is returned, but the value is null"MISSING"
Returned value is not valid, e.g. wrong type, lenth, etc."na"

NFO Output

For information about NFO Output configuration, visit Configure Outputs section in NFO Administration Guide.