Getting Started Guide: SNMP Polling
You can get your SNMP polling and traps data into your network monitoring system or SIEM.
Overview
This guide describes how to use NetFlow Optimizer to perform SNMP polling from your devices and send this data in Syslog or JSON format to your monitoring system or SIEM. To start SNMP polling with NFO please follow the steps below:
- Configure NFO SNMP Management
- Enable and configure SNMP polling Modules
- Configure NFO output
NFO provides built-in SNMP Management:
and several SNMP Modules:
NFO SNMP Management
NFO SNMP Management configuration includes the following:
- Configure SNMP credentials
- Configure auto-discovery, optional
- Configure the list of devices to be polled
- Optionally add SNMP MIBs to build custom OID sets
For more information about NFO SNMP Management, visit NFO Administration Guide SNMP Management section.
SNMP Credentials
SNMP polling typically requires authentication. NFO supports SNMP v2c community string authentication and SNMP v3 user-based authentication.
For more information about SNMP credentials setting, visit NFO Administration Guide SNMP Credentials section.
List of Devices
Now you need to create the list of devices to be polled. You can create this list by one of the following ways:
- Type comma-separated entries in this window
- Create a CSV file using the provided template and upload it
- Use the External Data Feeder Agent for NFO (EDFN) to update this list on the specified cron schedule:
- From a CSV file created by an external process
- and/or configure Auto-discovery
For details, visit Configuring Auto-Discovery Based on SNMP Polling.
MIB Library
NetFlow Optimizer includes a number of pre-loaded SNMP Management Information Bases (MIBs), also known as Standard MIBs. These MIBs allow you to navigate the SNMP tree and build sets of OIDs for SNMP polling. If your OIDs or MIBs are not in the list of Standard MIBs, you can upload them using the User MIBs tab. Click on MIB library as shown below.
and upload your MIBs on User MIBs tab
SNMP traps input list
Specify the list of ports and credentials. This port and credentials are used by devices when sending SNMP traps to NFO.
For SNMP v3 make sure you specify Engine ID in Credentials
IPv4 and IPv6 Interfaces overrides
Use these lists if you need to override values returned by polling interface data, for example interfce speed - ifSpeed or interface name - ifName
SNMP Polling Modules
SNMP Information Monitor
This Module is designed to get information from network devices configured to send NetFlow data to NFO. SNMP OIDs in this Module are preconfigured. For a list of the preconfigured SNMP OIDs, visit SNMP Information Monitor section in NFO User Guide.
SNMP Custom OID Sets Monitor
This Module is designed to poll any OIDs from any device, regardless of whether the device is sending, or even incapable (e.g. printers, power supplies, etc.) of sending flow data. You can jump to this Module by clicking the Configure custom OID sets button.
You will be presented with the following screen.
Configuring OID Sets
There are two options for creating Custom OID sets.
To create a new OID set, click on 
button, which will open the following popup window:
In this window:
- OID Set name: the name of your custom OID set. It is exported as key-value pair ois_set_name=
your_set_name - Data Collection Interval: SNMP polling interval for this OID set
- SNMP device group: this is an optional parameter. You can assign this OID set to a specific group, defined in the List of devices while configuring the SNMP Management
- OID elements: you can build a list of OIDs, selecting them by clicking check boxes
If your OID is not in the tree, you can add an SNMP MIB, containing the required OID by clicking the 
button.
The second option is upload OID set YAML configuration by clicking on the 
button.
Here is an example of OID set YAML to monitor CPU utilization of Cisco devices:
---
#
# OID set for Cisco CPU
# MIB: SNMPv2-MIB (preloaded)
# MIB: CISCO-PROCESS-MIB https://www.circitor.fr/Mibs/Mib/C/CISCO-PROCESS-MIB.mib
#
oidSet: "cisco_cpu" # [string] Name of OID set
interval: 120 # [number] SNMP polling interval
deviceGroup: "" # [string] Device Group. Make sure Device Group is present in the list of devices
enabled: true # [boolean] true / false
objects:
- oid: "1.3.6.1.2.1.1.5.0" # [string] OID
customName: "sysName" # [string] OID name (Optional if MIB is loaded into NFO) or custom name
type: # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
# - oid: "1.3.6.1.4.1.9.9.109.1.1.1.1.7" # cpmCPUTotal1minRev
# customName: "cpu_load_percent"
# type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.109.1.1.1.1.8" # cpmCPUTotal5minRev
customName: "cpu_load_percent"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
...
This OID set YAML is to monitor memory utilization of Cisco devices:
---
#
# OID set for Cisco memory
# MIB: SNMPv2-MIB (preloaded)
# MIB: CISCO-MEMORY-POOL-MIB https://www.circitor.fr/Mibs/Mib/C/CISCO-MEMORY-POOL-MIB.mib
#
oidSet: "cisco_mem" # [string] Name of OID set
interval: 120 # [number] SNMP polling interval
deviceGroup: "" # [string] Device Group. Make sure Device Group is present in the list of devices
enabled: true # [boolean] true / false
objects:
- oid: "1.3.6.1.2.1.1.5.0" # [string] OID
customName: "sysName" # [string] OID name (Optional if MIB is loaded into NFO) or custom name
type: # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.48.1.1.1.5" # ciscoMemoryPoolUsed
customName: "mem_used"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.48.1.1.1.6" # ciscoMemoryPoolFree
customName: "mem_free"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
...
For additional YAML configurations, please contact support@netflowlogic.com.
Reporting OID Sets
The success of SNMP polling and the subsequent data collection heavily rely on the availability and responsiveness of the polled devices. Depending on the device status and the specific OIDs queried, the following outcomes may occur:
| Potential issues | Output |
|---|---|
| Device is unresponsive | None. Check the log for unresponsive devices: nfo_audit.log |
| Requested OID is not supported by the device | The OID is not included in the output |
| OID is returned, but the value is null | "MISSING" |
| Returned value is not valid, e.g. wrong type, lenth, etc. | "na" |
NFO Output
For information about NFO Output configuration, visit Configure Outputs section in NFO Administration Guide.