Getting Started Guide: SNMP Polling
You can get your SNMP polling and traps data into your network monitoring system or SIEM.
This guide describes how to use NetFlow Optimizer to perform SNMP polling from your devices and send this data in Syslog or JSON format to your monitoring system or SIEM. To start SNMP polling with NFO please follow the steps below:
- Configure SNMP Service
- Enable and configure SNMP polling Modules
- Configure NFO output
NFO provides built-in SNMP Service and two Modules for SNMP polling:
- SNMP Information Monitor: this Module is designed to get information from network devices configured to send NetFlow data to NFO. SNMP OIDs in this Module are preconfigured. For a list of the preconfigured SNMP OIDs, see Appendix A.
- SNMP Custom OID Sets Monitor: this Module is designed to poll any OIDs from any device, regardless of whether the device is sending, or even incapable (e.g. printers, power supplies, etc.) of sending flow data.
SNMP polling typically requires authentication. NFO supports SNMP v2c community string authentication and SNMP v3 user-based authentication.
Select Servces on the left navigation menu and go to the SNMP Polling and Traps tab.
Press on the SNMP Credentials bar, and click the button.
Enter Credential ID (it will be used in later steps), select your SNMP Version, and complete the rest of the form. Press Save to save your first credential. You may add as many credentials as you need.
List of Devices
Now you need to create the list of devices. In the list of datasets (Watchlists), click the plus sign
and you will be presented with the following popup window:
You can create this list by one of the following ways:
- Type comma-separated entries in this window
- Create a CSV file using the provided template and upload it
- Use the External Data Feeder Agent for NFO (EDFN) to update this list on the specified cron schedule from a CSV file created by an external process
This CSV list has the following format:
Exporter IP,Management IP,Port,Credentials ID,Group,Comment
- Exporter IP: IP address of network device sending NetFlow
- Management IP: SNMP Management IP address of the device
- Port: SNMP polling port, default is 161
- Credentials ID: Credential ID for this device, created in step one
- Group: (optional) Group name. If specified, used in SNMP Custom OID Sets Monitor Module
- Comment: (optional) Any comment for this line. Not used in processing
This is all you need to do if you’d like to get information about network devices (sysName) and interfaces. For detail, visit SNMP Information Monitor Module.
Polling Arbitrary SNMP OIDs
If you’d like to do SNMP polling for any OIDs not provided by the SNMP Information Monitor Module, you can configure OID sets in SNMP Custom OID Sets Monitor Module. Click the Configure customer OID sets button
and then click button.
You will be presented with the following popup screen where you can create your OID sets and specify the polling interval.
- OID Set name: the name of your custom OID set. It is exported as key-value pair ois_set_name=
- Data Collection Interval: SNMP polling interval for this OID set
- SNMP device group: this is an optional parameter. You can assign this OID set to a specific group, defined in the List of devices while configuring the SNMP Service
- OID elements: you can build a list of OIDs, selecting them by clicking check boxes
If your OID is not in the tree, you can add SNMP MIB, containing the required OID by pressing the button, or in the SNMP Services configuration (see below).
NetFlow Optimizer includes a number of pre-loaded SNMP Management Information Bases (MIBs), also known as Standard MIBs. These MIBs allow you to navigate the SNMP tree and build sets of OIDs for SNMP polling. If your OIDs or MIBs are not in the list of Standard MIBs, you can upload them using the User MIBs tab. Click the plus sign
and upload your MIBs on User MIBs tab
Other SNMP Service Parameters
- SNMP Trap Inputs: Enter an CSV list containing SNMP Port and Credentials ID. This port and credentials are used by devices when sending SNMP traps. Note: For SNMPv3 make sure you specify Engine ID in Credentials
- SNMP Interfaces Defaults: Use this list if you need to override values returned by SNMP polling
For more information about NFO Configuration, visit NFO Administration Guide.