SNMP Custom OID Sets Monitor (10103 / 20103)
Description
This Module enables you to perform SNMP polling from network devices by creating OID Sets. Each set can contain up to 64 OIDs, and has its own polling interval. The polling is performed for all network devices configured in SNMP Service, taking into account Device Group. The information is provided per device-OID set.
Parameters
| Parameter Name | Description | Comments |
|---|---|---|
| SNMP OIDs Monitor | Module logic execution interval | 10 sec (fixed value) |
| OID Set | You may create unlimited number of OID sets by specifying the following: - OID Set name; - Data collection interval; - Device Group; - Up to 64 OIDs | You build your OID sets by going through SNMP tree and selecting OIDs. Once selected, they are added to the Set |
Configuring OID Sets
There are two options for creating Custom OID sets.
To create a new OID set, click on 
button, which will open the following popup window:
In this window:
- OID Set name: the name of your custom OID set. It is exported as key-value pair ois_set_name=
your_set_name - Data Collection Interval: SNMP polling interval for this OID set
- SNMP device group: this is an optional parameter. You can assign this OID set to a specific group, defined in the List of devices while configuring the SNMP Management
- Rule: the rule to filter the SNMP data. For details, see Configuring Rules
- OID elements: you can build a list of OIDs, selecting them by clicking check boxes
If your OID is not in the tree, you can add an SNMP MIB, containing the required OID by clicking the 
button.
The second option is upload OID set YAML configuration by clicking on the 
button.
Here is an example of OID set YAML to monitor CPU utilization of Cisco devices:
---
#
# OID set for Cisco CPU
# MIB: SNMPv2-MIB (preloaded)
# MIB: CISCO-PROCESS-MIB https://www.circitor.fr/Mibs/Mib/C/CISCO-PROCESS-MIB.mib
#
oidSet: "cisco_cpu" # [string] Name of OID set
interval: 120 # [number] SNMP polling interval
deviceGroup: "cisco" # [string] Device Group
enabled: true # [boolean] true / false
objects:
- oid: "1.3.6.1.2.1.1.5.0" # [string] OID
customName: "sysName" # [string] OID name (Optional if MIB is loaded into NFO) or custom name
type: # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
# - oid: "1.3.6.1.4.1.9.9.109.1.1.1.1.7" # cpmCPUTotal1minRev
# customName: "cpu_load_percent"
# type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.109.1.1.1.1.8" # cpmCPUTotal5minRev
customName: "cpu_load_percent"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
...
This OID set YAML is to monitor memory utilization of Cisco devices:
---
#
# OID set for Cisco memory
# MIB: SNMPv2-MIB (preloaded)
# MIB: CISCO-MEMORY-POOL-MIB https://www.circitor.fr/Mibs/Mib/C/CISCO-MEMORY-POOL-MIB.mib
#
oidSet: "cisco_mem" # [string] Name of OID set
interval: 120 # [number] SNMP polling interval
deviceGroup: "" # [string] Device Group. Make sure Device Group is present in the list of devices
enabled: true # [boolean] true / false
objects:
- oid: "1.3.6.1.2.1.1.5.0" # [string] OID
customName: "sysName" # [string] OID name (Optional if MIB is loaded into NFO) or custom name
type: # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.48.1.1.1.5" # ciscoMemoryPoolUsed
customName: "mem_used"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
- oid: "1.3.6.1.4.1.9.9.48.1.1.1.6" # ciscoMemoryPoolFree
customName: "mem_free"
type: TableEntry # [string] Scalar, TableIndex, or TableEntry. Optional if MIB is loaded into NFO
...
For additional YAML configurations, please contact support@netflowlogic.com.
You can also modify an exisitng OID set by clicking on its name.
Configuring Rules
This section explains how to define rules to filter the SNMP data collected by the Module. These rules allow you to specify conditions under which an entire OID set or a particular table row should be reported, significantly reducing the volume of data sent downstream.
The rules are expressed through custom logical and comparison expressions using OID symbolic names as variables. This mechanism provides fine-grained control over your SNMP telemetry.
Potential Applications
The primary use case for these rules is volume reduction, which is essential when monitoring high-volume data sources like network interfaces. By filtering out unneeded metrics at the source, you can significantly reduce the amount of reported SNMP data.
Additionally, these rules have numerous other applications, such as reporting temperature sensors only when their reading exceeds a threshold, collecting LLDP neighbors with specified capabilities, or filtering devices with low battery levels.
Rule Expression Grammar
The grammar for these expressions supports a wide range of operators and functions:
- Unary Operations:
not(!), negation (-), bitwise inversion (~) - Binary Operators:
+,-,*,/,|(bitwise OR),&(bitwise AND),^(bitwise XOR) - Logical Operators:
and(&&),or(||) - Test Operators:
=,!=(<>),>,>=,<,<= - String Functions:
equals,contains,startsWith,endsWith - Grouping: Parentheses
()for grouping expressions - Literals:
uint64andfloatnumbers,string(in quotes), andvariable names(using the OID symbolic name or alias from your set).
Examples
- Filter Interfaces by Status and Activity: When requesting
ifTableentries from IF-MIB, you might want to report only active interfaces with traffic:ifAdminStatus = 1 and (ifInOctets > 0 or ifOutOctets > 0) - Report Devices with High CPU Utilization: To focus on performance issues, you can report only devices with high CPU load:
cpmCPUTotal5minRev > 90 - Filter Interfaces by Name: You can filter interfaces based on a string match, for example, to report only interfaces with names starting with "eth":
ifName.startsWith("eth")
Rule expression can be specified in OID set YAML file in ruleExpr: element. Here is an example with the rule to monitor only active interfaces:
---
#
# OID set for Interface monitoring
# MIB: SNMPv2-MIB (preloaded)
#
oidSet: "interface_mon" # [string] Name of OID set
interval: 60 # [number] SNMP polling interval
deviceGroup: "" # [string] Device Group - left blank as this is a generic MIB
ruleExpr: "ifAdminStatus = 1 and (ifInOctets > 0 or ifOutOctets > 0)" # Report only active interfaces
enabled: true
objects:
- oid: "1.3.6.1.2.1.1.5.0"
customName: "sysName"
type: "Scalar"
- oid: "1.3.6.1.2.1.2.2.1.1"
customName: "ifIndex"
type: "TableIndex"
- oid: "1.3.6.1.2.1.2.2.1.2"
customName: "ifDescr"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.3"
customName: "ifType"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.4"
customName: "ifMtu"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.5"
customName: "ifSpeed"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.6"
customName: "ifPhysAddress"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.7"
customName: "ifAdminStatus"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.8"
customName: "ifOperStatus"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.10"
customName: "ifInOctets"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.11"
customName: "ifInUcastPkts"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.12"
customName: "ifInNUcastPkts"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.13"
customName: "ifInDiscards"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.14"
customName: "ifInErrors"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.16"
customName: "ifOutOctets"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.17"
customName: "ifOutUcastPkts"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.18"
customName: "ifOutNUcastPkts"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.19"
customName: "ifOutDiscards"
type: "TableEntry"
- oid: "1.3.6.1.2.1.2.2.1.20"
customName: "ifOutErrors"
type: "TableEntry"
- oid: "1.3.6.1.2.1.31.1.1.1.1"
customName: "ifName"
type: "TableEntry"
- oid: "1.3.6.1.2.1.31.1.1.1.6"
customName: "ifHCInOctets"
type: "TableEntry"
- oid: "1.3.6.1.2.1.31.1.1.1.10"
customName: "ifHCOutOctets"
type: "TableEntry"
- oid: "1.3.6.1.2.1.31.1.1.1.15"
customName: "ifHighSpeed"
type: "TableEntry"
- oid: "1.3.6.1.2.1.31.1.1.1.18"
customName: "ifAlias"
type: "TableEntry"
...
Syslog/JSON Message Fields
| Key | Field Description | Comments |
|---|---|---|
| nfc_id | Message type identifier | “nfc_id=20103” |
| exp_ip | Device NetFlow Exporter IP address | IPv4_address or IPv6_address |
| mgmt_ip | Device Management IP address | IPv4_address or IPv6_address |
| oid_set | Name of OID Set | string |
| device_group | Name of Device Group, if selected | string |
| … | [Varies depending on OIDs in the set] | … |
Reporting OID Sets
The success of SNMP polling and the subsequent data collection heavily rely on the availability and responsiveness of the polled devices. Depending on the device status and the specific OIDs queried, the following outcomes may occur:
| Potential issues | Output |
|---|---|
| Device is unresponsive | None. Check the log for unresponsive devices: nfo_audit.log |
| Requested OID is not supported by the device | The OID is not included in the output |
| Returned value is unavailable, not valid, e.g. wrong type, lenth, etc. | "" |
Default OID Sets
The following OID Sets are included in NFO.
interface_mon
| OID | MIB Name | Custom Name |
|---|---|---|
| 1.3.6.1.2.1.1.5.0 | sysName | |
| 1.3.6.1.2.1.2.2.1.1 | ifIndex | |
| 1.3.6.1.2.1.2.2.1.2 | ifDescr | |
| 1.3.6.1.2.1.2.2.1.3 | ifType | |
| 1.3.6.1.2.1.2.2.1.4 | ifMtu | |
| 1.3.6.1.2.1.2.2.1.5 | ifSpeed | |
| 1.3.6.1.2.1.2.2.1.6 | ifPhysAddress | |
| 1.3.6.1.2.1.2.2.1.7 | ifAdminStatus | |
| 1.3.6.1.2.1.2.2.1.8 | ifOperStatus | |
| 1.3.6.1.2.1.2.2.1.10 | ifInOctets | |
| 1.3.6.1.2.1.2.2.1.11 | ifInUcastPkts | |
| 1.3.6.1.2.1.2.2.1.12 | ifInNUcastPkts | |
| 1.3.6.1.2.1.2.2.1.13 | ifInDiscards | |
| 1.3.6.1.2.1.2.2.1.14 | ifInErrors | |
| 1.3.6.1.2.1.2.2.1.16 | ifOutOctets | |
| 1.3.6.1.2.1.2.2.1.17 | ifOutUcastPkts | |
| 1.3.6.1.2.1.2.2.1.18 | ifOutNUcastPkts | |
| 1.3.6.1.2.1.2.2.1.19 | ifOutDiscards | |
| 1.3.6.1.2.1.2.2.1.20 | ifOutErrors | |
| 1.3.6.1.2.1.31.1.1.1.1 | ifName | |
| 1.3.6.1.2.1.31.1.1.1.6 | ifHCInOctets | |
| 1.3.6.1.2.1.31.1.1.1.10 | ifHCOutOctets | |
| 1.3.6.1.2.1.31.1.1.1.15 | ifHighSpeed | |
| 1.3.6.1.2.1.31.1.1.1.18 | ifAlias |
device_info
| OID | MIB Name | Custom Name |
|---|---|---|
| 1.3.6.1.2.1.1.1.0 | sysDescr | |
| 1.3.6.1.2.1.1.3.0 | sysUpTimeInstance | |
| 1.3.6.1.2.1.1.5.0 | sysName | |
| 1.3.6.1.2.1.2.1.0 | ifNumber | |
| 1.3.6.1.2.1.4.20.1.1 | ipAdEntAddr | |
| 1.3.6.1.2.1.4.20.1.2 | ipAdEntIfIndex | |
| 1.3.6.1.2.1.4.20.1.3 | ipAdEntNetMask | |
| 1.3.6.1.2.1.4.20.1.4 | ipAdEntBcastAddr | |
| 1.3.6.1.2.1.4.20.1.5 | ipAdEntReasmMaxSize |
cisco_mem
| OID | MIB Name | Custom Name |
|---|---|---|
| 1.3.6.1.2.1.1.5.0 | sysName | |
| 1.3.6.1.4.1.9.9.48.1.1.1.5 | mem_used | |
| 1.3.6.1.4.1.9.9.48.1.1.1.6 | mem_free |
cisco_cpu
| OID | MIB Name | Custom Name |
|---|---|---|
| 1.3.6.1.2.1.1.5.0 | sysName | |
| 1.3.6.1.4.1.9.9.109.1.1.1.1.7 | cpmCPUTotal1minRev | |
| 1.3.6.1.4.1.9.9.109.1.1.1.1.8 | cpu_load_percent |