DocsSNMP Walk
Function | Fetch one or more SNMP OIDs recursively and transfer the output into a flat file on the collector |
|---|---|
Alarming | Line Count, Transfer time |
See general information about SNMP below the SNMP job chapter.
SNMP Walk detail
SNMP Walk will walk the defined MIB tree downwards and save its contents to a file on the collector configured for the SNMP Walk job, into the following directory: /var/opt/run/eranger/collector/tmp/snmp_walk. The directory must be created manually if it doesn't exist and the eranger user must have write permissions on it. Since this is a subdirectory of the default parse directory, it is possible to parse the file retrieved by SNMP Walk directly using a subsequent Parsefile job.
SNMP Walk parameters
The Authentication input section is only shown when SNMP version 3 is selected.
Parameter | Description |
|---|---|
UDP port | Select the UDP port (default is 161) |
Retries | Number of retries if the request fails. Default is 2 retries. |
Timeout | Select the timeout for the request. On most devices, SNMP requests are handled with low priority so use a high enough timeout. Default is 2s. |
Version | Select the SNMP version served by the remote snmp daemon. The following choices are available: Version 1 |
Transfer (Bulk mode) | Uses the snmpbulkwalk command instead of snmpwalk internally. Both should yield the same results. Sometimes snmpbulkwalk might return the output slightly faster, though. |
Security level | The security level defines how the SNMP request is sent. This choice is only available when SNMP v3 is used. The following options are available: |
Username | For authentication, only visible when SNMP v3 is used. |
Authent. passphrase | Passphrase for authentication, only visible when SNMP with authentication is used. |
Authent. protocol | Protocol for authentication, only visible when SNMP with authentication is used. Currently available options are MD5 or SHA. Default is MD5. |
Privacy passphrase | For encryption, only visible when SNMP with authentication and encryption is used. |
Privacy protocol | For encryption, only visible when SNMP with authentication and encryption is used. Currently available options are DES and AES. Default is DES. |
Community | Most network devices allow different levels of SNMP access, for example: READ ONLY or READ/WRITE. Each of these levels of access will usually have a different community string. To read data, only the READ community has to be known, which is usually: public. |
Request OID | Insert the management information base (MIB) OID for the request. If the OID is unknown, it can be browsed with the online browser. Additional OIDs (up to 4 OIDs) can be requested from a single SNMP job by clicking the “+” button next to the Browse button. If more than 1 OID is entered, the output of all OIDs is appended into the same output file, one after the other. |
Filename | The name of the file to print the output of SNMP Walk to. A .txt file extension will be appended automatically. The file will be created below the /var/opt/run/eranger/collector/tmp/snmp_walk directory. The directory must be created manually if it doesn't exist and the eranger user must have write permissions on it. If no filename is given, SKOOR Engine automatically creates a filename containing the IP address and a number. |
The Tags dropdown list allows entering pre-defined variables into the fields above, e.g. $NAME$ for the name of the job.
More than 1 OID can be specified. To add additional OIDs, click the + button next to the Browse online button:
All configured Request OIDs are concatenated into the same output file.
If one of the OIDs is not accessible, no output file is generated.
SNMP Walk values and alarm limits
The Values section of the job will present a link to the output file, which can be viewed in the browser.
Value / Alarm limit | Description |
|---|---|
Line count | The number of lines of the resulting output file. |
Transfer time | The time it took to transfer the results from the SNMP agent (in ms) |
Error code | Generic job error code (see section Job error codes) |
SNMP Walk examples
Example 1 - Walk the System MIB on a network device
Request OID 1 | .iso.org.dod.internet.mgmt.mib-2.system |
|---|
Output 1
The contents of the output file are:
RFC1213-MIB::sysDescr.0 = STRING: "Firewall fw5.junisphere.local 2.2.5-RELEASE nanobsd FreeBSD 10.1-RELEASE-p24 i386" RFC1213-MIB::sysObjectID.0 = OID: RFC1155-SMI::enterprises.12325.1.1.2.1.1 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (392862223) 45 days, 11:17:02.23 RFC1213-MIB::sysContact.0 = STRING: "support@skoor.com" RFC1213-MIB::sysName.0 = STRING: "fw5.skoor.local" RFC1213-MIB::sysLocation.0 = STRING: "Glattzentrum, Wallisellen" RFC1213-MIB::sysServices.0 = INTEGER: 76 SNMPv2-MIB::sysORLastChange.0 = Timeticks: (27) 0:00:00.27 SNMPv2-MIB::sysORID.1 = OID: RFC1155-SMI::enterprises.12325.1.1.1.10.2 SNMPv2-MIB::sysORID.2 = OID: RFC1155-SMI::enterprises.12325.1.1.1.10.3 SNMPv2-MIB::sysORID.3 = OID: SNMPv2-MIB::snmpMIB SNMPv2-MIB::sysORID.4 = OID: RFC1155-SMI::enterprises.12325.1.1 SNMPv2-MIB::sysORID.5 = OID: IF-MIB::ifMIB SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ipMIB SNMPv2-MIB::sysORID.7 = OID: TCP-MIB::tcpMIB SNMPv2-MIB::sysORID.8 = OID: UDP-MIB::udpMIB SNMPv2-MIB::sysORID.9 = OID: IP-FORWARD-MIB::ipForward SNMPv2-MIB::sysORID.10 = OID: RFC1155-SMI::enterprises.12325.1.2 SNMPv2-MIB::sysORID.11 = OID: HOST-RESOURCES-MIB::host SNMPv2-MIB::sysORDescr.1 = STRING: udp transport mapping SNMPv2-MIB::sysORDescr.2 = STRING: lsock transport mapping SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for SNMPv2 entities. SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for the Begemot SNMPd. SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module to describe generic objects for network interface sub-layers. SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations, but excluding their management of IP routes. SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing TCP implementations. SNMPv2-MIB::sysORDescr.8 = STRING: The MIB module for managing UDP implementations. SNMPv2-MIB::sysORDescr.9 = STRING: The MIB module for the display of CIDR multipath IP Routes. SNMPv2-MIB::sysORDescr.10 = STRING: The MIB for the NetGraph access module for SNMP. SNMPv2-MIB::sysORDescr.11 = STRING: The MIB module for Host Resource MIB (RFC 2790). SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00 SNMPv2-MIB::sysORUpTime.3 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.4 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.5 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.6 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.7 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.8 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.9 = Timeticks: (1) 0:00:00.01 SNMPv2-MIB::sysORUpTime.10 = Timeticks: (27) 0:00:00.27 SNMPv2-MIB::sysORUpTime.11 = Timeticks: (27) 0:00:00.27
Example 2 - Walk the Interfaces MIB on a network device
Request OID 1 | .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry |
|---|---|
Filename | $DEVICE_ADDRESS$_interfaces |
Output 2
The output file will be named with the IP address of the device, e.g. 192.168.0.2_interfaces.txt and contains the In-, Out-Octets and the interface errors and states and can then be parsed using one single Parsefile job.
IF-MIB::ifDescr.1 = STRING: MS TCP Loopback interface IF-MIB::ifDescr.2 = STRING: SonicWALL VPN Adapter IF-MIB::ifDescr.3 = STRING: AppGate Tunneling Adapter IF-MIB::ifDescr.65541 = STRING: Realtek RTL8139 IF-MIB::ifSpeed.1 = Gauge32: 10000000 IF-MIB::ifSpeed.2 = Gauge32: 10000000 IF-MIB::ifSpeed.3 = Gauge32: 100000000 IF-MIB::ifSpeed.65541 = Gauge32: 100000000 IF-MIB::ifPhysAddress.1 = STRING: IF-MIB::ifPhysAddress.2 = STRING: 0:60:73:e1:be:8a IF-MIB::ifPhysAddress.3 = STRING: 9a:7c:d6:36:81:ce IF-MIB::ifPhysAddress.65541 = STRING: 0:10:a7:13:64:75 IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: down(2) IF-MIB::ifOperStatus.65541 = INTEGER: up(1) IF-MIB::ifInOctets.1 = Counter32: 84968069 IF-MIB::ifInOctets.2 = Counter32: 2332180 IF-MIB::ifInOctets.3 = Counter32: 0 IF-MIB::ifInOctets.65541 = Counter32: 1657249881 IF-MIB::ifInErrors.1 = Counter32: 0 IF-MIB::ifInErrors.2 = Counter32: 0 IF-MIB::ifInErrors.3 = Counter32: 0 IF-MIB::ifInErrors.65541 = Counter32: 0 IF-MIB::ifOutOctets.1 = Counter32: 84968069 IF-MIB::ifOutOctets.2 = Counter32: 2250784 IF-MIB::ifOutOctets.3 = Counter32: 0 IF-MIB::ifOutOctets.65541 = Counter32: 2070937977