images
How-To Guides

How-To: Collect SNMP with Sumologic

Shalom Carmel, CIO @ GlobalDots
19.04.2022
image 2 Min read
Monitoring, Logging & Observability

Introduction

SNMP is an application layer protocol which manages and monitors the connected IP devices. SNMP works on a Client-Server based architecture, where the clients are known as the SNMP Agents and the Server are called as the Managers.

The clients are devices that are connected to the Internet, it could be switches, routers, printers, PCs, IOT devices etc. SNMP agents/Clients exposes the system’s status and configuration related data in the form of variables which are organized in Management Information Base(MIB). The SNMP Manager queries the agents, collects and processes the data about those devices that are connected to the network.

We can collect SNMP metrics and push them into Sumologic with either Logstash or custom scripts.

Prerequisites

  • SNMP enabled device/s
  • IP/s of the SNMP enabled device/s
  • OIDs: Object Identifiers which uniquely identify managed objects in the MIB

Configure Logstash to collect SNMP metrics

Collect SNMP by a custom Sumologic script

Installation & Configuration

$ yum -y install net-snmp net-snmp-utils

or

$ apt-get install snmp

Test SNMP Configuration

This is not required for retrieving SNMP metrics from remote devices.

Add configuration for SNMP by moving the default SNMP configuration file, /etc/snmp/snmpd.conf to a different location, /etc/snmp/snmpd.conf.orig.

$ mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig

Now, create a new /etc/snmp/snmpd.conf:

$ vi /etc/snmp/snmpd.conf

Copy and paste the below config file into the new snmpd.conf.1# Map 'public' community to the 'AllUser' 2# sec.name source community 3com2sec AllUser default public 4# Map 'AllUser' to 'AllGroup' for SNMP Version 2c 5# sec.model sec.namer 6group AllGroup v2c AllUser 7# Define 'AllView', which includes everything under .1 8# incl/excl subtree 9view AllView included .1 10# Give 'AllGroup' read access to objects in the view 'AllView' 11# context model level prefix read write notify 12access AllGroup "" any noauth exact AllView none none

Exit vi, and restart the SNMP service to reload the new configuration file:

$ service snmpd restart

Configure SNMP to start when the server boots:

$ chkconfig snmpd on

Test the SNMP Configuration

$ snmpwalk -v 2c -c public -O e 127.0.0.1

The result of this will give you hundreds of lines. The same command snmpwalk can be used to discover which OID are exposed on the remote device.

Collector Implementation

Install the Sumologic collector on a server.

Write the Custom Script

Navigate to where you store the Sumologic collection scripts to create a shell script:

$ vi snmp.sh

Paste the code given below and save it:1#!/bin/sh 2 3# comma separated OIDs 4OID=#OID1,OID2,… 5IP=10.11.12.13 6Community=public 7 8for i in $(echo $OID | sed "s/,/ /g") 9do 10 echo "$i:" `snmpget -v 2c -c $Community $IP -O e $i` 11done

Run these commands to change the permission and owner of the shell script:

$ chmod 500 snmp.sh

$ chown serveruser snmp.sh

Add the script to the collector on the Sumologic portal.

Good luck!

Comments

0 comments

There’s more to see

Practical Guide: How To Act on Your CDN Logs for Increased Revenue & Security
Monitoring, Logging & Observability
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots 28.02.22

As CDNs become ubiquitous, our need to monitor and understand the operational performance of our solution becomes increasingly more important. Logs are a brilliant way to get insight into the health and performance of your CDN. Logs are often held up as a shining example of observability data, comprising an unstructured collection of quantitative and […]

Read more
Why Your Security Posture Needs In-Depth CDN Log Monitoring
Monitoring, Logging & Observability
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots 27.02.22

CDNs have become a standard component of any serious scaling strategy. With scaling, of course, comes an increased security challenge. This leads to code scanning, log analysis, expensive intrusion detection systems and more, but the data locked away inside of a CDN is often ignored.  This data is essential to a strong security posture and […]

Read more
3 Things Heavy CDN Users Should Look for in a Monitoring Solution
Monitoring, Logging & Observability
Dr. Eduardo Rocha, Senior Solutions Engineer & Security Analyst @ GlobalDots

Utilising a CDN is an essential part of your web scaling strategy. Heavy CDN users rely on powerful monitoring solutions to improve their observability, gain new operational capabilities and develop key insights into their customers… but how do you pick the right observability tool? Let’s look at 3 key capabilities that any CDN user should […]

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us