SNMP is an application layer protocol which manages and monitors the connected IP devices. SNMP works on a Client-Server based architecture, where the clients are known as the SNMP Agents and the Server are called as the Managers.
The clients are devices that are connected to the Internet, it could be switches, routers, printers, PCs, IOT devices etc. SNMP agents/Clients exposes the system’s status and configuration related data in the form of variables which are organized in Management Information Base(MIB). The SNMP Manager queries the agents, collects and processes the data about those devices that are connected to the network.
We can collect SNMP metrics and push them into Sumologic with either Logstash or custom scripts.
- SNMP enabled device/s
- IP/s of the SNMP enabled device/s
- OIDs: Object Identifiers which uniquely identify managed objects in the MIB
Configure Logstash to collect SNMP metrics
Collect SNMP by a custom Sumologic script
Installation & Configuration
$ yum -y install net-snmp net-snmp-utils
$ apt-get install snmp
Test SNMP Configuration
This is not required for retrieving SNMP metrics from remote devices.
Add configuration for SNMP by moving the default SNMP configuration file, /etc/snmp/snmpd.conf to a different location, /etc/snmp/snmpd.conf.orig.
$ mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
Now, create a new /etc/snmp/snmpd.conf:
$ vi /etc/snmp/snmpd.conf
Copy and paste the below config file into the new snmpd.conf.
1# Map 'public' community to the 'AllUser' 2# sec.name source community 3com2sec AllUser default public 4# Map 'AllUser' to 'AllGroup' for SNMP Version 2c 5# sec.model sec.namer 6group AllGroup v2c AllUser 7# Define 'AllView', which includes everything under .1 8# incl/excl subtree 9view AllView included .1 10# Give 'AllGroup' read access to objects in the view 'AllView' 11# context model level prefix read write notify 12access AllGroup "" any noauth exact AllView none none
Exit vi, and restart the SNMP service to reload the new configuration file:
$ service snmpd restart
Configure SNMP to start when the server boots:
$ chkconfig snmpd on
Test the SNMP Configuration
$ snmpwalk -v 2c -c public -O e 127.0.0.1
The result of this will give you hundreds of lines. The same command
snmpwalk can be used to discover which OID are exposed on the remote device.
Install the Sumologic collector on a server.
Write the Custom Script
Navigate to where you store the Sumologic collection scripts to create a shell script:
$ vi snmp.sh
Paste the code given below and save it:
1#!/bin/sh 2 3# comma separated OIDs 4OID=#OID1,OID2,… 5IP=10.11.12.13 6Community=public 7 8for i in $(echo $OID | sed "s/,/ /g") 9do 10 echo "$i:" `snmpget -v 2c -c $Community $IP -O e $i` 11done
Run these commands to change the permission and owner of the shell script:
$ chmod 500 snmp.sh
$ chown serveruser snmp.sh
Add the script to the collector on the Sumologic portal.