Monday, February 24, 2014

Take An SNMP Walk - Creating New SNMP Checks using MIB Browsing Tools


SNMP Monitoring
How many times have you wanted to use GFI MAX to monitor a piece of hardware like a router or printer but didn't know how?  GFI MAX offers several ways to monitor IP addressable devices.
  • Ping check - pings a device using its Hostname, FQDN or IP Address and fails if no response is received
  • TCP Service Check - Attempts to connect to the specified port/service.  The check can be configured to pass or fail based on connection status.  In this way it can be used to check for services that should be running or alert you when ports that should be closed become open.
  • Web Page Check - Checks a web page and passes the check as long as it responds with the expected text.
  • SNMP Check - Used to query SNMP server hardware and SNMP enabled network devices such as routers, switched and printers.
So the first three checks are pretty self-explanatory.  SNMP checks however require a bit of digital mysticism.  Here is basic process for creating a new SNMP check that can then be used over and over again on your dashboard.

  • Download and familiarize yourself with an SNMP query tool such as iReasoning (http://www.ireasoning.com/mibbrowser.shtml) or GetIf (http://www.wtcs.org/informant/getif.htm).
  • Acquire any necessary MIB files from device manufacturers (good to have but not 100% necessary in most cases).
  • Load the appropriate MIB files into the MIB browser application and "walk" the SNMP device to find the OID's that you want to query.
  • With the OID's "in hand" create a new Predefined SNMP Check and add it to a server agent to start monitoring the new device.

Is the printer On?

Paul Howe from Dewey, Cheatham & Howe law firm has several network printers and he isn't happy that every time something goes wrong with the printers his copier/printer vendor has to come out to fix the problem even if its something simple like a paper jam or low toner.  He wants Steve from AwesomeTech to monitor the printer so that if it goes offline AwesomeTech can notify him and tell him why its offline (paper, ink, toner etc.).  Steve downloads and installs an MIB browser on Joe's server and searches the manufacturers site, http://www.mibsearch.com/ and  http://www.oidview.com/mibs/detail.html for an MIB file for the firms printers.

Once he has the MIB file, he opens the MIB browser and imports the MIB file.  In iReasoning he goes to File > Load MIBs and browses to the downloaded MIB file and/or selects one or more of the generic MIB files provided.  In his case Brother does not supply a MIB file for lower-end printers so he uses the generic Printer-MIB file included with iReasoning's MIB Browser.

Once the MIB files are loaded, he enters the IP adddress of the device to scan or "Walk" and then goes up to Operations > Walk to scan the device at the given IP address.  This populates the Result table which he then browses to find the OID he needs to query and double-clicks it to populate the fields in the lower-left window.


Using the information above he can cut and paste the OID from the browser to the SNMP check

Armed with the OID he can now create a Predefined SNMP Check in the GFI MAX dashboard.  In the RM dashboard he goes to Settings > Predefined SNMP Checks.  Once the Predefined SNMP Checks window is open, he clicks New and fills out the required fields.


The Default Test Value is the value which will cause the check to PASS if it is returned by the device.  Anything else will generate a failure and alert him via the dashboard.

Once the Predefined SNMP Check is created it can then be added to any server agent.  This allows Steve to add this same check for other printers at the firm or for any of his clients with the same or similar printer.

Before adding SNMP checks to a server agent Steve follows the online help and makes sure the Windows SNMP Agent is installed and the SNMP Service is running.  In some cases it may be necessary to reboot the server after installing the Windows SNMP Agent and enabling the SNMP Service to start receiving SNMP data.

Steve highlights the server he wants to add the check to and then opens the Checks menu and choose Add 24x7 Check > SNMP Check.


When the SNMP Check window opens, he selects the Vendor and Check that he created in the Predefined SNMP Checks and it auto-populates the Check Settings.  Then he enters the Hostname or IP Address of the device to be checked in the SNMP Protocol Settings.  He checks the Port, Community or Protocol Version to make sure they are correct.  If he has trouble with the check, he should try changing the Protocol Version.


Once the check is added, it takes up to 15 minutes for the check to be added to the server agent and then another 15 minutes before data is returned.  This can be sped up by manually re-running checks twice, once to add the new check and then again to actually run the check for the first time.

Now Steve can notify Paul at Dewey, Cheatham and Howe and tell them why their printers are offline without them calling their copier/printer vendor for a service call.

Now you have the "magic wand" you can use to create your own SNMP checks.  GFI customers have added many SNMP checks for numerous different type of devices including switches, routers, printers, VOIP servers and many more.  These checks make you even more valuable to your clients because you can monitor ALL their hardware not just the servers and workstations.

2 comments:

  1. Thanks for this. In my testing, the Windows SNMP Agent does _not_ need to be installed or running on the server where the Advanced Monitoring Agent is installed if you only want to check external devices like printers and routers. However if you want to be able to check the server itself (baseboard, RAID, etc.), both the SNMP service _and_ the manufacturer's instrumentation package (e.g. Dell OpenManage) would need to be installed.

    ReplyDelete
  2. Great point, Mark! Thanks for the clarification!

    ReplyDelete