ManySolutions,OneGoal.

SNMPandYou

KyleSmith,IntegrationDeveloper,Aplura,LLC

ManySolutions,OneGoal.

WhoamI?

• KyleSmith• BaltimoreUGCo-Lead• WroteaBook• SplunkTrust• IRC/Slack/Answers/Community

ManySolutions,OneGoal.

WhatisSNMP?• SimpleNetworkManagementProtocol• CollectsInformation• ConfiguresSettings

• 3Versions• SNMPv1

• Oldest,easiesttoconfigure.Simpleprotection• SNMPv2c

• Sameasv1,butwith64Bitcounters• SNMPv3

• Addsencryptionandauthenticationtov2c.Mostsecure,butcomplex.

https://www.logicmonitor.com/blog/whats-with-the-different-snmp-versions-s1-v2c-v3/

ManySolutions,OneGoal.

MIBsandOIDs• MIBs• ManagementInformationBase

• Databasethatcontainsentitiesusedinacommunicationnetwork

• OIDs• ObjectIdentifiers

• ManagedElements• Hierarchicalinnature• Followsatreeformat

• IANAEnterpriseNumbers• Canberegisteredforanyorganization.• Aplurais50198

https://en.wikipedia.org/wiki/Object_identifierhttps://www.iana.org/assignments/enterprise-numbers

ManySolutions,OneGoal.

Architecture

ManySolutions,OneGoal.

SNMPPolling• Canbedoneonintervalstocollectmetricsinformation• OIDsofaspecificsystemcanbediscoveredby“walking”theMIB.(assupported)• Mustuseanagenttocollecttheinformation• UDPPort161• “Pull”• snmpwalk -v1-csplunk 192.168.1.11.3.6.1.4.1.8072

ManySolutions,OneGoal.

SNMPTraps• AllowsSNMP-trapenabledequipmentto“reachoutandtouchsomeone”• UDPPort162• NOACK,sodatalosspossible.• Generallyindicateproblems/warnings/errors• “PUSH”

ManySolutions,OneGoal.

SplunkandSNMP

• Nonativefunctionality(input)topullSNMPdata.• CommunityApps• https://splunkbase.splunk.com/app/1537/

• MusthaveMIBstoperform“OIDTranslation”• PainPoints• autoresolving oids – gotta havecustomMIB• anythingreallyaroundsetupisaPITAcomparedtoothertools• ModularInputdoesn’tdiegracefully(oratall)

ManySolutions,OneGoal.

SNMPPollingInput

ManySolutions,OneGoal.

SampleSNMPOutput

• NoAuto-Extractionofvariables/fields

• PossibletohaveOIDsandnotFieldnames(messydata)

ManySolutions,OneGoal.

SNMPTrapsinSplunk• InstalltheSNMPTA• ConfiguretolistenforTraps

• USE0.0.0.0NOTlocalhost!

ManySolutions,OneGoal.

TrapsSample

• NoAutoExtraction oftrapOIDInformation• NoCIMfields

ManySolutions,OneGoal.

Collectd andSNMP

• Installcollectd• Enablesnmp andwrite_http plugins(/etc/collectd/collectd.conf• Useoutputplugins(CSV/HEC/MetricsStore)

Shhhh……..http://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/GetMetricsInCollectd

ManySolutions,OneGoal.

SNMPConfig – Collectd - HEC

ManySolutions,OneGoal.

SNMPConfig – Collectd SNMP

ManySolutions,OneGoal.

SNMPCollectd CSVOutput

• CanthenuseUFtoconsumethedata• Filenames/locationsconfigurable

ManySolutions,OneGoal.

Tools

• MIBBrowser/TrapSender• Solarwinds ToolSet

• Windowsonly• AlargeamountofMIBs

• http://ireasoning.com/mibbrowser.shtml• CanusecustomMIBsasrequired• JAVA– MacOSX,Windows,etc.• Sends/receivesTraps• Walkthedevices

ManySolutions,OneGoal.

Examplesanddashboards

ManySolutions,OneGoal.

Questions?

• I’msuretherearesome.

ManySolutions,OneGoal.

SNMPTA– CheckforMIBS

• FollowdocumentationtoseewhatMIBsaresupportedbydefault• AddnewMIBs(notworkingyet)• FindnewMIBS(weareusingUbiquitiasourtest)• Performedin“snmp_ta/bin”• Pipinstall-Ivpysnmp==4.2.5• build-pysnmp-mib -oUBNT-MIB.py ./UBNT-MIB• build-pysnmp-mib -oUBNT-UniFi-MIB.py ./UBNT-UniFi-MIB• BuildanEgg

ManySolutions,OneGoal.

SNMPAppbyAplura

• Requirements:• Setupwizard(https://openui5.hana.ondemand.com/#/entity/sap.m.Wizard)• Net-snmp forsetupwizard• Collectd• SNMPpluginforcollectd (https://collectd.org/wiki/index.php/Plugin:SNMP)• Write_http pluginforcollectd (sendtoHEConHF)• MassivefuckingMIBList.• RESTendpointtoread/writethecollectd.conf file.

ManySolutions,OneGoal.

SNMPAppbyApluraSteps

• CheckforandconfigureHEC.StoreTokensecurely• UseWizard:• “DataElements”:queryspecifichosttopullMIBs/OIDssupported.• Create“DataSet”,allownamebyuser.• Whitelist/blacklist

• AllowIPranges(iterateandmakehoststanzasforcollectd.conf)

ManySolutions,OneGoal.

AddadditionalMIB

• Somestepsandexampleshere.