How to Monitor Your SNMP Devices with Telegraf

Recently we released a new SNMP Trap input plugin in Telegraf 1.13. I’d like to tell you more about that plugin and how you can use it.

What is SNMP used for?

Simple Network Management Protocol (SNMP) is an application-layer protocol used to manage and monitor network devices. SNMP provides a common way for devices on your network — such as routers, WiFi access points, and printers — to share monitoring metrics. The beauty of SNMP is that it’s been around forever so many different vendors support it, and that it works over both local area networks (LANs) and wide area networks (WANs). SNMP is also used for some internet of things (IoT) devices.

Is SNMP still used?

Yes! Even though SNMP was defined in 1988 — an eternity by tech standards — it’s still widely used for monitoring and management. There are three main versions of SNMP — versions 1, 2 and 3. If you have a choice, use SNMP v3, since it has increased security capabilities: user accounts, authentication, and data encryption.

What are SNMP Traps?

SNMP diagram

SNMP Traps are alert messages sent from a remote SNMP-enabled device to a central collector, the “SNMP manager”.  SNMP exposes data via object identifiers (OID), whose hierarchical tree structure is organized in a Management Information Base (MIB). MIBs are text files provided by equipment vendors that lists all data objects (OIDs) managed by a specific equipment.

Your SNMP manager will use the MIB to interpret the incoming messages from your new device. Trap messages are the main form of communication between an SNMP Agent and an SNMP Manager. A major benefit of using SNMP Traps for reporting alarms is that they trigger instantaneously, rather than waiting for a status request from the manager.

How can I use Telegraf to monitor my SNMP Traps?

The Telegraf SNMP Trap Input Plugin receives SNMP notifications — traps and inform requests — to give a real-time view of system and network performance issues. In addition, by monitoring SNMP traps, customers can balance resource consumption impact (both system and network) caused by pulling SNMP data in short intervals. For example, when a power supply unit or disk failure occurs, Telegraf would receive the SNMP trap and send it to the output plugins. You could then configure an alert to notify you or your team of the failure.

How do I properly configure my SNMP Trap Plugin?

Like most Telegraf plugins, the SNMP Trap Input Plugin does not require much configuration. Some prerequisites to install tools from the net-snmp project are required. In addition, on many operating systems, listening on a privileged port (a port number less than 1024) requires extra permission. Since the default SNMP trap port 162 is in this category, using Telegraf to receive SNMP traps may require elevated permissions.

[[inputs.snmp_trap]]
  ## Transport, local address, and port to listen on.  Transport must
  ## be "udp://".  Omit local address to listen on all interfaces.
  ##   example: "udp://127.0.0.1:1234"
  ##
  ## Special permissions may be required to listen on a port less than
  ## 1024.  See README.md for details
  ##
  # service_address = "udp://:162"
  ## Timeout running snmptranslate command
  # timeout = "5s"

What metrics are collected from Telegraf SNMP Trap plugin?

Tags:

TagDescription
source
IP address of trap source
name
value from SNMPv2-MIB::snmpTrapOID.0 PDU
mib
Management Information Base (MIB) from SNMPv2-MIB::snmpTrapOID.0 PDU
oid
Object Identifiers (OID) string from SNMPv2-MIB::snmpTrapOID.0 PDU
version
Version “1” or “2c” or “3”

Fields:

Fields are mapped from variables in the trap. The field names are the trap variable names after MIB lookup. The field values are trap variable values. (example fields: sysUpTimeInstance (integer), snmpTrapEnterprise (string))

Example of Telegraf collecting SNMP Traps during a SNMP Server (snmpd) Restart

 

Above is a quick demo using the SNMP Trap plugin where Telegraf is set up to receive traps on port 162 of an SNMP virtual machine. All agent settings are default configurations.

Input Plugin configuration from demo:

[[inputs.snmp_trap]]
service_address = "udp://:162"

The virtual machine used in the demo has net-snmp’s snmpd to send version 1 and version 2c traps to Telegraf. In the demo, the virtual machine is restarted and therefore will send shutdown (nsNotififyShutdown) and startup (coldStart) traps to Telegraf.

Output Results from demo (select “view raw” to view entire raw text in full screen):

Get started!

If you or your company are using any version of SNMP devices and want to monitor traps, try out everything you read in this Telegraf plugin! We’d love to hear how you’re monitoring SNMP using this plugin or any other InfluxData products. Join our Community Slack Channel where you can ask questions and engage with other people using InfluxDB!

3 thoughts on “How to Monitor Your SNMP Devices with Telegraf”

  1. Okej. I have reading this. I missing only one thing.
    A picture/flowshart of what is what. Trap, agent, telegraf agent , influxdb, client sender is SNMP? ,Net-snmp.

    As beginner it’s a bit complicated to onderstand when it’s so many agents and plugins and so on. But this is the best post I have read so far.

  2. This is using a deprecated inputs plugin even according to the docs. Can you provide an example using
    the newer inputs.snmp plugin? As well as the snmpd.conf required on the server side?

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top