SNMP (Simple Network Management Protocol) is an application-layer protocol used to manage and monitor network devices. SNMP provides a common way for devices on your network — such as routers, switches, WiFi access points, printers, and anything connected in an IP network — to share monitoring metrics. An SNMP agent is shipped with practically any network equipment, providing an out-of-the-box way to monitor devices over both local area networks (LANs) and wide area networks (WANs). SNMP has also been adopted by some internet of things (IoT) devices vendors.
SNMP pull vs push model
SNMP monitoring can be implemented in two modes: pull or push (traps).
- In the pull model, a monitoring agent sends SNMP requests to a SNMP agent running on the target device on scheduled regular intervals. The SNMP agent on the device responds with the specific requested metric.
- In push mode, a.k.a. SNMP Trap, communication starts from the opposite end. The monitored device (via SNMP agent) sends status messages (traps) to a trap receiver at the monitoring system. In the case of traps, there is no scheduling, trap messages are sent as they are generated, giving a real-time view of system and network performance issues.
By using SNMP pulling and SNMP traps, customers can balance resource consumption impact (both system and network) caused by short pulling intervals trying to catch subtle changes, when a trap would be a better and more cost-efficient option. For example, when a power supply unit or disk failure occurs, Telegraf would receive the SNMP trap and send it to the output plugins. You could then configure an alert to notify you or your team of the failure.
Network and system monitoring solution with Telegraf SNMP and Telegraf SNMP Trap Input Plugins
Telegraf SNMP and SNMP Trap plugins provide a comprehensive solution for monitoring SNMP data from networked devices. Device metrics resource utilization, load status and health check as well as network performance metrics can be monitored via SNMP monitoring.
Telegraf is the collection agent of InfluxData time series platform (see diagram below). InfluxData time series platform allows for the collection, visualization and analysis of all metrics and events ingested and monitored. InfluxDB — the purpose-built time series database is the platform’s core open source component. Telegraf is InfluxDB’s agent with hundreds of plugins for the most common applications and protocols ready to be activated and to start collecting metrics and events. Telegraf is also open source with its own project in the community.
One of the main use-cases for adopting a time series platform is systems and network monitoring. Gathering the data of interest is a key part of any monitoring solution. This can be done in multiple ways.
To facilitate the process, Telegraf was designed as a lightweight, plugin-driven collection agent that can either run on your hosts (collecting data about your systems and applications) or operate remotely (scraping data via endpoints exposed by your applications).
See below TICK Stack architecture:
Telegraf SNMP Plugin configuration
The Telegraf SNMP input plugin uses polling to gather metrics from SNMP agents. The plugin also includes support for gathering individual OIDs as well as complete SNMP tables.
Configuring Telegraf for SNMP collection
The following configuration is used to run the SNMP plugin with Telegraf. Read more about the details to configure Telegraf in our documentation.
[[inputs.snmp]] ## Agent addresses to retrieve values from. ## format: agents = ["<scheme://><hostname>:<port>"] ## scheme: optional, either udp, udp4, udp6, tcp, tcp4, tcp6. ## default is udp ## port: optional ## example: agents = ["udp://127.0.0.1:161"] ## agents = ["tcp://127.0.0.1:161"] ## agents = ["udp4://v4only-snmp-agent"] agents = ["udp://127.0.0.1:161"] ## Timeout for each request. # timeout = "5s" ## SNMP version; can be 1, 2, or 3. # version = 2 ## SNMP community string. # community = "public" ## Agent host tag # agent_host_tag = "agent_host" ## Number of retries to attempt. # retries = 3 ## The GETBULK max-repetitions parameter. # max_repetitions = 10 ## SNMPv3 authentication and encryption options. ## ## Security Name. # sec_name = "myuser" ## Authentication protocol; one of "MD5", "SHA", or "". # auth_protocol = "MD5" ## Authentication password. # auth_password = "pass" ## Security Level; one of "noAuthNoPriv", "authNoPriv", or "authPriv". # sec_level = "authNoPriv" ## Context Name. # context_name = "" ## Privacy protocol used for encrypted messages; one of "DES", "AES", "AES192", "AES192C", "AES256", "AES256C", or "". ### Protocols "AES192", "AES192", "AES256", and "AES256C" require the underlying net-snmp tools ### to be compiled with --enable-blumenthal-aes (http://www.net-snmp.org/docs/INSTALL.html) # priv_protocol = "" ## Privacy password used for encrypted messages. # priv_password = "" ## Add fields and tables defining the variables you wish to collect. This ## example collects the system uptime and interface variables. Reference the ## full plugin documentation for configuration details. [[inputs.snmp.field]] oid = "RFC1213-MIB::sysUpTime.0" name = "uptime" [[inputs.snmp.field]] oid = "RFC1213-MIB::sysName.0" name = "source" is_tag = true [[inputs.snmp.table]] oid = "IF-MIB::ifTable" name = "interface" inherit_tags = ["source"] [[inputs.snmp.table.field]] oid = "IF-MIB::ifDescr" name = "ifDescr" is_tag = true
The SNMP input plugin provides two methods of configuring SNMP requests:
When you want to collect a variable by OID, use the
field configuration in
inputs.snmp.field sections. When you want to poll multiple SNMP metrics from a single Telegraf agent, you can configure additional
inputs.snmp.table section if you want to collect SNMP tables.
Telegraf SNMP Trap configuration
Like most Telegraf plugins, the SNMP Trap Input Plugin does not require much configuration. Some prerequisites to install tools from the net-snmp project are required. In addition, on many operating systems, listening on a privileged port (a port number less than 1024) requires extra permission. Since the default SNMP trap port 162 is in this category, using Telegraf to receive SNMP traps may require elevated permissions.
[[inputs.snmp_trap]] ## Transport, local address, and port to listen on. Transport must ## be "udp://". Omit local address to listen on all interfaces. ## example: "udp://127.0.0.1:1234" ## ## Special permissions may be required to listen on a port less than ## 1024. See README.md for details ## # service_address = "udp://:162" ## Timeout running snmptranslate command # timeout = "5s"
What metrics are collected from Telegraf SNMP Trap plugin?
|IP address of trap source|
|value from SNMPv2-MIB::snmpTrapOID.0 PDU|
|Management Information Base (MIB) from SNMPv2-MIB::snmpTrapOID.0 PDU|
|Object Identifiers (OID) string from SNMPv2-MIB::snmpTrapOID.0 PDU|
|Version “1" or "2c" or "3"|
Fields are mapped from variables in the trap. The field names are the trap variable names after MIB lookup. The field values are trap variable values. (example fields:
Webinar: Write your own Telegraf Plugin
Contribution guidelines: Contribute to Telegraf
Other implementations for SNMP data collection using InfluxData platform: https://github.com/robcowart/influx_snmp
Guidelines for specific plugin types: