SNMP (Simple Network Management Protocol) is an application-layer protocol used to manage and monitor network devices. SNMP provides a common way for devices on your network — such as routers, switches, WiFi access points, printers, and anything connected in an IP network — to share monitoring metrics. An SNMP agent is shipped with practically any network equipment, providing an out-of-the-box way to monitor devices over both local area networks (LANs) and wide area networks (WANs). SNMP has also been adopted by some internet of things (IoT) devices vendors.
SNMP pull vs push model
SNMP monitoring can be implemented in two modes: pull or push (traps).
- In the pull model, a monitoring agent sends SNMP requests to a SNMP agent running on the target device on scheduled regular intervals. The SNMP agent on the device responds with the specific requested metric.
- In push mode, a.k.a. SNMP Trap, communication starts from the opposite end. The monitored device (via SNMP agent) sends status messages (traps) to a trap receiver at the monitoring system. In the case of traps, there is no scheduling, trap messages are sent as they are generated, giving a real-time view of system and network performance issues.
By using SNMP pulling and SNMP traps, customers can balance resource consumption impact (both system and network) caused by short pulling intervals trying to catch subtle changes, when a trap would be a better and more cost-efficient option. For example, when a power supply unit or disk failure occurs, Telegraf would receive the SNMP trap and send it to the output plugins. You could then configure an alert to notify you or your team of the failure.
Network and system monitoring solution with Telegraf SNMP and Telegraf SNMP Trap Input Plugins
Telegraf SNMP and SNMP Trap plugins provide a comprehensive solution for monitoring SNMP data from networked devices. Device metrics resource utilization, load status and health check as well as network performance metrics can be monitored via SNMP monitoring.
Telegraf is the collection agent of InfluxData time series platform (see diagram below). InfluxData time series platform allows for the collection, visualization and analysis of all metrics and events ingested and monitored. InfluxDB — the purpose-built time series database is the platform’s core open source component. Telegraf is InfluxDB’s agent with hundreds of plugins for the most common applications and protocols ready to be activated and to start collecting metrics and events. Telegraf is also open source with its own project in the community.
One of the main use-cases for adopting a time series platform is systems and network monitoring. Gathering the data of interest is a key part of any monitoring solution. This can be done in multiple ways.
To facilitate the process, Telegraf was designed as a lightweight, plugin-driven collection agent that can either run on your hosts (collecting data about your systems and applications) or operate remotely (scraping data via endpoints exposed by your applications).
See below TICK Stack architecture:
Telegraf SNMP Plugin configuration
In order to monitor specific devices, the set of desired OIDs for these devices must be configured in the plugin. As a starting point, you can use the influx_snmp plugin.
The plugin is configured for HYTERA-REPEATER MIBs and EtherLike-MIBs. However, configuring Telegraf to monitor other devices and specific MIBs is a simple process.
The directories below can assist you in plugin configuration:
- Cookbook Directory — the
cookbookdirectory provides configuration files for Telegraf that simplify its use for SNMP data collection.
- Devices Directory — the
devicesdirectory contains pre-built SNMP plugin configurations for a variety of SNMP-compatible devices.
- OIDs Directory — the files in the
oidsdirectory contain configuration blocks for a variety of SNMP MIB objects and tables. These configuration blocks can be used to build a device-specific SNMP plugin configuration.
Configuring Telegraf for SNMP collection
To configure Telegraf for SNMP collection, complete the following steps:
1. Setup the configuration directory
Copy the provided
telegraf directory to
2. Set the global polling frequency
telegraf/telegraf.conf to set a global polling frequency:
interval = "60s"
3. Copy the relevant configuration files to
For each device that you want to poll, copy the relevant plugin configuration file from
4. Add the device hostname to the configuration filename
It is likely that you will have more than one of a given device type. In this scenario, it is recommended that a plugin configuration be setup for each device. To accomplish this, each plugin configuration file will need to be uniquely named. To keep things well organized, add the device name to the file name using this convention:
input_juniper_srx.<device_hostname>.toml.conf. For example:
5. Edit the configuration file as required.
- Set the IP address of the device to be polled:
agents = [ "192.0.2.1:161" ]
- Optionally configure a device-specific polling frequency:
interval = "60s"
- Set the community string or other SNMP credentials:
community = "public"
Alternately, community strings can be configured globally per device type. This is achieved via an environment variable, e.g.
community = "$TELEGRAF_ENGENIUS_WIFI_COMMUNITY". A systemd configuration file is provided,
telegraf.service.d/telegraf.conf, which allows the environment variable values to be easily set.
6. Start Telegraf
Start Telegraf by running the following commands:
$ systemctl daemon-reload$ systemctl start telegraf.service
To ensure Telegraf is started automatically at system boot, run:
$ systemctl enable telegraf.service
For more information, please check out the documentation.
Telegraf SNMP Trap configuration
Like most Telegraf plugins, the SNMP Trap Input Plugin does not require much configuration. Some prerequisites to install tools from the net-snmp project are required. In addition, on many operating systems, listening on a privileged port (a port number less than 1024) requires extra permission. Since the default SNMP trap port 162 is in this category, using Telegraf to receive SNMP traps may require elevated permissions.
[[inputs.snmp_trap]] ## Transport, local address, and port to listen on. Transport must ## be "udp://". Omit local address to listen on all interfaces. ## example: "udp://127.0.0.1:1234" ## ## Special permissions may be required to listen on a port less than ## 1024. See README.md for details ## # service_address = "udp://:162" ## Timeout running snmptranslate command # timeout = "5s"
What metrics are collected from Telegraf SNMP Trap plugin?
|IP address of trap source|
|value from SNMPv2-MIB::snmpTrapOID.0 PDU|
|Management Information Base (MIB) from SNMPv2-MIB::snmpTrapOID.0 PDU|
|Object Identifiers (OID) string from SNMPv2-MIB::snmpTrapOID.0 PDU|
|Version “1" or "2c" or "3"|
Fields are mapped from variables in the trap. The field names are the trap variable names after MIB lookup. The field values are trap variable values. (example fields:
Webinar: Write your own Telegraf Plugin
Contribution guidelines: Contribute to Telegraf
Other implementations for SNMP data collection using InfluxData platform: https://github.com/robcowart/influx_snmp
Guidelines for specific plugin types: