SNMP Basics
Server Training - Nagios

SNMP or Simple Network Management Protocol will allow you to monitor many different kinds of network devices.  In fact most network devices are capable of working with SNMP not just routers and switches.  Though you can use NRPE or SSH to monitor servers, devices like switches and routers will require SNMP to monitor what is happening internally with them.  The SNMP is not an easy protocol to get to know because what you see when working with it is the communication that is designed between two programs using machine processing.

Lesson 1| Lesson 3

 

 

 

Nagios provides for two different types of usage with SNMP, passive and active.  In the active role Nagios can use plugins to request information from the client.  Using the passive aspect Nagios can receive traps, or messages from the agent to the manager to process the information.

If you are going to use SNMP you will need a basic understanding of how the hierarchical namespace of SNMP is configured.  SNMP uses a tree of numbers which represent the structure as you can see in the next illustration.  At the top of the tree is root or “1” which is the International Organization for Standardization (iso).  The next level represents the “org” for organizations.  The Department of defense is the third level, “dod”.  Under “dod” is the Internet node, “1.3.6.1”.  Each of these numbers represents a node or OID, (Object Identifier).  When you use SNMP you will often see references to OIDs.

When you are working with Nagios, the important aspect is management communication with the device, so the illustration shows a definition of the 1.3.6.1.2 mgmt node and the mibs or (Management Information Base).  These mibs provide critical information you need for Nagios.  As you  move into the mib-2.2 node and the interfaces.2 ifTable  you discover the ifEntry level which shows the specific interface (eth0) which is the specific information Nagios needs to monitor these devices.

SNMP

Basic Nagios Training PDF

SNMP has several protocol versions which will be significant in communication. The first version was developed in 1988 and named SNMPv1.  This version is very insecure in that the two passwords, which are represented by community, are typically “public” so that anyone can access them and to make it worse, usually are transferred plain text so they can be captured by a network sniffer.  Here is an example look at a router.

SNMP:
Get Community= public
Set Community= public
Trusted Host= 192.168.5.50
Trap:
Community= public
Destination= 192.168.5.50

Note in this example that the only defense for your router is changing the default password from “public” and making sure the required host and the machine that can accept traps is listed to eliminate other machines.

SNMPv2was designed to address some of the security issues.  However, since it never really became popular it really did not make much impact.  However, the current version SNMPv3 now implements some improvements.  SNMPv3 is backward compatible to version 1 and 2. Whenever you work with SNMP you will need to indicate the version that you are working with.