Ep. 4: Using SNMP to monitor network devices

To load this YouTube video you are required to accept advertising cookies.

Note: All the videos on our website offered in the German language have English subtitles and transcripts, as given below.

[0:00:03] Today we will be monitoring switches.
[0:00:15] Welcome to a new episode of the Checkmk Channel.
[0:00:18] Today the subject is SNMP.
[0:00:20] SNMP means Simple Network Management Protocol, a protocol implemented for many switches, routers, printers, USVs, hardware sensors and many other devices which enables them to be easily monitored.
[0:00:35] The good news is that you don’t need to install any agents in Checkmk.
[0:00:38] You only need to enable SNMP access to the devices.
[0:00:43] The rest is very easy in Checkmk, and here I will show you how to achieve this.
[0:00:48] I would now like to add a switch into the monitoring which I have already prepared – that is, one in which I have already enabled SNMP access.
[0:00:55] For this, as usual I simply go into the WATO menu Hosts, and create a new host with the New host button.
[0:01:04] What should I name the new switch? I’m unimaginative – let’s just say Switch1.
[0:01:08] I need to enter the IP Address manually, because it’s simply an imaginary name that is not resolvable.
[0:01:16] Now we come to the important point in SNMP, that you de-select the Checkmk agent since no agent has been installed on the switch, and none is required, but instead you activate SNMP, and select the SNMP V2 or V3 option.
[0:01:32] The SNMP V1 option will be very rarely needed, unless you have a device that is at least five or ten years old which doesn’t support V2.
[0:01:42] This will be seldom, but at least the option is available in such a case.
[0:01:48] The Credentials are also important – one will generally work with SNMPv2, and Credentials are simply a form of password as known in the SNMP Community.
[0:01:59] You input the Community where you enable the SNMP access for the device.
[0:02:05] It is often the case that a default-password is called ‘Public’, so you can simply try to see if ‘Public’ works if no explicit definition has been made.
[0:02:16] Next I go to Save and Test in order to open a diagnostic page.
[0:02:23] On the diagnostic page, as usual the host will be pinged, it will also attempt to call the Checkmk agent, but that will normally not be successful.
[0:02:32] The items you can see below are more interesting – SNMPv1, SNMPv2c, and so on.
[0:02:37] I’ll close the side-menu to see these more clearly.
[0:02:40] Here can be seen that Checkmk, despite the selection of v2, nonetheless tests all four protocol variants.
[0:02:49] You thus have a quick overview of what your device supports.
[0:02:52] Important is that you get a response for SNMPv2c.
[0:02:55] You can see, for example, SysDescr – the System-Description – a text specified by every manufacturer.
[0:03:02] The other three items are infos you have entered into the switch, for example, a contact address, a name, and so on.
[0:03:10] It all looks really good now, so I will now simply store with ’Save & Exit’.
[0:03:16] Now, as always, we need our Service-Configuration, so I go to the Services button, and Checkmk now has a look over the device, performs its so-called SNMP-Scan, and finds a whole list of things that are not being monitored – up until now – because we still have nothing actually in the monitoring.
[0:03:36] So now I click on ’Monitor’ for all Undecided Services, which means that they will all be added to the monitoring.
[0:03:46] What that exactly means we will shortly have a look at.
[0:03:48] I click on Activate Changes – which we already know – and shortly thereafter I have my third host in the monitoring.
[0:03:56] I can now reopen the side-menu.
[0:03:58] We can see that we have three hosts, and when I now go to my switch, we will find a whole list of services which we can now have a look at.
[0:04:11] So, in the list of services, as always we can first see two Checkmk services. Maybe just a brief word here – the first service, simply named Checkmk, basically just shows you whether the monitoring of the switch is working.
[0:04:27] Here you can see an SNMP-Success, execution time 1.4 seconds – which means that monitoring the switch took 1.4 seconds, thus, the retrieval of all SNMP information.
[0:04:39] In the second service, we would receive a warning if things turned up on the switch that are not being monitored at the moment.
[0:04:46] This is the case, for example, for Switch-Ports that were not active during the first monitoring, but which are now active.
[0:04:55] Check_mk is preconfigured so that when you include a switch in the monitoring, all ports currently in use, that is those with the ‚Up’ link status will be added to the monitoring, and any others will not be added.
[0:05:07] For example, here you can see Interface 1, 4, 5, 13, 17, 18, 19.
[0:05:11] These are by no means all of them.
[0:05:13] This can of course all be configured – and how to do that can be found in the handbook.
[0:05:19] So here you can see the status of these interfaces.
[0:05:22] It is important that you not only see whether this interface is up or down, but you also get a lot more information, for example, on the error rates, transmission speeds, and other important details.
[0:05:34] Then there is the SNMP Info service, which is usually always ‚OK’, and which just summarises the information configured in the switch – namely the type designation, then the name of the switch, in which room or site it is located, and the contact persons.
[0:05:50] This is data that you yourself entered.
[0:05:53] The last service shows you the Uptime, and you can see, for example, that this switch has been active for 107 days.
[0:05:58] Now this is a situation that is usually ‚OK’.
[0:06:01] But you can configure the Uptime check so that, for example, it warns you if the Uptime is very short, because that means the device was rebooted recently, and you might want to know this.
[0:06:13] We saw earlier that there is an SNMP version v3 in addition to the SNMPv2.
[0:06:19] The main difference is that SNMPv3 implements security features – while SNMPv2 is in fact unencrypted – and anyone with access to the LAN can read this data and even read this community – or whatever it is called – publicly.
[0:06:33] Incidentally, this is also the reason why most leave the community public, since the protocol is insecure anyway.
[0:06:38] The good thing is that the data have only read access, which means that an attacker could not change anything on your switch, but could only read the diagnostic data.
[0:06:51] If you now need or want a higher level of security, you can use SNMPv3.
[0:06:56] I have to say that this is much more complex to set up, and it consumes significantly more processing time, especially on the monitored device itself.
[0:07:03] I will show you here briefly how this setting-up works.
[0:07:07] So, I go back to the definition of the host in WATO, then to the properties for the switch.
[0:07:14] The key point is now here at the SNMP Credentials, and to get v3, I have to choose one of these three options.
[0:07:23] Interestingly, there are different levels of security here - the only really secure option is the last one, with authentication and privacy.
[0:07:34] When I select this, I have to provide a whole bunch of additional information – I need a security name, I need a password, I need a pass phrase.
[0:07:42] All of these things must also be configured in the respective switch, and the values simply entered into these fields here.
[0:07:49] The whole thing should now work, and it will also be secure.
[0:07:55] So that's it for today.
[0:07:56] Thanks for watching, and see you again next time.

Want to know more about Checkmk? Join us for our Introduction to Checkmk Webinar

Register now

More Checkmk Videos