Logpresso Store

User Guide

Overview

The SNMP app provides various query commands to retrieve and monitor information from network devices. This section describes how to use the key commands.

SNMP (Simple Network Management Protocol) is a standard protocol for monitoring and managing network devices. It is primarily used on network devices such as routers, switches, servers, and firewalls. Administrators can check device performance, faults, and configuration status from the SNMP manager through SNMP.

SNMP operates with a Manager and Agent architecture.

Manager: The entity that monitors the network and sends SNMP requests. Logpresso Sonar acts as the Manager.
Agent: The entity running inside the device that responds to requests or sends notifications (Traps). Network devices act as the Agent.
MIB (Management Information Base): A database that hierarchically defines managed objects.
OID (Object Identifier): A hierarchical number that uniquely identifies a managed object within the MIB. The path from root to leaf represents a specific managed object.

SNMP Versions

There are several versions of SNMP. The most widely used versions are SNMPv2c and SNMPv3. The SNMP app supports SNMPv2c and SNMPv3.

Version	Key Features	Security Level
SNMPv1	First version. Simple request/response structure with Trap support	No authentication (only uses community strings)
SNMPv2c	Extended v1 features: Bulk Request, enhanced Trap functionality	Still based on simple community strings (insecure)
SNMPv3	Authentication and encryption support. User-based Security Model (USM) introduced	Strong authentication/encryption (MD5/SHA, DES/AES support)

SNMPv2c is an improved version of SNMPv1 that allows querying multiple data at once through Bulk Request and exchanging traps bidirectionally through Inform messages. However, it still only provides simple authentication using community strings, making it vulnerable. It is mainly used in closed network environments or for device monitoring where security is not a major concern.

SNMPv3 is the latest version with enhanced security features, providing the following capabilities:

Authentication: Message origin verification (MD5, SHA, etc.)
Privacy: Data transmission encryption (DES, AES, etc.)
Access Control: User-based Security Model (USM) and View-based Access Control Model (VACM) support

SNMPv3 requires user account, authentication protocol, and encryption key configuration, and is recommended for network environments where security is important.

Default MIBs

The SNMP app uses MIB (Management Information Base) files to convert OIDs into human-readable names. For example, SNMPv2-MIB, IF-MIB, IP-MIB, etc.

The SNMP app includes the following standard MIBs:

SNMPv2-SMI, SNMPv2-TC, SNMPv2-MIB, SNMPv2-CONF: SNMP v2 base definitions
SNMP-FRAMEWORK-MIB: SNMP framework
IF-MIB, IANAifType-MIB: Interface information
IP-MIB, INET-ADDRESS-MIB: IP protocol information
TCP-MIB: TCP protocol information
UDP-MIB: UDP protocol information
HOST-RESOURCES-MIB: Host resources (CPU, memory, disk)
ENTITY-MIB, IANA-ENTITY-MIB: Physical entity information
POWER-ETHERNET-MIB: PoE related information
UUID-TC-MIB: UUID type definitions#

MIB Embedded App Support

When an app with embedded MIB files is installed and started, the SNMP app operates as follows:

When the app is installed and started, the SNMP app detects the bundle event.
It scans for MIB files with .txt extension in the /mib/ directory of the new bundle.
The discovered MIB files are loaded and the entire MIB is reloaded along with existing MIBs.
The new MIBs are immediately applied to OID name resolution.

Common OIDs

This section introduces commonly used OIDs that are shared across devices from various vendors.

System Group (1.3.6.1.2.1.1)

OID	Name	Description
1.3.6.1.2.1.1.1.0	sysDescr	System description
1.3.6.1.2.1.1.2.0	sysObjectID	System object ID
1.3.6.1.2.1.1.3.0	sysUpTime	System uptime (TimeTicks)
1.3.6.1.2.1.1.4.0	sysContact	System contact
1.3.6.1.2.1.1.5.0	sysName	System name
1.3.6.1.2.1.1.6.0	sysLocation	System location
1.3.6.1.2.1.1.7.0	sysServices	System services

Interface Group (1.3.6.1.2.1.2)

OID	Name	Description
1.3.6.1.2.1.2.1.0	ifNumber	Number of interfaces
1.3.6.1.2.1.2.2.1.1	ifIndex	Interface index
1.3.6.1.2.1.2.2.1.2	ifDescr	Interface description
1.3.6.1.2.1.2.2.1.3	ifType	Interface type
1.3.6.1.2.1.2.2.1.4	ifMtu	MTU size
1.3.6.1.2.1.2.2.1.5	ifSpeed	Interface speed (bps)
1.3.6.1.2.1.2.2.1.6	ifPhysAddress	MAC address
1.3.6.1.2.1.2.2.1.7	ifAdminStatus	Admin status (1=up, 2=down, 3=testing)
1.3.6.1.2.1.2.2.1.8	ifOperStatus	Operational status (1=up, 2=down)
1.3.6.1.2.1.2.2.1.9	ifLastChange	Last status change time
1.3.6.1.2.1.2.2.1.10	ifInOctets	Inbound bytes (32-bit counter)
1.3.6.1.2.1.2.2.1.11	ifInUcastPkts	Inbound unicast packets
1.3.6.1.2.1.2.2.1.12	ifInNUcastPkts	Inbound non-unicast packets
1.3.6.1.2.1.2.2.1.13	ifInDiscards	Inbound discarded packets
1.3.6.1.2.1.2.2.1.14	ifInErrors	Inbound error packets
1.3.6.1.2.1.2.2.1.16	ifOutOctets	Outbound bytes (32-bit counter)
1.3.6.1.2.1.2.2.1.17	ifOutUcastPkts	Outbound unicast packets
1.3.6.1.2.1.2.2.1.18	ifOutNUcastPkts	Outbound non-unicast packets
1.3.6.1.2.1.2.2.1.19	ifOutDiscards	Outbound discarded packets
1.3.6.1.2.1.2.2.1.20	ifOutErrors	Outbound error packets

IP Group (1.3.6.1.2.1.4)

OID	Name	Description
1.3.6.1.2.1.4.1.0	ipForwarding	IP forwarding enabled
1.3.6.1.2.1.4.2.0	ipDefaultTTL	Default TTL
1.3.6.1.2.1.4.3.0	ipInReceives	Number of received IP packets
1.3.6.1.2.1.4.4.0	ipInHdrErrors	Number of header error packets
1.3.6.1.2.1.4.20.1.1	ipAdEntAddr	IP address table - IP address
1.3.6.1.2.1.4.20.1.2	ipAdEntIfIndex	IP address table - Interface index
1.3.6.1.2.1.4.20.1.3	ipAdEntNetMask	IP address table - Netmask

TCP Group (1.3.6.1.2.1.6)

OID	Name	Description
1.3.6.1.2.1.6.5.0	tcpActiveOpens	Number of active connection attempts
1.3.6.1.2.1.6.6.0	tcpPassiveOpens	Number of passive connection accepts
1.3.6.1.2.1.6.9.0	tcpCurrEstab	Current ESTABLISHED connections

UDP Group (1.3.6.1.2.1.7)

OID	Name	Description
1.3.6.1.2.1.7.1.0	udpInDatagrams	Number of received UDP datagrams
1.3.6.1.2.1.7.4.0	udpOutDatagrams	Number of sent UDP datagrams

Host Resources (1.3.6.1.2.1.25)

OID	Name	Description
1.3.6.1.2.1.25.1.1.0	hrSystemUptime	System uptime
1.3.6.1.2.1.25.1.5.0	hrSystemNumUsers	Number of logged-in users
1.3.6.1.2.1.25.1.6.0	hrSystemProcesses	Number of running processes
1.3.6.1.2.1.25.2.2.0	hrMemorySize	Total memory size (KB)
1.3.6.1.2.1.25.3.3.1.2	hrProcessorLoad	CPU load (%)

UCD-SNMP (Net-SNMP) MIB (1.3.6.1.4.1.2021)

OID	Name	Description
1.3.6.1.4.1.2021.10.1.3.1	ssCpuUser	CPU User utilization (%)
1.3.6.1.4.1.2021.10.1.3.2	ssCpuSystem	CPU System utilization (%)
1.3.6.1.4.1.2021.10.1.3.3	ssCpuIdle	CPU Idle ratio (%)
1.3.6.1.4.1.2021.4.5.0	memTotalReal	Total physical memory (KB)
1.3.6.1.4.1.2021.4.6.0	memAvailReal	Available physical memory (KB)
1.3.6.1.4.1.2021.4.11.0	memTotalFree	Total free memory (KB)
1.3.6.1.4.1.2021.9.1.6.1	dskPath	Disk mount path
1.3.6.1.4.1.2021.9.1.7.1	dskDevice	Disk device name
1.3.6.1.4.1.2021.9.1.8.1	dskTotal	Total disk size (KB)
1.3.6.1.4.1.2021.9.1.9.1	dskAvail	Available disk size (KB)
1.3.6.1.4.1.2021.9.1.10.1	dskPercent	Disk utilization (%)

Vendor-Specific OIDs

This section introduces device-specific OIDs for Cisco and Palo Alto Networks.

Cisco-Specific OIDs

OID	Name	Description
1.3.6.1.4.1.9.2.1.56.0	avgBusy5	5-min average CPU usage (%)
1.3.6.1.4.1.9.9.48.1.1.1.5	cpmCPUTotal5min	5-min average CPU usage (%)
1.3.6.1.4.1.9.9.48.1.1.1.6	cpmCPUTotal1min	1-min average CPU usage (%)
1.3.6.1.4.1.9.9.109.1.1.1.1.3	cpmCPUMemoryUsed	Memory in use (bytes)
1.3.6.1.4.1.9.9.109.1.1.1.1.5	cpmCPUMemoryFree	Free memory (bytes)

Palo Alto-Specific OIDs

OID	Name	Description
1.3.6.1.4.1.25461.2.1.2.1.1.0	panSessionActive	Active sessions
1.3.6.1.4.1.25461.2.1.2.1.2.0	panSessionMax	Maximum sessions
1.3.6.1.4.1.25461.2.1.2.1.19.0	panSessionUtilization	Session utilization (%)
1.3.6.1.4.1.25461.2.1.2.2.1.0	panGPGWUtilizationPct	GlobalProtect gateway utilization (%)

Query Extension Commands

The SNMP app provides the following features through query extension commands:

SNMP Get: Retrieve a specific OID value (snmpv2-get, snmpv3-get)
SNMP Get Next: Retrieve the next OID value (snmpv2-getnext, snmpv3-getnext)
SNMP Bulk Get: Efficiently retrieve multiple OIDs in bulk (snmpv2-bulkget, snmpv3-bulkget)
SNMP Walk: Traverse the OID tree (snmpv2-walk, snmpv3-walk)
SNMP Status: Retrieve device status and system information (snmpv2-status, snmpv3-status)
SNMP Scalars: Retrieve multiple scalar OIDs as a single record (snmpv2-scalars, snmpv3-scalars)
SNMP Interface Tables: Interface traffic statistics and delta calculation (snmpv2-iftables, snmpv3-iftables)

Refer to the documentation of each extension command for usage examples.

Troubleshooting

Request timeout Error

Cause:

Network connectivity issues
Firewall blocking SNMP port (161/UDP)
Incorrect community/profile settings
Device does not support SNMP or SNMP is disabled

Resolution:

Increase timeout and retry values

snmpv2-get community=public host=192.168.1.1 oid=1.3.6.1.2.1.1.1.0 timeout=10 retry=5

Verify network connectivity
```
ping 192.168.1.1
```

Check firewall rules (Windows)

netsh advfirewall firewall show rule name=all | findstr SNMP

Community name required Error (SNMPv2c)

Cause: Community string was not specified

Resolution:

Verify the actual community name configured on the device and explicitly specify the community.

snmpv2-get community=public host=192.168.1.1 oid=1.3.6.1.2.1.1.1.0

Authentication failed Error (SNMPv3)

Cause:

Incorrect username/password
Incorrect authentication protocol selected
User not registered on the device

Resolution:

Verify profile settings:
- Ensure the username is correct
- Ensure the authentication password is correct
- Ensure the authentication protocol (MD5/SHA) matches the device configuration

Verify SNMPv3 user configuration on the device:

# Cisco example
show snmp user

# Net-SNMP example
net-snmp-config --create-snmpv3-user -a SHA -x AES username

OID Not Displayed as Name

Cause: The MIB file for the OID has not been loaded

Resolution:

This is because vendor-specific MIB files have not been added to the app. You need to add vendor-specific OIDs to the app.

MIB File Download Sources:
- Cisco: https://www.cisco.com/c/en/us/support/mibs.html
- Palo Alto: https://docs.paloaltonetworks.com/resources/mib
- Fortinet: https://docs.fortinet.com/product/fortigate/mib
- Net-SNMP: http://www.net-snmp.org/docs/mibs/

Invalid scalar OID Error (snmpv2-scalars, snmpv3-scalars Commands)

Cause: The scalars command only supports scalar OIDs, which must end with .0.

Resolution:

# Incorrect example (table OID)
snmpv2-scalars community=public host=192.168.1.1 oid=1.3.6.1.2.1.2.2.1.2

# Correct example (scalar OID, ends with .0)
snmpv2-scalars community=public host=192.168.1.1 oid=1.3.6.1.2.1.1.1.0

# Use the walk command for table data
snmpv2-walk community=public host=192.168.1.1 oid=1.3.6.1.2.1.2.2

32-bit Counter Overflow Issue

Cause: 32-bit counters such as ifInOctets and ifOutOctets overflow at approximately 4GB.

Resolution:

The SNMP app's iftables command automatically handles 32-bit overflow.

If manual calculation is needed, use 64-bit counters

# 64-bit counters (ifXTable)
snmpv2-get community=public host=192.168.1.1 oid=1.3.6.1.2.1.31.1.1.1.6.1  # ifHCInOctets
snmpv2-get community=public host=192.168.1.1 oid=1.3.6.1.2.1.31.1.1.1.10.1 # ifHCOutOctets

Bandwidth Utilization Exceeds 100%

Cause:

ifSpeed value differs from the actual interface speed
Burst traffic momentarily exceeds bandwidth
Measurement interval is too short

Resolution:

Set a longer interval for averaging

snmpv2-iftables community=public host=192.168.1.1 interval=60

Check the ifSpeed value. Reconfigure the interface speed on the device if necessary.
```
snmpv2-get community=public host=192.168.1.1 oid=1.3.6.1.2.1.2.2.1.5.1
```

Filtering Specific Interfaces Only

Current behavior: The iftables command only filters Ethernet interfaces (ifType=6)

How to filter other types:

 Query all interfaces with walk, then filter in the query
snmpv2-walk community=public host=192.168.1.1 oid=1.3.6.1.2.1.2.2
| search ifType=117  # Filter gigabitEthernet only
| search ifType=161  # Filter ieee8023adLag (Link Aggregation) only

Slow SNMP Response

Cause:

SNMP agent performance limitations on the device
Network latency
Too many OIDs queried simultaneously

Resolution:

Use the snmpv2-bulkget or snmpv3-bulkget commands (faster than snmpv2-walk and snmpv3-walk)

snmpv2-bulkget community=public host=192.168.1.1 oid=1.3.6.1.2.1.2.2.1 max_repetitions=50

Use parallel processing when querying multiple hosts

snmpv2-get community=public host=192.168.1.1,192.168.1.2,192.168.1.3 oid=1.3.6.1.2.1.1.1.0

Query only the OIDs you need

snmpv2-scalars community=public host=192.168.1.1 oid=1.3.6.1.2.1.1.1.0,1.3.6.1.2.1.1.3.0

Unresolved OID Error

Cause:

The OID is not defined in the MIB file
Incorrect OID input

Resolution:

Verify OID format (numbers only, separated by dots)

snmpv2-get community=public host=192.168.1.1 oid=1.3.6.1.2.1.1.1.0

You can also query using numeric OIDs without MIBs

snmpv2-walk community=public host=192.168.1.1 oid=1.3.6.1.4.1.9.9.48.1.1.1

Appendix: References

SNMP Protocol Documents

RFC 1157: SNMPv1
RFC 1213: MIB-II
RFC 3411-3418: SNMPv3
RFC 2578: SMIv2 (MIB Structure)

Useful MIB Browser Tools

iReasoning MIB Browser (Free): http://www.ireasoning.com/mibbrowser.shtml
ManageEngine MibBrowser (Free): https://www.manageengine.com/products/mibbrowser-free-tool/
net-snmp tools (Open Source): http://www.net-snmp.org/

SNMP Testing Tools

Linux/Unix - net-snmp Commands

snmpget -v2c -c public 192.168.1.1 1.3.6.1.2.1.1.1.0
snmpwalk -v2c -c public 192.168.1.1 1.3.6.1.2.1.2.2
snmpbulkwalk -v2c -c public 192.168.1.1 1.3.6.1.2.1.2.2

Windows - PowerShell SNMP cmdlets

Get-SnmpData -IP 192.168.1.1 -OID 1.3.6.1.2.1.1.1.0 -Community public

Online OID Lookup

OID Repository: http://www.oid-info.com/
CISCO OID Lookup: https://snmp.cloudapps.cisco.com/Support/SNMP/do/BrowseOID.do