Devices

NetObserv SNMP makes it simple to add devices providing little more than an IP address, SNMP credentials and one or more Device Groups.

Adding Devices

Automatically Discovering Devices

ElastiFlow provides a way to automatically discover devices in your network.

Manually Configuring Devices

1. Create (or update an existing) yml file in /etc/elastiflow/snmp/devices (or wherever EF_INPUT_SNMP_DEVICE_DEFINITIONS_DIRECTORY_PATH is configured)

2. Define the ip address to reach the device

3. Define either community strings to use (for SNMP v1/v2c), or define credentials to use for devices you want to use SNMP v3 to access.

4. Add "device groups". This is how you tell NetObserv SNMP which types of OIDs to look for.

   1. Usually you only need to find the device group for the device type this device is. The reason for having device groups is to make this configuration step easy.

   2. To see the full list of device groups available for you to use, see /etc/elastiflow/snmp/device_groups (or wherever EF_INPUT_SNMP_DEVICE_GROUP_DEFINITIONS_DIRECTORY_PATH is configured)

SNMP v1/v2c Example

Full configuration:

example1.elastiflow.com:
  ip: 192.0.2.1
  port: 161
  poll_intervals:
    active: 300
  timeout: 3000
  retries: 2
  exponential_timeout: false
  version: 2c
  communities:
    - public
  device_groups:
    - cisco_c1000
  max_concurrent_polls: 4

When using the defaults:

SNMP v3 Example

Full configuration:

When using the defaults:

Global Device Defaults

The location of the global default device definition file is specified by EF_INPUT_SNMP_DEFAULTS_DIRECTORY_PATH in the collector's configuration options. The file in this directory must be named device.yml. The default location is /etc/elastiflow/snmp/defaults. This file will apply default values to every device definition where values are not provided (except the ip field).

Device Defaults Example

Defaults file:

Device file:

Resulting definition:

Configuration Attributes

ip

The IP address of the device to which SNMP requests will be sent.

EXAMPLE: ip: 192.0.2.2

port (optional)

The UDP port on which the device listens for SNMP requests.

• Default

  • 161

poll_intervals (optional)

This configuration parameter allows for device-specific overrides of the per object type poll_interval values defined in /etc/elastiflow/snmp/default/object_types.yml.

The duration, in seconds, between SNMP polling cycles.

The default, NetObserv SNMP object types are defined in /etc/elastiflow/snmp/default/object_types.yml as follows:

• dynamic

  • Highly volatile metrics and critical operational states. Use for data requiring near high granularity or immediate alerting.

  • Examples: ifInOctets/ifOutOctets (traffic counters), CPU utilization.

  • Default: 60

• active

  • Routine metrics that fluctuate regularly but do not require high granularity tracking.

  • Examples: Environmental sensors (temperature/fans), connection counts, active processes.

  • Default: 300

• stable

  • Slow-moving data and logical topology states that change infrequently. Use for heavy tables that are too expensive to poll frequently, but change often enough to need regular tracking

  • Examples: LLDP neighbor tables and ARP caches (ipNetToMediaTable).

  • Default: 3600

• immutable

  • Static inventory and administrative metadata that rarely, if ever, changes. Use for physical hardware tracking and system-level settings.

  • Examples: entPhysicalTable (serial numbers, hardware models), firmware versions.

  • Default: 86400

The following is an example of how these values can be overridden for a specific device using this poll_intervals parameter in the device's configuration.

Example:

poll_interval (optional)

The duration, in seconds, between SNMP polling cycles. This will only apply to SNMP objects which do not have a type defined.

• Default

  • 60

timeout (optional)

The time to wait, in milliseconds, for a response to an SNMP request.

• Default

  • 3000

retries (optional)

The number of times to retry a failed SNMP request before the task is cancelled.

• Default

  • 2

exponential_timeout (optional)

Defines whether the timeout interval should remain static (false) for each retry, or increase exponentially (true).

• Default

  • false

version

Specifies the SNMP version to use when polling this device. Valid values are:

• Valid Values

  • 1, 2c, 3

communities

If version is 1 or 2c a list of communities must be provided. The collector will attempt to find a valid community from the list and will use that community for all subsequent polls.

EXAMPLE:

v3_credentials

If version is 3 a list of SNMPv3 credentials must be provided. The collector will attempt to find valid credentials from the list and will use those credentials for all subsequent polls.

EXAMPLE:

username

The username used to authenticate with the device using SNMPv3.

authentication_protocol

The authentication protocol used to authenticate the username with the device using SNMPv3.

Options include: "noauth" "md5" "sha" "sha128" "sha224" "sha256" "sha384" "sha512"

authentication_passphrase

The authentication passphrase used to authenticate the username with the device using SNMPv3.

privacy_protocol

The privacy protocol used to encrypt SNMPv3 traffic between the SNMP input and the device.

Options include: "nopriv" "des" "aes" "aes192" "aes256" "aes192c" "aes256c"

privacy_passphrase

The privacy passphrase used to encrypt SNMPv3 traffic between the SNMP input and the device.

device_groups

Defines a list of Device Groups which the Device may implement.

max_concurrent_polls (optional)

The maximum number of concurrent polls that can be performed against this device. This is useful for throttling or increasing the number of concurrent polls to a device depending on the device's capabilities.

• Default

  • 4

cisco_qos_enabled (optional)

Defines whether the device supports Cisco QoS MIBs and signals to the collector to enable enrichment of QoS policy data.