# Devices

 NetObserv SNMP makes it simple to add devices providing little more than an IP address, SNMP credentials and one or more [Device Groups](/snmpcoll/configuration/snmp-definition-files/def_device_groups.md).

### Adding Devices

#### Automatically Discovering Devices

ElastiFlow provides a way to [automatically discover devices](/snmpcoll/configuration/def_devices/autodiscovery.md) in your network.

#### Manually Configuring Devices

1. Create (or update an existing) yml file in `/etc/elastiflow/snmp/devices` (or wherever [`EF_INPUT_SNMP_DEVICE_DEFINITIONS_DIRECTORY_PATH`](/snmpcoll/configuration/input_snmp.md#ef_input_snmp_device_definitions_directory_path) is configured)
2. Define the ip address to reach the device
3. Define either community strings to use (for SNMP v1/v2c), or define credentials to use for devices you want to use SNMP v3 to access.
4. Add "device groups". This is how you tell NetObserv SNMP which types of OIDs to look for.
   1. Usually you only need to find the device group for the device type this device is. The reason for having device groups is to make this configuration step easy.
   2. To see the full list of device groups available for you to use, see `/etc/elastiflow/snmp/device_groups` (or wherever [`EF_INPUT_SNMP_DEVICE_GROUP_DEFINITIONS_DIRECTORY_PATH`](/snmpcoll/configuration/input_snmp.md#ef_input_snmp_device_group_definitions_directory_path) is configured)

### SNMP v1/v2c Example

**Full configuration:**

```yaml
example1.elastiflow.com:
  ip: 192.0.2.1
  port: 161
  poll_intervals:
    active: 300
  timeout: 3000
  retries: 2
  exponential_timeout: false
  version: 2c
  communities:
    - public
  device_groups:
    - cisco_c1000
  max_concurrent_polls: 4
```

**When using the defaults:**

```yaml
example1.elastiflow.com:
  ip: 192.0.2.1
  version: 2c
  communities:
    - public
  device_groups:
    - cisco_c1000
```

#### SNMP v3 Example

**Full configuration:**

```yaml
example2.elastiflow.com:
  ip: 192.0.2.2
  port: 161
  poll_intervals:
    active: 300
  timeout: 3000
  retries: 2
  exponential_timeout: false
  version: 3
  v3_credentials:
    - username: elastiflow
      authentication_protocol: sha
      authentication_passphrase: efauthpassword
      privacy_protocol: des
      privacy_passphrase: efprivpassword
  device_groups:
    - cisco_c1000
  max_concurrent_polls: 4
```

**When using the defaults:**

```yaml
example2.elastiflow.com:
  ip: 192.0.2.2
  version: 3
  v3_credentials:
    - username: elastiflow
      authentication_protocol: sha
      authentication_passphrase: efauthpassword
      privacy_protocol: des
      privacy_passphrase: efprivpassword
  device_groups:
    - cisco_c1000
```

### Global Device Defaults

The location of the global default device definition file is specified by `EF_INPUT_SNMP_DEFAULTS_DIRECTORY_PATH` in the collector's configuration options. The file in this directory must be named `device.yml`. The default location is `/etc/elastiflow/snmp/defaults`. This file will apply default values to every device definition where values are not provided (except the `ip` field).

#### Device Defaults Example

**Defaults file:**

```yaml
default:
  port: 200
  timeout: 4000
  retries: 4
  exponential_timeout: true
  version: 2c
  communities:
    - sith
    - lord
  device_groups:
    - generic
  poll_intervals:
    dynamic: 60
    active: 300
    stable: 3600
    immutable: 86400
  max_oids: 64
  max_concurrent_polls: 5
```

**Device file:**

```yaml
mydevice:
  ip: 192.0.2.1
```

**Resulting definition:**

```yaml
mydevice:
  ip: 192.0.2.1
  port: 200
  timeout: 4000
  retries: 4
  exponential_timeout: true
  version: 2c
  communities:
    - sith
    - lord
  device_groups:
    - generic
  poll_intervals:
    dynamic: 60
    active: 300
    stable: 3600
    immutable: 86400
  max_oids: 64
  max_concurrent_polls: 5
```

### Configuration Attributes

#### ip

The IP address of the device to which SNMP requests will be sent.

EXAMPLE: `ip: 192.0.2.2`

#### port (optional)

The UDP port on which the device listens for SNMP requests.

* Default
  * `161`

#### poll\_intervals (optional) <a href="#device_poll_intervals" id="device_poll_intervals"></a>

{% hint style="info" %}
Introduced in NetObserv `7.22.0`
{% endhint %}

This configuration parameter allows for device-specific overrides of the per object type `poll_interval` values defined in `/etc/elastiflow/snmp/default/object_types.yml`.

The duration, in seconds, between SNMP polling cycles.&#x20;

The default, NetObserv SNMP object types are defined in `/etc/elastiflow/snmp/default/object_types.yml` as follows:

* `dynamic`
  * Highly volatile metrics and critical operational states. Use for data requiring near high granularity or immediate alerting.
  * Examples: ifInOctets/ifOutOctets (traffic counters), CPU utilization.
  * Default: `60`
* `active`
  * Routine metrics that fluctuate regularly but do not require high granularity tracking.
  * Examples: Environmental sensors (temperature/fans), connection counts, active processes.
  * Default: `300`
* `stable`
  * Slow-moving data and logical topology states that change infrequently. Use for heavy tables that are too expensive to poll frequently, but change often enough to need regular tracking
  * Examples: LLDP neighbor tables and ARP caches (ipNetToMediaTable).
  * Default: `3600`
* `immutable`
  * Static inventory and administrative metadata that rarely, if ever, changes. Use for physical hardware tracking and system-level settings.
  * Examples: entPhysicalTable (serial numbers, hardware models), firmware versions.
  * Default: `86400`

The following is an example of how these values can be overridden for a specific device using this `poll_intervals` parameter in the device's configuration.

Example:

```yaml
mydevice:
  ip: 192.0.2.1
  poll_intervals:
    active: 300
    immutable: 3000
```

#### poll\_interval (optional)

{% hint style="info" %}
In version `7.22.0` the ability to specify polling intervals per object type was added. NetObserv `7.22.0` is preloaded with the types as explained above for `poll_intervals`. When present `poll_intervals` will be used, rather than `poll_interval`.

See [/pages/J7nIU3p3GzF3LhPE3mqm#id-7.22.0-mar-20-2026](https://docs.elastiflow.com/snmpcoll/configuration/pages/J7nIU3p3GzF3LhPE3mqm#id-7.22.0-mar-20-2026 "mention")
{% endhint %}

The duration, in seconds, between SNMP polling cycles. This will only apply to SNMP objects which do not have a `type` defined.

* Default
  * `60`

#### timeout (optional)

The time to wait, in milliseconds, for a response to an SNMP request.

* Default
  * `3000`

#### retries (optional)

The number of times to retry a failed SNMP request before the task is cancelled.

* Default
  * `2`

#### exponential\_timeout (optional)

Defines whether the timeout interval should remain static (`false`) for each retry, or increase exponentially (`true`).

* Default
  * `false`

#### version

Specifies the SNMP version to use when polling this device. Valid values are:

* Valid Values
  * `1`, `2c`, `3`

#### communities

If `version` is `1` or `2c` a list of communities **must** be provided. The collector will attempt to find a valid community from the list and will use that community for all subsequent polls.

EXAMPLE:

```yaml
communities:
  - public
  - elastiflow
```

#### v3\_credentials

If `version` is `3` a list of SNMPv3 credentials **must** be provided. The collector will attempt to find valid credentials from the list and will use those credentials for all subsequent polls.

EXAMPLE:

```yaml
v3_credentials:
  - username: elastiflow
    authentication_protocol: sha
    authentication_passphrase: efauthpassword
    privacy_protocol: des
    privacy_passphrase: efprivpassword
```

**username**

The username used to authenticate with the device using SNMPv3.

**authentication\_protocol**

The authentication protocol used to authenticate the username with the device using SNMPv3.

Options include: "noauth" "md5" "sha" "sha128" "sha224" "sha256" "sha384" "sha512"

**authentication\_passphrase**

The authentication passphrase used to authenticate the username with the device using SNMPv3.

**privacy\_protocol**

The privacy protocol used to encrypt SNMPv3 traffic between the SNMP input and the device.

Options include: "nopriv" "des" "aes" "aes192" "aes256" "aes192c" "aes256c"

**privacy\_passphrase**

The privacy passphrase used to encrypt SNMPv3 traffic between the SNMP input and the device.

#### device\_groups

Defines a list of [Device Groups](/snmpcoll/configuration/snmp-definition-files/def_device_groups.md) which the Device may implement.

#### max\_concurrent\_polls (optional)

The maximum number of concurrent polls that can be performed against this device. This is useful for throttling or increasing the number of concurrent polls to a device depending on the device's capabilities.

* Default
  * `4`

#### cisco\_qos\_enabled (optional)

Defines whether the device supports Cisco QoS MIBs and signals to the collector to enable enrichment of QoS policy data.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.elastiflow.com/snmpcoll/configuration/def_devices.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.