I'm in the middle of testing to see if we can monitor everything we need to monitor via Elastic Stack. Linux servers have been easy enough to deal with due to Beats, but our networking infrastructure has proven a bit more of a challenge. As far as I can tell, the best (possibly only) way is via SNMP.
To do that, the obvious tool in the Elastic Stack seems to be Logstash SNMP input plugin.
The thing is, I need to know which OID's to use.
Has anyone already solved this problem? Would you be willing to share?
Do you know of a good OID reference? Most of the sites I've found via Google on the subject have been difficult to navigate.
Our infrastructure is mostly Cisco. There are a few HP items thrown in there as well. When I talked to my coworker in charge of it, he listed a few ip addresses and what (I think) are model names that I could use to test with.
The names:
C9k2
N9K
CoreBB-Catylist
2960-ios
HP -Access Control
Another thought, is there a scanning tool that I could use to discover what OID's are available from our infrastructure? Something that would output the OID and what the data actually means.
Well, after much hassle, I finally am able to access snmp on the devices I'm testing.
Now I just need to figure out what OID's to use.
I found some slides on community.cisco.com that list some usful OIDs, but when I try 1.3.6.1.2.1.1.3 or 1.3.6.1.4.1.9.2.2.1.1.17 logstash throws an error.
A manual run of snmpwalk with both of those oid's against my target does return data.
I'm running logstash via docker-compose. Version 7.4.1.
nodename_logstash | {
nodename_logstash | "@version" => "1",
nodename_logstash | "iso.org.dod.internet.private.enterprises.9.2.2.1.1.17" => "error: no such instance currently exists at this OID",
nodename_logstash | "@timestamp" => 2019-11-07T00:54:23.170Z,
nodename_logstash | "iso.org.dod.internet.mgmt.mib-2.system.sysUpTime" => "error: no such instance currently exists at this OID",
nodename_logstash | "host" => "targetip"
nodename_logstash | }
Does that indicate that I need to import some MIB files?
The docs talk about having to convert them to another format. Any idea where I'd find the MIB files for Cisco stuff?
This reminds me that I meant to leave a comment before, not for you, but for future readers, that doing a walk once at a very high level like "1.3.6.1" will get a dump of what you can collect, so that you can start to review what might be useful.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.