Navigating the SNMP tab

The SNMP Monitor software operates on monitor groups. These groups are displayed on the Messages > Adapters > SNMP tab. Each group is a partition consisting of a particular metric (OID), and a group of devices that this information is acquired from. You can have SNMP Monitors on the system with overlap between the polled objects and devices.

The SNMP Monitor title is hyperlinked to the list of polled devices and the most recently polled values for each device. You can click on the SNMP Monitor title to view all the devices being polled and last polled value. This provides an easy way to assess the nature of the monitor, including whether the threshold for the monitor is set inappropriately. The titles of each group typically represents the type of SNMP object that is being polled.

You can have a maximum of 2000 SNMP Monitors, each polling a maximum of 10,000 devices. In practice, the number of SNMP Monitors is much smaller. The larger the number of SNMP Monitors and polled devices, the slower the polling process because SNMP objects and devices are polled sequentially.

The system never polls faster than once every 60 seconds. The actual time to poll might be much larger, especially if there are many SNMP Monitors, each with many polled devices. The actual time of a single poll cycle is displayed in the lower left of the screen.

As part of the Windows installation, the SNMP tab is created in the Message > Adapters section of the BMC Defender web interface, that enables you to configure parameters associated with the SNMP Monitor. This tab is available only to BMC administrators. The following shows the screen:

snmp_tab.png

On the SNMP screen, you can add new monitor values. After you create a monitor value, the user can click Edit to modify the entry.

The SNMP tab provides the following parameters that are read by the CO-snmp.exe program:

  • SNMP Monitor Title—This is a short title that prefixes messages sent by the monitor background process as part of the syslog message. This value also appears on the top-level SNMP Monitor page, used to identify the nature and purpose of the monitor function quickly, usually the same as the MIB object that is being polled.
  • IP Addr / Group—This value identifies the device or list of devices polled by the background process. This value can be a single IP address, an IP address wildcard, or an Address Group defined in the Correlation > Config > Address Groups screen. If you specify an IP address wildcard the addresses listed in the Devices tab are polled if they match the wildcard value. The value of 0.0.0.0 disables polling on the system. For more details, see BMC-Defender-SNMP-Monitor-adapter-address-groups.
  • Read Community—This is the SNMP read community used by the monitor value. If a value other than Default is specified, then this is the value used as the read community when polling all devices in the specified group. If the value is the keyword Default, then the read community configured for each device is used. The default read community configured on the System > Parms screen is used if no specific read community is configured for a specific device.
  • Timeout / Retries—These settings provide control over the timeout and retry values of the polling process. The timeout is typically one second, and the retry value is typically under 3. Specifying a high value for timeout and retry might degrade the poll time for the specified SNMP Monitor. Adjust these values carefully.
  • SNMP Method—This setting is the method of getting SNMP values, either Get (default) or GetNext, or External. For more details, see SNMP-methods.
  • MIB Object OID—This is the SNMP identifier that is fetched from the SNMP object using a Get or GetNext request. This value is expressed in a standard SNMP dot-notation, prefixed by 1.3.6.1, corresponding to an MIB object supported on the system. For assistance on common MIB objects, click the MIB Object Help hyperlink in this field. The user can test an MIB object value, read community, and address by clicking Test of the system.
  • Monitor Type—This is the type of comparison to be made on the results of the MIB object poll. This value depends upon the type of MIB object:
    • Counter values are typically Delta type monitors, where the current value is subtracted from the previous value and scaled to provide counts per minute.
    • Gauge and Integer values are typically Abs (absolute) type monitors, where the value is directly compared to a threshold without scaling.
    • Textual objects are typically Change type monitors, where any change to the value is considered an event. 
    • Use the Timeout value to generate an event for the SNMP agent timeout.

For more details, see Monitor-types.

  • Monitor Threshold—This is the numeric threshold for the MIB object. If the monitor type is Timeout or Change, then this threshold value is ignored. Otherwise, the threshold represents counts per minute for Delta type monitors, and an absolute value for Abs type monitors.
  • Alert Message Severity—This is the severity of the message that is generated by CO-snmp.exe program when a threshold is violated. This is a standard syslog severity ranging from debug to emergency.
  • Alert Message—This is the actual content of the message that is sent by CO-snmp.exe process when a threshold is violated. The message consists of the Monitor Title as previously configured and the content. Make the value descriptive of the event and includes corrective action or remediation steps. You can include keywords that cause the message to be recorded in BMC Defender threads or to match triggers and actions.

Monitor status bar

At the bottom of the SNMP tab, beneath the list of SNMP Monitors, are metrics that indicate the progress and state of the CO-snmp.exe process. These metrics are updated at the end of each poll cycle, and provide the following information:

  • Poll duration—This is the time in seconds needed to poll all monitors on the system. The time is calculated at the end of each poll cycle and indicates the general load on the system. If the time is less than 60 seconds, then the CO-snmp.exe program waits until at least 60 seconds have elapsed before resuming polling. 
  • Number of objects polled—This is the total number of objects polled during the last cycle. It represents the total number of SNMP requests that the program issued during the last poll cycle. This number is equal to the number of SNMP Monitors multiplied by the total number of devices for each monitor. The value cannot be over 10,000.

  • Number of poll timeouts—This is the total number of poll timeouts during the last cycle. This indicates that an object cannot be fetched. This typically indicates that one or more devices are offline, or the read community of the device is changed or is misconfigured at BMC Defender. If this value is high, do one of the following:

    • Return the device to an online state.
    • Removing the device from the SNMP Monitor.
    • Change the read community of the managed device.

    You can click the SNMP Monitor title hyperlink to view which devices have timed out.

  • Number of poll errors—This is the total number of MIB object errors during the last cycle, indicating that the remote SNMP agent does not support the specified object. This indicates that the OID is misconfigured at BMC Defender, or that the managed device does not belong in the group.To address the problem, click the SNMP Monitor title hyperlink and remove the device or fix the MIB OID setting.
  • Number of poll cycles—This is the total number of poll cycles since the system started. This value increments each time a poll cycle is completed. This value, when divided by the system uptime of the BMC Defender Server, indicates the average time to poll all SNMP Monitor devices and objects.
  • Number of messages sent—This is the total number of syslog messages that were issued by the SNMP polling process to the BMC Defender Server since the system started. Use this to assess how busy the polling monitor is. The number corresponds to the total number of messages in the Messages tab (related to the SNMP poller).

Poll duration

Poll duration, found in the lower left of the SNMP tab, determines the polling performance of the CO-snmp.exe program. It indicates the total time to poll all the devices and MIB objects per cycle, taking into consideration network latencies, delays, timeouts, and retries.

Example
  • If Poll duration is 300 seconds, then the fastest any error condition is detected is once every five minutes.
  • If Poll duration is 3600 seconds, the fastest any error condition is detected is once an hour.

To reduce Poll duration and increase the polling screen, eliminate SNMP Monitors that are not in use, or reduce the number of devices polled by each monitor .

Loading the SNMP Monitor with many different MIB objects and devices, especially devices that do not support SNMP can increase Poll duration, reducing the effectiveness of the program to detect network conditions.

Example

If you set an address group to *.*.*.* (all devices) it can adversely affect the program's performance.

Poll duration is useful for setting the Alert interval when you open tickets on the system. When you configure correlation threads and alerts, set the Alert interval to be greater than the Poll duration setting to prevent multiple tickets from being opened for a single network condition.

This section provides information about the following topics:

Related topic

Using-BMC-Defender-SNMP-Monitor-adapter

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*