BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
With all the data available on IT hardware performance, the simplicity of SNMP monitoring tools is their secret to success.
In IT, monitoring can be split into two areas: infrastructure and application monitoring. Infrastructure monitoring tracks performance on the network, server hardware, switches and other components. It identifies failed disks, full memory and similar problems. Application monitoring, on the other hand, observes how the company's web applications perform.
While distinct, these monitoring areas interrelate. Applications can be incredibly complex, so IT teams need some metric for performance. Typically, application administrators need to know what normal system performance looks like, so they can detect when there is a failure. While user experiences with application performance can be subjective, it's difficult to argue with monitoring data that machines collect.
To collect this data, monitoring tools must cover many diverse systems and configurations in an agnostic manner. This is where Simple Network Management Protocol (SNMP) monitoring tools come in.
Complex data requires simple collection
SNMP is an open and agnostic data collection system defined under RFC 3418 (version 3) that operates in a client/server configuration. The client exposes variables that the server side component of the application queries.
SNMP monitoring tools have an SNMP-compliant agent installed on the device or system it monitors. The installed agent uses a Management Information Base (MIB) descriptor to expose what data it can provide.
A network management system (NMS) then exposes and reads the data. These MIB files expose system variables from the hardware that the NMS queries. Available data depends on the hardware, but examples include uptime, network utilization, power draw and alert conditions. Data from SNMP monitoring is usually read-only, although some setups are configured differently.
Because SNMP is an open standard, most vendors -- Microsoft, APC, VMware, Cisco, Dell Technologies, Hewlett Packard Enterprise (HPE) -- provide MIB files with their hardware and software.
SNMP takes monitoring one step further using traps -- messages sent to the management server when something significant, such as a serious error condition, occurs. This functionality is in most hardware that supports lights-out operation, including Dell remote access card and HPE iLO Management Engine. The ability to use SNMP is built right into these systems, ready to be configured.
Custom comes at a cost
The alternative to using SNMP monitoring tools is to resort to writing custom scripts to interrogate the log files and try to catch all the errors and warnings and export them into the management system. That's an error-prone and time-consuming scenario.
Items in the management system are actioned as required, such as when it generates statistics or incident tickets.
SNMP monitoring tools can run automatic discovery on the network and interrogate devices to extract exposed data, which facilitates monitoring comprehensively across all devices.
Security conscious administrators might be concerned with exposing data, but SNMP comes with some rudimentary security features, such as community string authentication. Community strings are keys that allow access to integrate the data exposed from MIBs. There are read-only strings. Use automated data collection with caution and change the community strings from the manufacturers' default for some degree of security.
SNMP plus logs
Administrators can use log collection with SNMP to detect deviations from the norm. For example, Splunk, Loggly and other log collection software products aggregate log information and apply intelligent learning to highlight issues.
Log collection provides different information from SNMP and tends to be more application-specific. For example, log collection detects login failures at higher levels than what is normally expected, and sends that data to log servers.
Log servers either push or pull data, depending on the OS monitored. To choose a log monitoring setup, check the specific application or OS documentation for guidance.
Learn how to set up an SNMP monitoring environment
Potential dangers of an SNMP exploitation
Idempotency keeps systems in their desired state
IT automation scripts save time, money and effort