Skip to main content

Overview

NMIS provides a powerful SNMP monitoring engine that collects performance and availability data from network devices. The system supports all SNMP versions and provides flexible configuration for polling intervals, authentication, and data collection.

Multi-Version Support

Full support for SNMPv1, SNMPv2c, and SNMPv3 with automatic fallback

Secure Authentication

SNMPv3 with MD5/SHA authentication and DES/AES encryption

Efficient Polling

SNMP GETBULK operations and configurable polling intervals

Flexible Collection

Model-driven data collection for hundreds of device types

SNMP Version Support

SNMPv1 and SNMPv2c

Basic SNMP versions using community strings for authentication: 
# From Snmp.pm:31-45
package NMISNG::Snmp;
our $VERSION = "2.0.0";

use NMISNG::MIB;
use Net::SNMP qw(oid_lex_sort);

# SNMPv3 support requires:
use Crypt::DES;
use Crypt::Rijndael;
use Digest::MD5;
use Digest::HMAC;
use Digest::SHA;
Community Strings: These are essentially passwords transmitted in clear text (v1) or with weak obfuscation (v2c). SNMPv3 is strongly recommended for production environments.

SNMPv3 with Authentication and Privacy

NMIS supports secure SNMPv3 with multiple authentication and privacy protocols: Authentication Protocols:
  • MD5: Message Digest 5 algorithm
  • SHA: Secure Hash Algorithm (SHA-1)
  • SHA-224, SHA-256, SHA-384, SHA-512: Enhanced SHA variants
Privacy Protocols:
  • DES: Data Encryption Standard (56-bit)
  • AES: Advanced Encryption Standard (128-bit, 192-bit, 256-bit)
# From Node.pm:103-143 - Password encryption support
if ($self->{encryption_enabled}) {
    my $changed = 0;
    if (defined($self->{_configuration}->{community}) && 
        substr($self->{_configuration}->{community}, 0, 2) ne "!!") {
        $self->{_configuration}->{community} = NMISNG::Util::encrypt($self->{_configuration}->{community});
        $self->_dirty(1, 'community');
        $changed = 1;
    }
    if (defined($self->{_configuration}->{authpassword}) && 
        substr($self->{_configuration}->{authpassword}, 0, 2) ne "!!") {
        $self->{_configuration}->{authpassword} = NMISNG::Util::encrypt($self->{_configuration}->{authpassword});
        $self->_dirty(1, 'authpassword');
        $changed = 1;
    }
    if (defined($self->{_configuration}->{privpassword}) && 
        substr($self->{_configuration}->{privpassword}, 0, 2) ne "!!") {
        $self->{_configuration}->{privpassword} = NMISNG::Util::encrypt($self->{_configuration}->{privpassword});
        $self->_dirty(1, 'privpassword');
        $changed = 1;
    }
}
NMIS can optionally encrypt stored SNMP credentials. Enable global_enable_password_encryption in configuration to protect community strings and SNMPv3 passwords.

SNMP Configuration

Node SNMP Properties

Each node can be configured with specific SNMP parameters:
version
string
default:"snmpv2c"
SNMP version: snmpv1, snmpv2c, or snmpv3
community
string
default:"public"
SNMP community string for v1/v2c
port
number
default:"161"
SNMP port number
timeout
number
default:"3"
SNMP request timeout in seconds
retries
number
default:"2"
Number of retry attempts
max_msg_size
number
default:"16384"
Maximum SNMP message size in bytes
max_repetitions
number
default:"0"
GETBULK max-repetitions (0 = auto)

SNMPv3 Authentication Parameters

username
string
SNMPv3 username (security name)
authprotocol
string
default:"md5"
Authentication protocol: md5, sha, sha224, sha256, sha384, sha512
authpassword
string
Authentication password (minimum 8 characters)
authkey
string
Pre-computed authentication key (alternative to password)
privprotocol
string
default:"des"
Privacy protocol: des, aes, aes192, aes256
privpassword
string
Privacy password (minimum 8 characters)
privkey
string
Pre-computed privacy key (alternative to password)

Configuring SNMP with CLI

SNMPv2c Configuration

# Set SNMP community for a node
nmis-cli act=set node=router1 community=mycommunity

# Configure SNMP version and port
nmis-cli act=set node=switch1 version=snmpv2c port=161 community=readonly

# Set timeout and retries
nmis-cli act=set node=device1 timeout=5 retries=3

SNMPv3 Configuration

# Configure SNMPv3 with authentication only (authNoPriv)
nmis-cli act=set node=router2 \
  version=snmpv3 \
  username=nmisuser \
  authprotocol=sha \
  authpassword="MySecurePass123"

# Configure SNMPv3 with authentication and privacy (authPriv)
nmis-cli act=set node=switch2 \
  version=snmpv3 \
  username=nmisuser \
  authprotocol=sha256 \
  authpassword="MyAuthPass123" \
  privprotocol=aes256 \
  privpassword="MyPrivPass456"

# Configure SNMPv3 without authentication (noAuthNoPriv)
nmis-cli act=set node=testdev \
  version=snmpv3 \
  username=publicuser

Polling Engine

Polling Intervals

NMIS uses configurable polling intervals based on polling policies:
  • Default Policy: Standard 5-minute polling intervals
  • Custom Policies: Define specific intervals per device or group
  • Priority Polling: More frequent polling for critical devices
  • Off-Hours Polling: Reduced polling during maintenance windows
# From Node.pm:203-207
# Set default polling policy if none was given
$configuration->{polling_policy} ||= "default";

Polling Process

  1. Update Cycle: Collect system information and catchall data
  2. Collect Cycle: Gather interface statistics and performance metrics
  3. Services Cycle: Check service availability and response times
  4. Threshold Cycle: Evaluate thresholds and generate events
Polling is managed by the nmisd daemon which schedules and executes collection jobs based on node configurations and polling policies.

Data Collection

Model-Driven Collection

NMIS uses model files to define what data to collect from each device type. Models specify:
  • OIDs to query
  • Data sources (DS) for RRD storage
  • Graphing parameters
  • Threshold definitions

SNMP Operations

The SNMP engine supports multiple operation types: 
# Single value retrieval
$snmp->get('sysDescr.0');
$snmp->get('ifOperStatus.1');

Collected Data Types

NMIS collects various metrics via SNMP: System Information:
  • sysUpTime, sysName, sysLocation
  • sysDescr, sysObjectID, sysContact
Interface Metrics:
  • ifOperStatus, ifAdminStatus
  • ifInOctets, ifOutOctets (traffic)
  • ifInErrors, ifOutErrors
  • ifInDiscards, ifOutDiscards
Performance Data:
  • CPU utilization
  • Memory usage
  • Disk space
  • Environmental sensors (temperature, fans, power)
Protocol Statistics:
  • IP forwarding statistics
  • TCP/UDP connection counts
  • Routing protocol neighbors
  • QoS/CBQoS metrics

SNMP Session Management

# From Snmp.pm:46-78
sub new {
    my ($class, %arg) = @_;
    
    my $self = bless({
        # State variables
        session => undef,
        error => undef,
        name => $arg{name},
        actual_version => undef,
        actual_max_msg_size => undef,
        
        # Config variables
        config => {},
        
        # Internal linkage
        _nmisng => $arg{nmisng},
    }, $class);
    
    return $self;
}

# Check if session is open
sub isopen {
    my ($self) = @_;
    return ($self->{session}? 1 : 0);
}

Testing SNMP Connectivity

Using nmis-cli

# Test SNMP connectivity
nmis-cli act=test-snmp node=router1

# Test with debug output
nmis-cli act=test-snmp node=switch1 debug=9

# Test specific OID
nmis-cli act=snmpget node=device1 oid=sysDescr.0

# Walk SNMP table
nmis-cli act=snmpwalk node=device1 oid=ifTable

Using snmpwalk Command

# Test SNMPv2c
snmpwalk -v2c -c public 192.168.1.1 sysDescr

# Test SNMPv3 with authentication
snmpwalk -v3 -l authNoPriv \
  -u nmisuser -a SHA -A "MyAuthPass123" \
  192.168.1.1 sysDescr

# Test SNMPv3 with auth and privacy
snmpwalk -v3 -l authPriv \
  -u nmisuser -a SHA -A "MyAuthPass123" \
  -x AES -X "MyPrivPass456" \
  192.168.1.1 sysDescr

SNMP Error Handling

# From Snmp.pm:186-200
sub checkResult {
    my ($self, $result, $inputs) = @_;
    if (!$self->{session}) {
        $self->{error} = "No session open, cannot check result!";
        $self->nmisng->log->error("No session open!");
        return undef;
    }
    
    $self->{error} = $self->{session}->error;
    return 1 if (defined $result);
}
Common SNMP errors and resolutions:
ErrorCauseResolution
No response from deviceTimeout, unreachableCheck network, firewall, SNMP enabled
Authentication failureWrong credentialsVerify community/SNMPv3 settings
Unknown object identifierInvalid OIDCheck MIB support on device
PDU too largeMessage size exceededReduce max_msg_size or max_repetitions

Performance Optimization

GETBULK Optimization

For SNMPv2c and SNMPv3, use GETBULK for efficient table retrieval: 
# Configure GETBULK parameters
nmis-cli act=set node=switch1 max_repetitions=20

# Disable GETBULK for problematic devices
nmis-cli act=set node=olddevice max_repetitions=0

Timeout Tuning

# Increase timeout for slow devices
nmis-cli act=set node=wan-router timeout=10 retries=2

# Decrease for fast local devices  
nmis-cli act=set node=local-switch timeout=2 retries=1

Security Best Practices

  1. Use SNMPv3: Always prefer SNMPv3 with authentication and privacy
  2. Strong Passwords: Use minimum 8 characters, complex passwords
  3. Enable Encryption: Set global_enable_password_encryption=true
  4. Restrict Access: Configure SNMP ACLs on devices to limit source IPs
  5. Use Strong Algorithms: Prefer SHA-256/AES-256 over MD5/DES
  6. Regular Rotation: Periodically change SNMP credentials
  7. Read-Only Access: Use read-only community strings or users

Troubleshooting

Common Issues

Polling Failures: 
# Check node reachability
ping 192.168.1.1

# Test SNMP manually
snmpget -v2c -c public 192.168.1.1 sysUpTime.0

# Review NMIS logs
tail -f /usr/local/nmis9/logs/nmis.log | grep SNMP
Slow Polling:
  • Reduce max_repetitions for GETBULK
  • Increase timeout values
  • Check network latency
  • Review model file complexity
Authentication Errors:
  • Verify credentials match device configuration
  • Check SNMPv3 engine ID synchronization
  • Test with snmpwalk before configuring NMIS

Next Steps

Performance Data

Learn about time-series data storage and RRD configuration

Event Management

Configure alerts and notifications for SNMP polling issues

Build docs developers (and LLMs) love

Get started for freeTalk to us