(There is a question at the end of this story, stay with me!)
After much research I believe I've begun to understand the basics of SNMP. I always knew that an SNMP management system would consume data from a device (a potentially send data to devices too), but I had trouble understanding how to configure that setup.
I'm now using an SNMP management system, so it was time to figure it out. So I've delved into understanding MIBs and OIDs. As I see it, a vendor will put out an MIB for their product, which should contain product specific OIDs. The MIB is like a catalog of things that can be queried from the device, and the OIDs are the specific items that can be queried. (Please correct me if I'm misunderstanding.)
For instance, SonicWall may provide an MIB for a particular firmware for one of their Firwewalls. So if I wanted to monitor Max Connections available for that firewall, I would download the MIB from mysonicwall.com, import the MIB into an MIB Browser and look for an appropriate OID that corresponds to Max Connections. Then I can input that OID into my SNMP management system to monitor that metric.
All of this makes sense to me, hopefully I'm understanding it correctly. I find the process to be fairly clunky, especially when self describing API's exist nowadays, but hey SNMP was created in the 80s so I guess we work with what we have.
But where this understanding breaks down for me is when I perform and SNMP walk on my SonicWall. Doing the walk produces over 500 OIDs that are returned. But when I examine the MIB provided from SonicWall it only has a fraction of those OIDs listed. Is that because most of the OIDs discovered via the walk are not SonicWall specific, but rather generic industry standard OIDs?
Also, is there a decent way to get a report of ALL the data (be it sonicwall specific or industry standard) that my SonicWall can provide via SNMP? Like some tool I could punch in the data from the SNMP walk into and it can return what they all mean?
Also, if I have any holes in my understanding of SNMP, MIBs, and OIDs, I would welcome the feedback. Thanks!!!!
Best Answer
Okay, so here's what my SNMP research has turned up. I can't verify this is all 100% accurate, but I feel that I have a much better grasp on SNMP in general and hopefully this information will help someone who is just getting started.
First, SNMP seems to me to be a messy system. It was developed in the late 80s and there's just not a good alternative so I guess we work with what we've got.
SNMP is made up of 3 pieces: an SNMP management system, at least 1 network device, and a software agent on those network devices. For example, you might use Naigos or MaxFocus as an SNMP management system to query devices on your network like printers, switches, routers, etc. Those devices are all running little software components that were made by their manufacturers. Those software components basically produce a bunch of SNMP data based on how the device is functioning. For instance, a printer may produce data on it's toner levels, or a router might produce data on how many concurrent connections it currently is supporting. The SNMP management system can then query these devices for this info.
But how is it actually done? Well, some standards organizations put together MIBs back in the 80s to help with this. A MIB is basically a large data tree of SNMP attributes that can be queried. These standard MIBs cover a large amount of query-able attributes - from toner to network settings - but as you can imagine as new devices and technology has emerged they don't cover everything. So Manufacturers have produced product specific MIBs that help fill these gaps.
MIBs sound pretty great, but the reality is they seem to often be difficult to understand, and poorly written. Sometimes they are not written to proper spec so it becomes difficult to utilize them. That said, the general process for making use of a MIB to find out what items you can query on your device of choice (router, printer, etc) is this:
So after all my research I find that SNMP appears to me at least to be a very flawed and cumbersome system. But from what I've read it seems that at the very least, once you get it configured it tends to be reliable and speedy. I hope this information helps someone else who is just delving into the world of SNMP! Here's a further reference that I found helpful:
http://www.allthingsmax.com/2014/02/take-snmp-walk-creating-new-snmp-checks.html
UPDATE: I will add another tip here. When walking a devices OID values there are two different types of values you can possibly retrieve: scalar and tabular.
Tabular is used for devices that need to provide the same type of value for several components. For instance a router may have 9 ports on it. Each port has a different physical address or MAC address. this is represented by a table in a MIB.
Scalar is used for values that don't require a tabular layout.
THE IMPORTANT PART: Scalar values are always appended with a .0 and tabular values are appended with a number representing a specific device value. For instance on a router port 1 would likely be appended with .1, port 2 with .2, and so on. Then when you enter the OID into your SNMP management system, you need to make sure to include this last numeric character. For instance, ifPhysAddress = .1.3.6.1.2.1.2.2.1.6, but without appending a tabular value it will do you no good. This is similar for scalar values which will always need a .0 appended. A decent MIB browser should show you these append values when walking the device. ManageEngine's MIB browser does a good job of this. It format's it like so:
--Scalar values:
sysUpTime.0
sysContact.0
sysName.0
--Tabular values:
ifPhysAddress.1
ifPhysAddress.2
ifPhysAddress.3
...