Forum Discussion

Antony_Hawkins's avatar
7 years ago

Pick one from multiple snmp community strings

If you have multiple snmp community strings within your environment but they're not consistent within any particular subset of devices, you might want to add them as a list and have LogicMonitor decide which one works for any given device.

This proof-of-concept DataSource lets you do that.

You'll need an API user within your LogicMonitor account, and that user will need rights to manage all devices (or at least, all that you may need to apply this method to). For that user you'll need to create an API token ID/Key pair; these values should be set at in your device tree as the values of properties apiaccessid.key and apiaccesskey.key - ideally at the root level but certainly, again, to apply to any device you want the DataSource to apply to.

You'll also need to create a third device property, snmp.communities.pass, whose value should be a comma separated list of your possible community strings, with no extraneous space - e.g. communityString1,snmpStringForMonitoring,m0n1t0r1n6,communityRO. This value can be set globally and/or at subgroup levels as appropriate. Be aware that each incorrect community string will add a few seconds to the script execution time, as each one has to time out, so large lists and high-frequency polling intervals could cause problems. Be sensible, and limit the content of snmp.communities.pass to only the values that will exist within the groups it's being set for.

This DataSource will apply to any device that has or inherits snmp.communities.pass, and *either* has no system.sysinfo *or* is known to be an SNMP device. This means the script will test the various community strings against any device that is as yet not identified, or has previously responded to SNMP (but possibly no longer is).

The script will attempt to get SNMP data from the Interfaces table of the device, as the vast majority of SNMP devices reveal this data.

If the configured snmp.community value works, no action is taken.

If snmp.community doesn't work, but exactly one of the other options in snmp.communities.pass does, then the API is called and the 'correct' community string is added to the Device.

The DataSource will run this check every 5 minutes (which can of course be altered) such that any changes to the SNMP community string of the actual device can be caught and the Device in LogicMonitor updated, provided the new community exists in the csv list you've defined.

*Important:* As with any .pass, .password, .key, or snmp.community property, the value shown in the UI will be obscured as eight stars or blobs. You *cannot* simply add further text to the existing stored string; if you need to add another value to the csv list you will have to replace the whole list.

E.g. If you store 'communityString1,snmpStringForMonitoring' in snmp.communities.pass, then want to add m0n1t0r1n6 and communityRO later, you cannot simply edit the field and paste ',m0n1t0r1n6,communityRO' onto the blobs - that would save as '********,m0n1t0r1n6,communityRO'. You'd have to delete the blobs and paste in 'communityString1,snmpStringForMonitoring,m0n1t0r1n6,communityRO' (without the quotes).

*More Important:* Note that by adding the apiaccessid.key and apiaccesskey.key properties into your account, other DataSources could equally make use of their rights. Clearly, you will already have limited access into the Settings area of LogicMonitor such that only trusted users can create or modify LogicModules, or access the Collectors, using LogicMonitor's RBAC abilities.

v1.0.0: GWHLED

  • Note also, this won't work when e.g. adding devices via the wizard, as this only checks the set snmp.community property. However, if you add devices via a netscan, or via the API / automation integration, or using the manual 'expert' mode, the devices will be added as normal, the DataSource will apply as necessary, and the correct community string will be set within a few minutes of addition.

  • Thank you for this.. I was kicking around ideas to figure this out but you beat me to it! :D