Skip to content

Poller Configuration

Poller is a service which is responsible for querying SNMP devices using the SNMP GET, and the SNMP WALK functionality. Poller executes two main types of tasks:

  • Walk task - executes SNMP walk. SNMP walk is an SNMP application that uses SNMP GETNEXT requests to collect SNMP data from the network and infrastructure SNMP-enabled devices, such as switches and routers. It is a time-consuming task, which may overload the SNMP device when executed too often. It is used by the SC4SNMP to collect and push all OID values, which the provided ACL has access to.

  • Get task - it is a lightweight task whose goal is to query a subset of OIDs defined by the customer. The task serves frequent monitoring OIDs, like memory or CPU utilization.

Poller has an inventory, which defines what and how often SC4SNMP has to poll.

Poller configuration file

The poller configuration is kept in a values.yaml file in the poller section. values.yaml is used during the installation process for configuring Kubernetes values.

Poller example configuration:

poller:
  usernameSecrets:
   - sc4snmp-hlab-sha-aes
   - sc4snmp-hlab-sha-des
  logLevel: "WARN"
  inventory: |
    address,port,version,community,secret,security_engine,walk_interval,profiles,smart_profiles,delete
    10.202.4.202,,2c,public,,,2000,,,

NOTE: header’s line (address,port,version,community,secret,security_engine,walk_interval,profiles,smart_profiles,delete) is necessary for the correct execution of SC4SNMP. Do not remove it.

Define log level

The log level for poller can be set by changing the value for the key logLevel. The allowed values are: DEBUG, INFO, WARNING, ERROR. The default value is WARNING.

Define usernameSecrets

Secrets are required to run SNMPv3 polling. To add v3 authentication details, create the k8s Secret object: SNMPv3 Configuration, and put its name in poller.usernameSecrets.

Append OID index part to the metrics

Not every SNMP metric object is structured the way it has its index as a one of the field value. We can append the index part of OID with:

poller:
  metricsIndexingEnabled: true

So the following change will make this metric object (derived from the OID 1.3.6.1.2.1.6.20.1.4.0.0.443)

{
   frequency: 5
   metric_name:sc4snmp.TCP-MIB.tcpListenerProcess: 309
   mibIndex: 0.0.443
   profiles: generic_switch
}

out of this object:

{
   frequency: 5
   metric_name:sc4snmp.TCP-MIB.tcpListenerProcess: 309
   profiles: generic_switch
}

Configure inventory

To update inventory, see: Update Inventory and Profile.

inventory section in poller has the following fields to configure:

  • address [REQUIRED] - IP address which SC4SNMP should connect to collect data from or name of the group of hosts. General information about groups can be found on Configuring Groups page.
  • port [OPTIONAL] - SNMP listening port. Default value 161.
  • version [REQUIRED] - SNMP version, allowed values: 1, 2c or 3
  • community [OPTIONAL] - SNMP community string, filed is required when version is 1 or 2c
  • secret [OPTIONAL] - reference to the secret from poller.usernameSecrets that should be used to poll from the device
  • security_engine [OPTIONAL] - security engine ID required by SNMPv3. If not provided for version 3 it is autogenerated.
  • walk_interval [OPTIONAL] - interval in seconds for SNMP walk, default value 42000. This value needs to be between 1800 and 42000
  • profiles [OPTIONAL] - list of SNMP profiles used for the device. More than one profile can be added by semicolon separation eg. profile1;profile2. More about profiles in Profile Configuration
  • smart_profiles [OPTIONAL] - enabled smart profiles, by default it’s true. Allowed value: true, false.
  • delete [OPTIONAL] - flags which define if inventory should be deleted from scheduled tasks for WALKs and GETs. Allowed value: true, false. Default value is false.

Example:

poller:
    inventory: |
      address,port,version,community,secret,security_engine,walk_interval,profiles,smart_profiles,delete
      10.202.4.202,,2c,public,,,2000,my_profile1,,
      example_group_1,,2c,public,,,2000,my_profile2;my_profile3,,

Update Inventory

Adding new devices for values.yaml is quite expensive from the Splunk Connect for SNMP perspective. As it interacts with real, networking devices, it requires several checks before applying changes. SC4SNMP was designed to prevent changes in inventory task more often than every 5 min.

To apply inventory changes in values.yaml, the following steps need to be executed:

  1. Edit values.yaml
  2. Check if inventory pod is still running by the execute command:
microk8s kubectl -n sc4snmp get pods | grep inventory

If the command does not return any pods, follow the next step. In another case, wait and execute the command again until the moment when inventory job finishes.

If you really need to apply changes immediately, you can get around the limitation by deleting the inventory job with:

microk8s kubectl delete job/snmp-splunk-connect-for-snmp-inventory -n sc4snmp

After running this command, you can proceed with upgrading without a need to wait.

  1. Run upgrade command :
microk8s helm3 upgrade --install snmp -f values.yaml splunk-connect-for-snmp/splunk-connect-for-snmp --namespace=sc4snmp --create-namespace

NOTE: If you decide to change the frequency of the profile without changing the inventory data, the change will be reflected after next the walk process for the host. The walk happens every walk_interval, or on any change in inventory.