14 Replies Latest reply on Aug 23, 2017 1:22 PM by optwpierce

    SNMP credentials

    optwpierce

      SO, I have been using Solarwinds for a few years now.  Just started a new job and the company had Solarwinds set up but had not really updated it in the last two years.  I am working through attempting to bring the system back up to speed.

       

      One of the things that was never done was standardizing on usernames for SNMP v3 usernames and passwords.  Even the encryption technologies are different for the same username in some cases.

       

      My question, is there a why I can take a node that is currently monitored (Lets say by ICMP) with a lot of custom properties and just scan that against all of the saved SNMPv3 credentials without manually having to go into each node and clicking "Test" on each username?

       

      Thanks

        • Re: SNMP credentials
          d09h

          Create a network sonar discovery with all nodes/ all credentials you are concerned with.

           

          See any issues with that solution?  Any reason that wouldn't work for you?

          • Re: SNMP credentials
            optwpierce

            I do not want to create new nodes.  They have placed a lot of information into custom properties and they use dynamic groups from that information for alerting.  So I did not want to change that information.  As long as Sonar will not change the custom properties to default, that should work.

              • Re: SNMP credentials
                d09h

                You wouldn't have to proceed all the way through with onboarding disovered nodes.  From the discovery results, you will know which ones worked and which ones didn't.  If you know it worked on devices A, D, F, and G, then change those from ICMP monitoring to SNMPv3 using the discovery credentials.  Leave devices B,C,E and anything else that didn't get discovered by the SNMP discovery out of your list of devices to edit/ change polling method/ credentials. It is not necessary to import any of the devices discovered.  The discovery is just handling the en masse test you described (since faster than a point-click-test node-by-node).

                  • Re: SNMP credentials
                    mesverrum

                    The discovery does not create new nodes or change your custom properties, it would just automatically change the polling method if it finds a successful cred.  I use this technique all the time with clients who have a large number of unknown devices.

                • Re: SNMP credentials
                  optwpierce

                  This did not work.  I ran the Discovery.  But when I went to import it, it did not tell me which SNMP credentials had works.  So I took a chance and took a picture of the Custom settings of one system and ran the import on that system.  I got back "Import Status: skipped, already exists in Orion DB".  Any ideas?

                   

                  There are 23 different SNMP credentials and over 250 nodes which need updating.  This is why I am looking for other ways.

                   

                  Thanks

                    • Re: SNMP credentials
                      d09h

                      If you know that certain nodes did work, and you know which SNMP credentials you used in the discovery, you can deduce which credentials work for which nodes.  If you did 23 discoveries of the same nodes and each discovery had unique SNMP credentials, that would be one way to handle this.

                      • Re: SNMP credentials
                        cjfranca

                        Check  configurates hardware database server and Orion server.

                         

                         

                         

                         

                        Sem mais.Claudia França

                         

                        2017-06-30 16:31 GMT-03:00 optwpierce <communityteam@solarwinds.com>:

                         

                        <http://thwack.solarwinds.com>

                        SNMP credentials

                         

                        reply from Bill Pierce

                        <https://thwack.solarwinds.com/people/optwpierce?et=watches.email.thread>

                        in Network Performance Monitor - View the full discussion

                        <https://thwack.solarwinds.com/message/368969?et=watches.email.thread#368969>

                         

                          • Re: SNMP credentials
                            d09h

                            Or for that matter, edit a  node, view source HTML, and find credentials in plain text there. I suppose I assumed no access or comfort digging around in database.  But this would work to show grouping by credentials (not in front of an installation now to verify all Node properties related to SNMPv3...ideally all SNMPv3 properties would follow SNMPv3Username in list below): Select * from Nodes ORDER BY SNMPv3Username, (...the rest of the SNMPv3 properties separated by commas...)

                             

                            You could also dump the whole Nodes table to a spreadsheet and do sorting there.  Sort by each SNMPv3 property.  It would achieve the same thing as a query to the nodes table with the query doing the sorting.

                          • Re: SNMP credentials
                            mesverrum

                            I ran into that with one client, in my lab and his lab running a discovery would update the nodes, but on his prod system it would only skip them.  Never did get a resolution about why his system had the unusual behavior.

                             

                            You can try this sql query in the database manager and see if it gives you what you need, you can export that out to a csv if it works.

                             

                            SELECT dn.ipaddress, dn.sysname, dn.hostname, dn.dns, dn.snmpversion, cp.name as [Credential Property], cp.Value

                            FROM [dbo].[DiscoveredNodes] dn

                            join dbo.credential c on c.id=dn.credentialid

                            join dbo.credentialproperty cp on c.id=cp.credentialid

                              • Re: SNMP credentials
                                optwpierce

                                I think this is getting off topic.  I am looking for a way to scan nodes that maybe have ICMP currently configured to see if they have SNMP configured.  Because I did not set up the devices and have no idea when or who did set them up, I need a way to scan through the 23 SNMP credentials that we have in order to change the polling method. 

                                In addition, it looks like there are some nodes that were set up with SNMP as the polling method but SNMP was never set to the correct credential, so it was just using the ICMP even though the polling method is listed as SNMP.  I need to find those items as well (Where the Credentials are incorrect).  There is not status to tell me that which I can find.

                                 

                                Thanks

                                  • Re: SNMP credentials
                                    mesverrum

                                    The report i gave looks at the discoveries you ran already and figures out which credentials were successful during the discovery, this will address your first issue of testing if SNMP credentials have been set on the ICMP nodes. 

                                     

                                    As I mentioned before, in what I would consider to be a "normal" environment running a discovery will allow you to automatically change the credential, but that doesn't seem to be behaving in your environment so you would need to take the results of the report and manually change the polling settings  for the nodes to match what the report shows.

                                     

                                    For the second point, i use this report to ID nodes that SNMP is no longer working for, it flags any node where the ICMP side of the polling is working but the SNMP isn't (typically due to bad credentials)

                                     

                                    select

                                    n.caption as [Node]

                                    ,n.detailsurl as [_linkfor_Node]

                                    ,'/Orion/images/StatusIcons/Small-' + n.StatusIcon AS [_IconFor_Node]

                                    ,n.ip_address as [IP Address]

                                    ,n.detailsurl as [_linkfor_IP Address]

                                    ,n.statusdescription as [Status Description]

                                    ,n.objectsubtype as [Collection Type]

                                    ,e.servername

                                    ,n.statcollection as [Interval]

                                    ,case when n.objectsubtype !='SNMP' then 'Not Used'

                                    when n.community='' then 'Not Used'

                                    else n.community

                                    end as [SNMPv2 Community]

                                    ,case when c.Name is null then 'Not Used'

                                    else c.Name

                                    end AS [WMI/SNMPv3 Credential]

                                    ,tolocal(n.lastsystemuptimepollutc) as [Last Stat Collection]

                                    ,tolocal(n.lastsync) as [Last Ping]

                                    ,daydiff(lastsystemuptimepollUTC,getutcdate()) as [Days Since Polled]

                                    ,'Edit' AS [Edit]

                                    , '/Orion/Nodes/NodeProperties.aspx?Nodes=' + ToString(n.NodeID) AS [_LinkFor_Edit]

                                    ,'/Orion/images/nodemgmt_art/icons/icon_edit.gif' as [_IconFor_Edit] 

                                     

                                    from orion.nodes n

                                    left JOIN Orion.NodeSettings ns ON n.NodeID = ns.NodeID and SettingName like '%Credential%'   

                                    left JOIN Orion.Credential c ON ns.SettingValue = c.ID   

                                    join Orion.Engines e on e.engineid=n.engineid

                                    where status<>'2'

                                    and status<>'9'

                                    and objectsubtype!='ICMP'

                                    and daydiff(lastsystemuptimepollUTC,getutcdate())>1

                                    --and ([Node] like '%${SEARCH_STRING}%' or [IP Address] like '%${SEARCH_STRING}%')

                                     

                                    Order by Lastsystemuptimepollutc

                                    2 of 2 people found this helpful
                                      • Re: SNMP credentials
                                        optwpierce

                                        Thank you.  I think this is as close as I am going to get.  I was able to use the second report you provided to find the nodes to search for.  Then added that information in to a discovery and used the first SQL statement you gave me to find the SNMP information (If there was any). 

                                         

                                        Thanks

                                      • Re: SNMP credentials
                                        skyblademonkey

                                        using SNMP sweep should give you what you want.

                                         

                                        Add all the Ip addresses you want to check into a file

                                        setup the 23 SNMP credentials you want to test

                                        scan the systems

                                        will get details from any server that responds to SNMP and the name of credentials it uses.