Detection of New SNMP SYSIDs

RGreene
Tera Expert

‎10-04-2023 06:35 AM

Is there a way to detect when discovery is encountering new SNMP SYSID OIDs?
I ask because if the SYSID OIDs are not setup discovery will try and use either the Router or Switch patterns.  This may get a device in to the CMDB but under the wrong class and not all the data will be collected. 

Example: One of my Companies groups started deploying a new type of Firewall several months ago.  I found out about it when the asked about the missing Firmware info.  It was discovered as a router, but the failover device was not discovered, and the firmware was not detected.  I added the new OID setup the table and classifier and now the device is discovered correctly.

Labels:
0 Helpfuls
  • 722 Views
2 REPLIES 2

Greg Hubbard1
Kilo Guru

‎10-05-2023 01:50 PM

Hi there,

I haven't done detailed work in discovery in a couple of years, but back in the day I learned that almost any SNMP device can be run through the Router discovery pattern and it will mostly work.  In fact, the only difference between Network Router and Network Switch was that the Network Switch pattern included a library to find out if the device was a "stack" switch.

 

I had a similar problem, and what worked for me was to examine the pattern log for the misclassified device to find out the OID value that it returns, and I looked for that OID is in the SNMP OID table.  If not, it can be added.  A "cheat" is to use a "starts with" match on a subset of the OID if you are sure that the everything that matches will be of a certain class.  A new product model from an established vendor can end up with a slightly different OID and this can cause the lookup in the OID table to fail.

However, you still might have trouble with getting serial numbers from your device even if it is classified correctly -- this is because serial numbers are often stored in vendor-specific places in their MIBs.  However, if all you need to do is add a new model to an established vendor, it might all work out.

Good luck!

Greg Hubbard

0 Helpfuls

RGreene
Tera Expert
In response to Greg Hubbard1

‎10-09-2023 10:02 AM

If the OID table does not have a Classifier setup Discovery will try to use the Router or Switch pattern to attempt to discover the device.   The Switch pattern, most of the time these days fails because a Serial Number is now required.
Basically, what I would like to know is when SNMP Discovery does not find the classifier and punts with either the router pattern or Switch pattern.

You mention looking at the Pattern Log looking for a misclassified device.  Is there some sort of telltale method to see these devices.  We scan 50K devices every other day, so manually scanning the logs would be a mind-numbing process.

Generally the way I find out about a new type of device is something is missing, because the wrong pattern was used.  The most often piece missing is the firmware version.  Firmware location is very pattern and class dependent. 

0 Helpfuls