Help other users in the community to learn more about SNMP.
SNMP polls are by default based on port 161 UDP. Though, both port and protocol can be changed. In this case, the monitored element acts as a server, therefore opening that port. The monitoring solution acts as a client and polls performance metrics or configuration data by targeting OIDs in a MIB. Authentication is made through a community (~ password) or through more secured mechanisms in SNMP v3. In addition, this method can be used to do SNMP SET instead of GET to change OID values instead of just reading them.
In the case of SNMP traps, the monitoring solution acts as a server by listening on port 162 in UDP and the monitored elements send traps to it. Traps normally serve as a way to notify in real-time about events. Though, one major shortcoming is that for older versions, there is no ACK sent from the server. therefore, it's like sending a bottle to the sea. This is why on newer versions, SNMP traps are sent as Inform messages which support ACKs. But, generally, we use traps/inform in addition to polling as traps are a good source of information but it's more reliable to just poll the status data by yourself to ensure it's OK. Bonus, you can graph it and get availability percentage. Also, beware that every vendor implements traps (as well as the whole MIB!) in his own fashion... Severity isn't necessarily sent. Clears also
SNMP polls are queries sent from a monitoring application to a device using the available MIBs for the related devices. These are usually on a schedule say every 5 minutes. Traps are notifications sent from a device to a monitoring application trap receiver. As an example an interface goes down on a device a trap is sent from the device telling the monitoring application an interface just disconnected. To have a thorough monitoring deployment it is important that the monitoring application supports both.
SNMP polls are used to poll data from a system or application via SNMP get command. SNMP traps are events that are sent from a system to a trap receiver. E.g. in case a CPU is at 100% utilization an SNMP TRAP is sent to a TRAP receiver to indicate an event. SNMP traps are used for monitoring systems like Netcool, Tivoli, etc. to alert system engineers on an event.
SNMP GET is normally used to get statistics on a certain interval e.g. to check the CPU usage on a 5-minute interval or to get the memory usage from a system or application. A monitor system sends an SNMP Get command to a system to get the metrics.
Basically, the SNMP trap sends the event manager online and the survey depends on when the administrator is going to ask for the event status.
You can find a good explanation on this web site: https://www.dpstele.com/blog/snmp-poll-vs-snmp-trap.php
Hi peers,
Is it required for your company to conduct a security review before purchasing an infrastructure monitoring solution?
What are the common materials you use in the review?
Do you have any tips or advice for the community and any pitfalls to watch out for?