Description
This article describes how to test SNMP monitoring on a FortiSIEM Supervisor from the command line.
Scope
Solution
How to troubleshoot SNMP monitoring on a device.
Open an SSH session to FortiSIEM Supervisor
Go to the /opt/phoenix/bin directory and execute snmpbulkwalk.
#cd /opt/phoenix/bin
#snmpbulkwalk -v 2c –c <credentials> <ip> .
Output example:
SNMPv2-MIB::sysDescr.0 = STRING: Hardware: Intel64 Family 6 Model 44 Stepping 2 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.311.1.1.3.1.3
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (257668701) 29 days, 19:44:47.01
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: WIN-IIKW9EG1676
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 76
IF-MIB::ifNumber.0 = INTEGER: 15
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifIndex.4 = INTEGER: 4
IF-MIB::ifIndex.5 = INTEGER: 5
IF-MIB::ifIndex.6 = INTEGER: 6
IF-MIB::ifIndex.7 = INTEGER: 7
IF-MIB::ifIndex.8 = INTEGER: 8
IF-MIB::ifIndex.9 = INTEGER: 9
IF-MIB::ifIndex.10 = INTEGER: 10
IF-MIB::ifIndex.11 = INTEGER: 11
IF-MIB::ifIndex.12 = INTEGER: 12
IF-MIB::ifIndex.13 = INTEGER: 13
IF-MIB::ifIndex.14 = INTEGER: 14
IF-MIB::ifIndex.15 = INTEGER: 15
IF-MIB::ifDescr.1 = STRING: Software Loopback Interface 1
IF-MIB::ifDescr.2 = STRING: WAN Miniport (SSTP)
IF-MIB::ifDescr.3 = STRING: WAN Miniport (L2TP)
IF-MIB::ifDescr.4 = STRING: WAN Miniport (PPTP)
IF-MIB::ifDescr.5 = STRING: WAN Miniport (PPPOE)
IF-MIB::ifDescr.6 = STRING: WAN Miniport (IPv6)
IF-MIB::ifDescr.7 = STRING: WAN Miniport (Network Monitor)
...
If there is no response verify the following:
- SNMP community string syntax
- UDP port 161 is not being blocked somewhere between the FortiSIEM Supervisor and the target device
- SNMP agent isn't properly configured on .
#snmpbulkwalk -v 2c -c puc 172.16.22.134 .
Timeout: No Response from 172.16.22.134
To check target device is listening on port 161 enter the following command:
#nmap -p 161 <target ip>
For SNMP version 1 use this command syntax:
#snmpbulkwalk -v 1 –c <credentials> <ip> .
Example:
#snmpbulkwalk -v 1 -c snmppass 10.1.1.1
For SNMP version 3 use this command syntax:
#snmpbulkwalk –v 3 –u <user> -l <level> -a <authProto> -A <authPass> -x <privProto> -X <privPass> <ip> system
Example:
#snmpbulkwalk -v 3 -l authNoPriv -u snmpuser -A snmppass 10.1.1.1
To redirect the output to a file
#snmpbulkwalk –v 2c –c <cred> <ip> . > out.txt
Snmpbulkwalk is an open-source tool that FortiSIEM uses to pull SNMP data. You can refer to the following URL for information on this program and its options.
