Getting Custom Device Information from SNMP

Pro Tips #50

When scanning devices, once you enter in your network/SNMP credentials, you will undoubtedly get varying amounts of detail, depending on the type and configuration (or lack thereof) of the devices that you scan. While you could accept the data that is returned for the device and move on to other things, you can usually get more data if you dig a little deeper.

While Lansweeper scans using all standard MIBs (data hierarchies of device information, consisting of object identifiers, or OIDs), not all devices support them – and some use custom MIBs and OIDs unique to their equipment – resulting in missing information for the asset when you scan them.

SNMP in a Nutshell

SNMP (Simple Network Management Protocol) is a robust protocol that network devices use to send and receive everything that you ever wanted to know about the device, and even more of everything you ever didn’t want to know about the device. From identification (name/make/model/serial/OS/firmware) to interface statistics (MAC addresses, duplex/speed, traffic statistics, etc.) to error messages, page counts, consumable levels, device age, birthdate, favorite movies and hobbies, to sending triggered messages/data/alerts to other devices – this protocol does it all. If your network device has the capability of using the SNMP protocol, it can be categorized as a ‘Managed Device‘ if you’ve ever heard that before.

How does SNMP Work?

I won’t get into too much detail here, but basically, SNMP is like an API or an HTTP request, there’s a handful of basic commands that a device uses in conjunction with a ‘MIB,’ (Management Information Base) a tree-like organization of data that consists of data markers called OIDs (Object Identifiers).

(For more on SNMP, MIB, and OID, here’s a great blog article: SNMP MIB: The File That Powers All SNMP Communication )

Fortunately, Lansweeper has a powerful feature that allows you customize the SNMP requests to devices to obtain the missing information you need: Custom OID Scanning.

A Small-Office Brother Printer that is Missing the Firmware Version

In this example, I have a brother small-business multi-function printer, which I’m actually surprised supports SNMP given that it’s mostly an enterprise or higher-priced function. The only issue is, it’s missing a critical piece of information that I’d like to know, in order to ensure my printer works properly and doesn’t turn into a launchpad for a cyber-attack: the firmware version.

The first thing I did, as usual, is to google if it has a vendor-provided .MIB file that I can look through with a browser. In this case, the main site tells me to reach out to them for it, but I’m impatient, so I grab it from the Observium MIB Database site:

Now I can upload the file to the ‘MIB Importer’ which adds the MIB to Lansweeper’s library to use:

Searching the library for ‘Brother’ as looking for ‘Firmware’ returns a ton of records that don’t apply to this printer. From here, you can look for ‘firmware’ by doing a regular ‘Find’ on the webpage from the browser search function:

Now you could throw those OID’s into the scanning OID targets, but I don’t really know if any of those apply. Here’s where doing an SNMPWALK comes in handy.

Sometimes You have to SNMPWALK before Things Run:

Sometimes things aren’t as straightforward – either you can’t find a MIB or any supporting information, or you browse a MIB in the MIB Browser and come up empty-handed. In these scenarios, it’s best to do what is called an ‘SNMPWALK’ – which is like the Lansweeper Device Tester tool, but traverses through the hierarchy and returns all the data that the device contains.

You can google for a free SNMPWALK application (or ‘MIB Browser’) and find a variety of tools from different vendors – in this case, I chose the iReasoning MIB Browser – but feel free to choose another application (normal warnings apply – be careful when installing unknown applications)

The first thing I do is load the MIB file from Brother:

Next, I entered in the IP address and SNMP credentials (in the options menu for this application) and then told it to ‘Walk’:

This returned a ton of information – line after line after line of things. Fortunately for me, the SNMP ‘Description’ OID that Lansweeper scans had the firmware version of ‘Z’ stated in it, else I’d have to google and figure out the firmware format that the vendor’s device uses and look for something that matches in the results.

Searching the results for ‘Z’ returned shows me the OID that I need to scan, as the data returned is simply ‘Z’ so it had to be it.

Now that I have the OID entry, I can add it to the ‘OID Scanning Targets’ and tell it to scan for the asset type of ‘Printer’ and the Manufacturer of ‘Brother Industries, Ltd.’ which is what was returned from scanning it with Lansweeper.

Now I have the firmware that I can report on.

Reporting Tips for Custom OIDs

The built-in report ‘OID Lookup: All Scanned OIDs’ will quickly show you all scanned custom OIDs for your devices that contain them.

If you would like to add a single OID to a report, and not get multiple records for an asset if they have multiple OIDs, you can JOIN on the table via an ‘embedded select.’

Left Outer Join (Select tblAssets.AssetID, 
tblOIDData.Data As Brother_Firmware 
From tblAssets 
Inner Join tblOIDData On tblAssets.AssetID = tblOIDData.AssetID 
Where tblOIDData.[Key] = '1.3.6.1.4.1.1240.2.3.4.1.4.0') 
As brother_firmware_oid On tblassets.AssetID = brother_firmware_oid.AssetID

In this case, I just want to get the data for the OID ‘1.3.6.1.4.1.1240.2.3.4.1.4.0’ which is the firmware OID for the Brother Printer- and add it to a simple printer report.

Select Top 1000000 tblassets.AssetID,
  tblassets.AssetName,
  tsysassettypes.AssetTypename,
  tsysassettypes.AssetTypeIcon10 As icon,
  tblassets.IPAddress,
  brother_firmware_oid.Brother_Firmware,
  tblassets.Lastseen,
  tblassets.Lasttried
From tblassets
  Inner Join tblassetcustom On tblassets.AssetID = tblassetcustom.AssetID
  Inner Join tsysassettypes On tsysassettypes.AssetType = tblassets.Assettype
  Left Outer Join (Select tblAssets.AssetID,
      tblOIDData.Data As Brother_Firmware
    From tblAssets
      Inner Join tblOIDData On tblAssets.AssetID = tblOIDData.AssetID
    Where tblOIDData.[Key] = '1.3.6.1.4.1.1240.2.3.4.1.4.0') As
  brother_firmware_oid On tblassets.AssetID = brother_firmware_oid.AssetID
Where tblassetcustom.State = 1 And tsysassettypes.assettypename = 'Printer'

Now, your asset report now has the custom data that you need:

Lansweeper Sites (Cloud)’s Reporting Section Makes reporting on OID’s Easy

While all of these SNMP features reside in the on-prem (Classic) version, should you take the hybrid setup and link cloud to on-prem, you can report on the OID’s in a much easier fashion – simply modify an existing report, or make a new asset report to return the OID information – it’s much easier then doing the above SQL query:

SNMP scanning for information is never perfect – there will be missing information at times due to either looking for non-standard information, or due to a device not conforming or providing the standard information in the first place… but with a little bit of effort, and using Lansweeper’s OID Import, Library, Custom OID scanning, and powerful reporting, you can find exactly what you need to actually turn network devices into proper ‘Managed’ ones.