Windows 2016 SNMP Network Card Monitoring

Started by Carl Green, September 03, 2019, 11:32:53 PM

Previous topic - Next topic

Carl Green

Hi

I have a remote Windows 2016 Server sitting on a different WAN connection to that of the NetXMS Server and thought the easiest option for monitoring the Network traffic was to setup SNMP service on the remote Windows 2016 server and then use NetXMS Data Collection to get the following values:

Inbound traffic on ethernet (bytes/sec)
Outbound traffic on ethernet (bytes/sec)

But on clicking OK the alarm browser records this event twice and then the ethernet interface shows a red icon in the console:

Status of DCI 335 (SNMP: .1.3.6.1.2.1.31.1.1.1.10.2) changed to UNSUPPORTED
Status of DCI 334 (SNMP: .1.3.6.1.2.1.31.1.1.1.6.2) changed to UNSUPPORTED

Currently running on v2.2.10 and know I am a few versions out of date.

The same setup on a hardware firewall works fine.

Any pointers in where I am going wrong?

Thanks

Carl

Tursiops

If I understand that correctly, the Windows server and the NetXMS server are on different networks.
How is the NetXMS server connecting to the Windows server for SNMP polls?
Is there a route to allow direct SNMP polls, a port forward through a router/firewall or are you using a proxy?
Is SNMP Polling enabled for the Windows server? Is the SNMP service running and configured to allow the polls (I believe by default the service will only allow queries from 127.0.0.1)? Does a Configuration Poll confirm that the NetXMS server can poll SNMP on the server at all?

Carl Green

If I understand that correctly, the Windows server and the NetXMS server are on different networks.
Correct

How is the NetXMS server connecting to the Windows server for SNMP polls?
NetXMS is polling WAN IP which is NAT'd on UDP 161 to remote Windows 2016 server firewall.

Is there a route to allow direct SNMP polls, a port forward through a router/firewall or are you using a proxy?
Correct

Is SNMP Polling enabled for the Windows server? Is the SNMP service running and configured to allow the polls (I believe by default the service will only allow queries from 127.0.0.1)? Does a Configuration Poll confirm that the NetXMS server can poll SNMP on the server at all?
I added the WAN IP of the NetXMS server so it could connect to Windows 2016 box.
Also can poll SNMP from NetXMS Server full configuration OK so I know SNMP is working.
Just can't get the DCI collection on bandwidth to work, guessing its using OID that Windows 2016 does not recognize.

If I could get the NetXMS Agent installed and working over WAN link that might also work, but reading the documentation it looks like a lot of work on certificates and got a bit lost if I am being truthful.


Tursiops

I just double-checked on one of our servers and can confirm that at least Windows 2016 isn't using the ifX table (which you are trying to query). Considering SNMP on Windows has been deprecated for a while now, I wouldn't expect that to change. That also means using SNMP is probably not the best way to get this data from a Windows system in general.
For the ifTable, you'd want to query .1.3.6.1.2.1.2.2.1.10 for inbound and .1.3.6.1.2.1.2.2.1.16 for outbound. Again, I would not recommend doing this on busy Gigabit or faster connections as counters are going to overflow every few minutes and you won't be able to trust the data you're receiving.

There are two ways to setup Agents.
The original way is for the NetXMS server to connect to the client. This doesn't require any certificates at all, just a port forward for TCP 4700. If you only have one agent at the other end, this will work just fine for you.
The other way are Agent Tunnels, in which case the Agent will connect to the NetXMS server. This one requires certificates on the server (the server will then generate certificates for the clients as needed). There are some guides available on the forum and at least on Linux it looks more complicated than it really is.