Skip to main content
A
Anonymous_User
Contributor
September 28, 2016

Technical Note: FortiSIEM testing SNMP from the command line

  • September 28, 2016
  • 0 replies
  • 6040 views

Description

This article describes how to test SNMP monitoring on a FortiSIEM Supervisor from the command line.


Scope

 


Solution

How to troubleshoot SNMP monitoring on a device.
 
Open an SSH session to FortiSIEM Supervisor
 
Go to the /opt/phoenix/bin directory and execute snmpbulkwalk.
 
#cd /opt/phoenix/bin
#snmpbulkwalk -v 2c –c <credentials> <ip> . 
 
Output example:
 
SNMPv2-MIB::sysDescr.0 = STRING: Hardware: Intel64 Family 6 Model 44 Stepping 2 AT/AT COMPATIBLE - Software: Windows Version 6.0 (Build 6001 Multiprocessor Free)
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.311.1.1.3.1.3
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (257668701) 29 days, 19:44:47.01
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: WIN-IIKW9EG1676
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 76
IF-MIB::ifNumber.0 = INTEGER: 15
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifIndex.4 = INTEGER: 4
IF-MIB::ifIndex.5 = INTEGER: 5
IF-MIB::ifIndex.6 = INTEGER: 6
IF-MIB::ifIndex.7 = INTEGER: 7
IF-MIB::ifIndex.8 = INTEGER: 8
IF-MIB::ifIndex.9 = INTEGER: 9
IF-MIB::ifIndex.10 = INTEGER: 10
IF-MIB::ifIndex.11 = INTEGER: 11
IF-MIB::ifIndex.12 = INTEGER: 12
IF-MIB::ifIndex.13 = INTEGER: 13
IF-MIB::ifIndex.14 = INTEGER: 14
IF-MIB::ifIndex.15 = INTEGER: 15
IF-MIB::ifDescr.1 = STRING: Software Loopback Interface 1
IF-MIB::ifDescr.2 = STRING: WAN Miniport (SSTP)
IF-MIB::ifDescr.3 = STRING: WAN Miniport (L2TP)
IF-MIB::ifDescr.4 = STRING: WAN Miniport (PPTP)
IF-MIB::ifDescr.5 = STRING: WAN Miniport (PPPOE)
IF-MIB::ifDescr.6 = STRING: WAN Miniport (IPv6)
IF-MIB::ifDescr.7 = STRING: WAN Miniport (Network Monitor)
...
 
If there is no response verify the following:
    - SNMP community string syntax
    - UDP port 161 is not being blocked somewhere between the FortiSIEM Supervisor and the target device
    - SNMP agent isn't properly configured on . 
 
#snmpbulkwalk -v 2c -c puc 172.16.22.134 .
Timeout: No Response from 172.16.22.134
 
To check target device is listening on port 161 enter the following command: 
#nmap -p 161 <target ip>
 
For SNMP version 1 use this command syntax:
#snmpbulkwalk -v 1 –c <credentials> <ip> .

Example:  

#snmpbulkwalk -v 1 -c snmppass 10.1.1.1

 
For SNMP version 3 use this command syntax:
 
#snmpbulkwalk –v 3 –u <user> -l <level> -a <authProto> -A <authPass> -x <privProto> -X <privPass> <ip> system
 
Example:  
#snmpbulkwalk -v 3 -l authNoPriv -u snmpuser -A snmppass 10.1.1.1
 
To redirect the output to a file
 
#snmpbulkwalk –v 2c –c <cred> <ip> . > out.txt
 
Snmpbulkwalk is an open-source tool that FortiSIEM uses to pull SNMP data.  You can refer to the following URL for information on this program and its options.
 
 
 

 

 

 

    Terms & ConditionsAccessibility statement