SNMP Classification: Accessing and Reading Payloads with valid MIBs

When working with Discovery, you may quickly discover that a number of SNMP devices are not actually present within the classifiers baseline and require some extra configuration for them to be added to the system. The work necessary can range anywhere from needing to create custom SNMP MID server behaviors to having to load manufacturer’s MIBs. For this article, I will go over how to read an SNMP payload, parse out the system’s OID, and add it to an SNMP Identifier.

Accessing and Reading Payloads with valid MIBs

Since adding a new MIB to the system is already covered by the base documentation (see here), from this point forward we will assume that the system contains a valid MIB file for your device. You have now made your discovery schedule, ran it, and noticed that your devices are stuck at “Active, Couldn’t Classify,” with no error details. Digging into the Payload, you see that you are getting OIDs. Opening it gives you a jumble like this:

In order to get this device discovered, you now need to add the OID for this type of device to the SNMP Classifier record of the device type we are using. To get this from the above jumble, you need to copy the 1.3.6.etc value from the sysObjectID. But what does this line of values even mean, anyway? We can start by parsing out each piece.

First, we look at the numbers prior to the 3375. Generally, these do not change very much between devices. For our purposes, they will almost always start with 1.3.6.1.4.1. The main item we are looking as here is the 4-digit value 3375. For OIDs, this 4-digit values acts almost like a sys_id in ServiceNow and uniquely identifies the manufacturer of the device. It is not always 4 digits of course (there are tons of manufacturers!) but it should always be in the 7th slot. In our above case, any F5 devices should have 3375 as this value. This can help you identify the device type and manufacturer prior to reaching out to the client.

Adding an OID to an SNMP Classifier

Now that we have the OID for this device, we can create a new SNMP OID Classification for it. To do this, navigate to Discovery Definition > CI Classification > SNMP System OIDs. Once you are here, click “New.”

In the OID field, paste the entire value mentioned in the previous step (i.e., 1.3.6.1.4.1.3375.2.1.3.4.106). For the Operator, we almost always want to use “is.” The Starts With option can be used to cover more ground, but will lead to less valuable data. For example, we could technically make a Classifier that is Oid = 1.3.6.1.4.1.3375.2.1.3.4. and operator is STARTS WITH and that would capture most F5 Load Balancers, but then we would lose the ability to specify model numbers.

Next, you want to fill the Manufacturer with the one for the device (i.e., F5) and then the model can be found in the payload on the previous step under the sysDescr section. In F5’s case, it is the 4-digit value after the “i” of BIG-IP i4600.

Finally, fill in the Classifier and table field based on where we would like this device to be stored. In F5’s case there is a base table for this we can choose. Then save the record.
With this piece created, you should now be able to run a discovery against those devices and ServiceNow be able to correctly identify and create the CIs!

Contact Us