Contact

Discovery & Network

SNMP Monitoring

Monitor network infrastructure — switches, routers, UPS units, printers, access points, and firewalls — through SNMP v1/v2c/v3 polling dispatched via managed agents inside your network.

Technical Manual
Status: Available

Prerequisites

  • User role with discovery.view (read) or discovery.manage (write/poll)
  • At least one managed host with a running agent in the same network as the SNMP devices (the probe host)
  • SNMP credentials matching the target devices' configuration (community string for v1/v2c, or v3 auth credentials)
  • Network connectivity from the probe host to the SNMP device on the configured port (default 161)

Understanding SNMP Monitoring

SNMP polling works the same way as discovery: the platform dispatches a poll job to a probe host agent, the agent performs the SNMP GET operations against the target device, and results come back asynchronously. The backend never contacts SNMP devices directly.

SPOG supports SNMP v1, v2c, and v3. Credentials are encrypted at rest. Community strings are never returned in API responses — only a has_community_string: true/false flag.

Device Statuses

activeDevice is responding to polls normally.
unreachableLast poll timed out or connection was refused. Will be retried on next poll.
disabledPolling stopped manually by disabling the device.

Configuring SNMP Credentials

Credentials are organization-scoped and shared across devices within the same org.

Create a Credential

  1. Navigate to SNMP > Credentials and click Create Credential.
  2. For v1/v2c: provide a community string (required).
  3. For v3: provide a username (required), plus optional security fields.
OrganizationThe org this credential belongs to.
NameHuman-readable label (e.g., "Core Switches v2c").
SNMP Versionv1, v2c, or v3.
Community StringRequired for v1/v2c. Never displayed in responses for security.
v3 UsernameRequired for v3.
v3 Security LevelOptional. noAuthNoPriv, authNoPriv, or authPriv.
v3 Auth ProtocolOptional. MD5 or SHA.
v3 Auth PassphraseOptional. Authentication passphrase.
v3 Privacy ProtocolOptional. DES or AES.
v3 Privacy PassphraseOptional. Privacy passphrase.

Update and Delete Credentials

  • Open a credential and click Edit to update name, version, community string, or v3 fields.
  • Click Delete to remove a credential. Deletion only succeeds if no devices reference this credential.
Credential deletion is blocked while in use. Reassign or delete all devices using a credential before you can remove it.

Adding SNMP Devices

Manual Registration

  1. Navigate to SNMP > Devices and click Add Device.
  2. The device is created in active status with polling enabled.
  3. The scheduler begins polling automatically based on the configured poll interval.
OrganizationMust match the credential and probe host org.
IP AddressDevice IP address.
SNMP PortDefault 161.
SNMP CredentialMust belong to the same org.
Probe HostManaged host with agent in same org. Performs the actual SNMP queries.
Device TypeSwitch, router, printer, UPS, access point, firewall, other, or unknown.
Poll Interval60 to 86400 seconds. Default 300 (5 minutes).

From Discovery

Devices found via network discovery scans can be manually added as SNMP devices by creating a device record with the discovered IP address and assigning an SNMP credential.

SNMP Polling

Manual Poll

  1. Open the device detail page and click Poll Now.
  2. A poll job is dispatched to the probe host.
  3. When the poll completes, the device's system info, interfaces, and status are updated.
  4. Device type is auto-classified from the SNMP system OID and description if currently unknown.

Scheduled Polling

The scheduler checks every 60 seconds for devices due for a poll. A device is polled when:

  • The device is enabled
  • Status is not disabled
  • Both probe host and credential are configured
  • Enough time has elapsed since the last poll (based on the configured poll interval)
  • No pending poll job already exists for this device

Poll Results

When a poll completes successfully, the following data is updated on the device record:

System NameSNMP sysName MIB value.
System DescriptionSNMP sysDescr -- full system description string.
System Object IDSNMP sysObjectID -- vendor/model OID.
System UptimeDevice uptime.
System ContactSNMP sysContact field.
System LocationSNMP sysLocation field.
InterfacesNetwork interface data.
Extra MIB DataAdditional MIB data collected beyond system MIBs.

If the poll fails due to timeout or connection refused, the device status is set to unreachable. A successful subsequent poll restores it to active.

Auto-Classification

When a device has an unknown type, the first successful poll automatically classifies it using the SNMP system object ID prefix:

sysObjectID PrefixVendorClassification
1.3.6.1.4.1.9.Ciscorouter
1.3.6.1.4.1.2636.Juniperrouter
1.3.6.1.4.1.11.HP / Arubaswitch
1.3.6.1.4.1.674.Dellswitch
1.3.6.1.4.1.318.APCups
1.3.6.1.4.1.850.Tripp Liteups
1.3.6.1.4.1.3854.Eatonups
1.3.6.1.4.1.367.Ricohprinter
1.3.6.1.4.1.11.2.3.9.HP Printerprinter
1.3.6.1.4.1.2435.Brotherprinter
1.3.6.1.4.1.14823.Arubaap
1.3.6.1.4.1.12356.Fortinetfirewall
1.3.6.1.4.1.8072.Net-SNMPother

If the OID doesn't match, a fallback keyword search runs against the system description looking for: switch, router, printer, ups, access point, wireless, firewall, fortigate, palo alto.

Manual override. If auto-classification gets it wrong, open the device and edit the device type manually.

Managing Device Configuration

  • Open a device and click Edit to update hostname, credential, probe host, port, device type, poll interval, or enabled status.
  • When changing credential or probe host, the new resource must be in the same organization.
  • Disable a device to stop scheduled polling without deleting the device record.
  • Click Delete to permanently remove the device record.

Use the device list filters (organization, status, device type, search) to find devices. Click a device row for full detail including interface data and extra MIB data.

SNMP Dashboard

The SNMP Dashboard shows aggregate metrics for all SNMP devices accessible to the current user.

Total DevicesTotal registered SNMP devices.
By StatusDevice counts grouped by status (active, unreachable, disabled).
By TypeDevice counts grouped by device type.
Credential CountTotal SNMP credentials configured.

SNMP trap ingestion

Cadres supports agent-based SNMP trap collection. Because the backend is cloud-hosted and cannot receive inbound SNMP traps directly from customer networks, traps are collected by a managed agent running inside the customer's network and forwarded to the backend as events.

How it works

  1. A managed agent in the customer network is configured as the trap receiver.
  2. Network devices send SNMP traps to the agent's IP address on the configured trap port.
  3. The agent collects, parses, and batches the trap data.
  4. Trap data is forwarded to the backend via the agent's standard authenticated API channel.
  5. The backend processes traps through the event alert pipeline, creating alerts for matching event rules.
SaaS architecture constraint Direct SNMP trap reception on the backend is not possible in a SaaS deployment. The agent-based approach ensures traps from customer networks are collected reliably without requiring inbound network connectivity to the cloud backend.

Discovery-to-SNMP auto-provisioning

When agentless network discovery finds devices that respond to SNMP probes, Cadres can automatically create SNMP device records from discovered hosts. The system links SNMP devices back to their discovery origin.

  1. Run a network scan discovery job targeting the subnet containing SNMP-capable devices.
  2. Discovered hosts that respond to SNMP queries are flagged as SNMP-capable.
  3. Promote the discovered host to a managed SNMP device using the auto-provisioning workflow.
  4. The system creates the SNMP device record with the correct IP, assigns the specified credential, and begins scheduled polling.

Unreachable device alerting

When an SNMP device transitions to "unreachable" status, the system fires an event alert. When the device recovers and responds to polling again, the alert auto-resolves. This integrates with the full event alert pipeline including incident correlation and notification.

Permissions Reference

PermissionGrants
discovery.viewList/get SNMP credentials, devices, and dashboard.
discovery.manageCreate/update/delete credentials and devices. Trigger manual polls.

Troubleshooting

SymptomCauseFix
Device status "unreachable"Poll timeout or connection refusedVerify device IP, port, and SNMP credential. Check network path from probe host.
Device type stays "unknown"System OID/description not in classification mapManually set the device type by editing the device.
Credential delete returns 409Devices still reference the credentialReassign or delete all devices using this credential first.
Poll not dispatchedPending poll job already exists for this deviceWait for the existing poll job to complete or fail.
Credential/probe not in same orgCross-org mismatchCredential, probe host, and device must all belong to the same organization.
v2c credential creation failsMissing community stringSNMPv1/v2c requires a community string.
v3 credential creation failsMissing usernameSNMPv3 requires a v3 username.
Scheduled polls not runningDevice disabled or scheduler stalledVerify the device is enabled. Check system health status.