SNMP community string Report and/or Inheritence

scotsie · March 31, 2025, 7:47pm

All,
The primary goal is to identify all SNMP enabled devices and if they’re receiving a community string via rule, folder inheritance or direct override.

A secondary goal would be to understand the order such settings are observed.
Would this list be correct for precedence?

Device Setting
Folder Setting
Global rule

Just curious if there’s already a way to collect or report on this information to plan an upcoming migration of community strings. I can piece together some information based on host searches and manual spreadsheet voodoo but may have to run through this multiple times throughout the project.

Our original setup we used folder level community strings for geographic sites but over time I am finding others have been overriding at the individual device level.

I am considering switching to using a rules based community string moving forward based on some tags and/or labels. I would like to use this data to help me determine impact and how to communicate to other departments.

Thanks in advance for your time.

Sincerely,
Scotsie

r.sander · April 1, 2025, 6:50am

You can run cmk -D HOSTNAME as site user to get the SNMP credentials of the host that are currently in use.
But AFAIK there is no way to tell from which setting they come.

scotsie · April 7, 2025, 6:21pm

@r.sander thanks for the tip.
While it doesn’t show where it came from, it did help to build a baseline list and I can watch for deviations as I work on a transition.

While dirty, this bash one-liner does the trick for providing the info I need:
$ for server in $(cmk --list-tag device_type_netdev_cisco); do echo $server - $(cmk -D $server| grep Community); done;

Note: We have a custom tag set at device creation for a ‘device_type’ but a more generic snmp or snmp-ds-v2 did a broad scope check. The logic with the tags seems to be AND based.

Sincerely,
Scotsie