Creating SNMP and WMI Credentials for Windows Devices

Download this manual as a PDF file

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

The following sections describe how to create SNMP and WMI credentials for Windows devices that you want to monitor with SL1:

Creating an SNMP Credential

SNMP credentials allow SL1 to access SNMP data on a managed device. SL1 uses SNMP credentials to perform discovery, run auto-discovery, and gather information from SNMP Dynamic Applications.

To create an SNMP credential:

  1. Go to the Credentials page (Manage > Credentials).
  2. Click the Create New button and then select Create SNMP Credential. The Create Credential modal page appears:

An image of the SNMP Create Credential page

  1. Supply values in the following fields:
  • Name. Name of the credential. Can be any combination of alphanumeric characters, up to 64 characters. This is a required field.
  • All Organizations. Toggle on (blue) to align the credential to all organizations, or toggle off (gray) and then select one or more specific organizations from the What organization manages this service? drop-down field to align the credential with those specific organizations. This field is required.

To learn more about credentials and organizations, see the section Aligning Organizations With a Credential.

  • Timeout (ms). Time, in milliseconds, after which SL1 will stop trying to communicate with the device. The default value is 1500.
  • SNMP Version. SNMP version. Choices are SNMP V1, SNMP V2, and SNMP V3. The default value is SNMP V2.
  • Port. The port SL1 will use to communicate with the external device or application. The default value is 161. This field is required.
  • SNMP Retries. Number of times SL1 will try to authenticate and communicate with the external device. The default value is 1.

SNMP V1/V2 Settings

If you selected SNMP V1 or SNMP V2 in the SNMP Version field, complete these fields. These fields are inactive if you selected SNMP V3.

  • SNMP Community (Read-Only). The SNMP community string (password) required for read-only access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials, you must supply a community string, either in this field or in the SNMP Community (Read/Write) field.
  • SNMP Community (Read/Write). The SNMP community string (password) required for read and write access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials, you must supply a community string, either in this field or in the SNMP Community (Read Only) field.

SNMP V3 Settings

If you selected SNMP V3 in the SNMP Version field, complete these fields. These fields are inactive if you selected SNMP V1 or SNMP V2.

  • Security Name. Name for SNMP authentication. This field is required.
  • Security Passphrase. Password to authenticate the credential. This value must contain at least 8 characters. This value is required if you use a Security Level that includes authentication.

In addition to alphanumeric characters, you can also use the following special characters in an SNMP V3 security passphrase: ? - _ = , . : # + % $ [ ] { } & ! ( ) | /

You cannot use the following special characters in an SNMP V3 security passphrase: " ' \

  • Authentication Protocol. Select an authentication algorithm for the credential. This field is required. Choices are:
  • MD5. This is the default value.
  • SHA
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512

The SHA option is SHA-128.

  • Security Level. Specifies the combination of security features for the credentials. This field is required. Choices are:
  • No Authentication / No Encryption.
  • Authentication Only. This is the default value.
  • Authentication and Encryption.
  • Engine ID. The unique engine ID for the SNMP agent you want to communicate with. (SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID.) This field is optional.
  • Context. A context is a mechanism within SNMPv3 (and AgentX) that allows you to use parallel versions of the same MIB objects. For example, one version of a MIB might be associated with SNMP Version 2 and another version of the same MIB might be associated with SNMP Version 3. For SNMP Version 3, specify the context name in this field. This field is optional.
  • Privacy Protocol. The privacy service encryption and decryption algorithm. This field is required. Choices are:
  • DES. This is the default value.
  • AES-128
  • AES-192
  • AES-256
  • AES-256-C. This option is for discovering Cisco devices only.
  • Privacy Protocol Passphrase. Privacy password for the credential. This field is optional.
  1. Click Save & Close.

If you would like to test your credential using the Credential Tester panel, click Save & Test. For detailed instructions on using the Credential Tester panel, see the Using the Credential Tester Panel section.

Creating an SNMP Credential in the SL1 Classic User Interface

SNMP Credentials allow SL1 to access SNMP data on a managed device. SL1 uses SNMP credentials to perform discovery, run auto-discovery, and gather information from SNMP Dynamic Applications.

To create an SNMP credential:

  1. Go to the Credential Management page (System > Manage > Credentials).

  2. Click the Actions button and select Create SNMP Credential. The Credential Editor page appears.

  3. Supply values in the following fields:
  • Profile Name. Name of the credential. Can be any combination of alphanumeric characters. This field is required.
  • SNMP Version. SNMP version. Choices are SNMP V1, SNMP V2, and SNMP V3. The default value is SNMP V2.
  • Port. The port SL1 will use to communicate with the external device or application. The default value is 161. This field is required.
  • Timeout (ms). Time, in milliseconds, after which SL1 will stop trying to communicate with the SNMP device. The default value is 1500.
  • Retries. Number of times SL1 will try to authenticate and communicate with the external device. The default value is 1.

SNMP V1/V2 Settings

These fields appear if you selected SNMP V1 or SNMP V2 in the SNMP Version field. The fields are inactive if you selected SNMP V3.

  • SNMP Community (Read-Only). The SNMP community string (password) required for read-only access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials, you must supply a community string, either in this field or in the SNMP Community (Read/Write) field.
  • SNMP Community (Read/Write). The SNMP community string (password) required for read and write access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials, you must supply a community string, either in this field or in the SNMP Community (Read Only) field.

SNMP V3 Settings

These fields appear if you selected SNMP V3 in the SNMP Version field. These fields are inactive if you selected SNMP V1 or SNMP V2.

  • Security Name. Name for SNMP authentication. This field is required.
  • Security Passphrase. Password to authenticate the credential. This value must contain at least 8 characters. This value is required if you use a Security Level that includes authentication.
  • Authentication Protocol. Select an authentication algorithm for the credential. This field is required. Choices are:
  • MD5. This is the default value.
  • SHA
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512

The SHA option is SHA-128.

  • Security Level. Specifies the combination of security features for the credentials. This field is required. Choices are:
  • No Authentication / No Encryption.
  • Authentication Only. This is the default value.
  • Authentication and Encryption.
  • SNMP v3 Engine ID. The unique engine ID for the SNMP agent you want to communicate with. (SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID.) This field is optional.
  • Context Name. A context is a mechanism within SNMPv3 (and AgentX) that allows you to use parallel versions of the same MIB objects. For example, one version of a MIB might be associated with SNMP Version 2 and another version of the same MIB might be associated with SNMP Version 3. For SNMP Version 3, specify the context name in this field. This field is optional.
  • Privacy Protocol. The privacy service encryption and decryption algorithm. This field is required. Choices are:
  • DES. This is the default value.
  • AES-128
  • AES-192
  • AES-256
  • AES-256-C. This option is for discovering Cisco devices only.
  • Privacy Protocol Passphrase. Privacy password for the credential. This field is optional.
  1. Click the Save button to save the new SNMP credential.
  2. Repeat steps 1-4 for each SNMP-enabled device in your network that you want to monitor with SL1.

NOTE: When you define an SNMP Credential, SL1 automatically aligns the credential with all organizations of which you are a member.

Creating a WMI Credential

NOTE: Although SL1 supports WMI Dynamic Applications, ScienceLogic recommends that you use PowerShell Dynamic Applications where possible. PowerShell is the preferred management platform for Microsoft products.

If you configure your Windows system to respond to WMI requests from SL1, you can use WMI Dynamic Applications to collect information from your Windows system.

All of the WMI Dynamic Applications include a discovery object. If you include a credential for WMI Dynamic Applications in the discovery session that includes your Windows system, SL1 will automatically align the appropriate WMI Dynamic Applications to the Windows system. For more information about creating a discovery session, see the Running a Discovery Session section.

You can create a credential for WMI Dynamic Applications from the Credentials page. To create a credential for a WMI Dynamic Application:

  1. Go to the Credentials page (Manage > Credentials).

  1. Select the Create New button in the upper right of the page. Select Create Basic/Snippet Credential.

  1. The Credential Editor page appears, where you can define the following fields:

  • Credential Name. Name of the credential. Can be any combination of alphanumeric characters.
  • All Organizations. Toggle on (blue) to align the credential to all organizations, or toggle off (gray) and then select one or more specific organizations from the What organization manages this service? drop-down field to align the credential with those specific organizations.

  • Timeout (ms). Time, in milliseconds, after which the platform will stop trying to communicate with the authenticating server.
  • Hostname/IP. Hostname or IP address of the device from which you want to retrieve data. To use the same WMI default credential for multiple devices, enter %D in this field.
  • Port. Port number associated with the data you want to retrieve. For WMI Dynamic Applications that perform WBEM requests, supply the port used by the WBEM service on the device. For WMI Dynamic Applications that perform WMI requests, which includes all default WMI Dynamic Applications in SL1, enter any valid port number in this field; the platform does not specify a port number when performing WMI requests.
  • Username. Username for a user account on the device.

NOTE: To specify a domain user, enter the username in the format DOMAIN\username. In most cases, you should use a domain user in the credential and use the format DOMAIN\username.

  • Password. Password for a user account on the device.
  1. To save the credential, select the Save & Close button.

Creating a WMI Credential in the SL1 Classic User Interface

NOTE: Although SL1 supports WMI Dynamic Applications, ScienceLogic recommends that you use PowerShell Dynamic Applications where possible. PowerShell is the preferred management platform for Microsoft products.

If you configure your Windows system to respond to WMI requests from SL1, you can use WMI Dynamic Applications to collect information from your Windows system.

All of the WMI Dynamic Applications include a discovery object. If you include a credential for WMI Dynamic Applications in the discovery session that includes your Windows system, SL1 will automatically align the appropriate WMI Dynamic Applications to the Windows system. For more information about creating a discovery session, see the Running a Discovery Session section.

You can create a credential for WMI Dynamic Applications from the Credential Management page. To create a credential for a WMI Dynamic Application:

  1. Go to the Credential Management page (System > Manage > Credentials).
  2. Select the Create button in the upper right of the page. Select Basic/Snippet Credential.
  3. The Credential Editor page appears, where you can define the following fields:
  • Credential Name. Name of the credential. Can be any combination of alphanumeric characters.
  • Hostname/IP. Hostname or IP address of the device from which you want to retrieve data. To use the same WMI default credential for multiple devices, enter %D in this field.
  • Port. Port number associated with the data you want to retrieve. For WMI Dynamic Applications that perform WBEM requests, supply the port used by the WBEM service on the device. For WMI Dynamic Applications that perform WMI requests, which includes all default WMI Dynamic Applications in SL1, enter any valid port number in this field; the platform does not specify a port number when performing WMI requests.
  • Timeout (ms). Time, in milliseconds, after which the platform will stop trying to communicate with the authenticating server.
  • Username. Username for a user account on the device. To specify a domain user, enter the username in the format DOMAIN\username. In most cases, you should use a domain user in the credential and use the format DOMAIN\username.
  • Password. Password for a user account on the device.
  1. To save the credential, select the Save button. To clear the values you set, select the Reset button.

Testing Windows Credentials

Credential Tests define a series of steps that SL1 can execute on-demand to validate whether a credential works as expected. This section describes the SNMP and Basic/Snippet Credential Tests that are included in the default installation of SL1.

SNMP Credential Test

The SNMP Credential Test can be used to test an SNMP credential for connectivity. The SNMP Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the host specified in the credential.
  • Test Port Availability. Performs an NMAP request to the UDP port specified in the credential on the host specified in the credential.
  • Test SNMP Availability. Attempts an SNMP getnext request to .1.3.6.1 using the credential.

Basic/Snippet Credential Test

The Basic/Snippet Credential Test can be used to test a Basic/Snippet credential for connectivity. The Basic/Snippet Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to the host specified in the credential.
  • Test Port Availability. Performs an NMAP request to the TCP port specified in the credential on the host specified in the credential.
  • Test Name Resolution. Performs an nslookup request on the host specified in the credential.

Running a Windows Credential Test

You can test a credential from the Credentials page using a predefined credential test.

To run a credential test from the Credentials page:

  1. Go to the Credentials page (Manage > Credentials).
  2. Click the Actions button () of the credential that you want to test, and then select Edit/Test.
  1. The Credential Tester modal page appears. Fill out the following fields on this page:
  • Select Credential Test. Select a credential test to run. This drop-down list includes the ScienceLogic Default Credential Tests, credential tests included in any PowerPacks that have been optionally installed on your system, and credential tests that users have created on your system.
  • Collector. Select the All-In-One Appliance or Data Collector that will run the test.
  • IP or Hostname to Test. Type a hostname or IP address that will be used during the test. For example, if you are testing an SNMP credential, the hostname/IP address you supply will be used to perform a test SNMP request.
  1. Click Test Credential button to run the credential test. The Credential Test starts and the Testing Completed modal displays the results.

    The Testing Completed window displays a log entry for each step in the credential test. The steps performed are different for each credential test.

Running a Windows Credential Test in the SL1 Classic User Interface

To run a Windows credential test from the Credential Management page:

  1. Go to the Credential Management page (System > Manage > Credentials).

  1. Click the Actions menu, and then select Test Credential. The Credential Tester modal page appears.

  1. Supply values in the following fields:
  • Test Type. Select a credential test to run.

  • Credential. Select the credential you want to test. This drop-down list includes only credentials that you have access to that can be tested using the selected credential test.
  • Hostname/IP. Enter a hostname or IP address that will be used during the test. For example, if you are testing an SNMP credential, the hostname/IP address you supply will be used to perform a test SNMP request.
  • Collector. Select the All-In-One Appliance or Data Collector that will run the test.

  1. Click the Run Test button to run the credential test. The Test Credential window appears.

The Test Credential window displays a log entry for each step in the credential test. The steps performed are different for each credential test. The log entry for each step includes the following information:

  • Step. The name of the step.

  • Description. A description of the action performed during the step.
  • Log Message. The result of the step for this execution of the credential test.
  • Status. Whether the result of this step indicates the credential and/or the network environment is configured correctly (Passed) or incorrectly (Failed).
  • Step Tip. Mouse over the question mark icon () to display the tip text. The tip text recommends what to do to change the credential and/or the network environment if the step has a status of "Failed".

  1. Optionally, you can click the Execute Discovery Session button to run a discovery session using the Credential, Hostname/IP, and Collector you selected in the Credential Tester modal page.