When you need to monitor a Windows Server 2003 machine behind a firewall, SNMP becomes your best friend. Let's cut through the confusion and get straight to the working solution.
The OID you need for CPU performance is part of the Host Resources MIB (RFC2790). For Windows systems, the complete path is:
1.3.6.1.2.1.25.3.3.1.2
This OID returns CPU usage for each processor core. On a multi-core system, you'll get multiple values that you'll need to average.
Here's how to query this using different tools:
Using snmpwalk from command line:
snmpwalk -v 2c -c public 192.168.1.100 1.3.6.1.2.1.25.3.3.1.2
Python example using PySNMP:
from pysnmp.hlapi import *
errorIndication, errorStatus, errorIndex, varBinds = next(
getCmd(SnmpEngine(),
CommunityData('public'),
UdpTransportTarget(('192.168.1.100', 161)),
ContextData(),
ObjectType(ObjectIdentity('1.3.6.1.2.1.25.3.3.1.2')))
)
if errorIndication:
print(errorIndication)
elif errorStatus:
print('%s at %s' % (errorStatus.prettyPrint(),
errorIndex and varBinds[int(errorIndex)-1][0] or '?'))
else:
for varBind in varBinds:
print(' = '.join([x.prettyPrint() for x in varBind]))
The returned values represent CPU utilization percentage for each core. For example:
- 1.3.6.1.2.1.25.3.3.1.2.1 = 45 (Core 1 at 45% utilization)
- 1.3.6.1.2.1.25.3.3.1.2.2 = 32 (Core 2 at 32% utilization)
Windows provides additional performance counters through SNMP:
1.3.6.1.2.1.25.3.3.1.2 - Processor load (per CPU) 1.3.6.1.2.1.25.2.3.1.6 - Memory usage 1.3.6.1.2.1.25.2.3.1.5 - Total memory 1.3.6.1.2.1.25.4.2.1.2 - Running processes
If you're not getting data, verify:
- SNMP service is running on the Windows server
- Community string matches your client configuration
- Firewall allows UDP port 161 traffic
- SNMP service is configured to allow queries from your IP
Before querying CPU metrics, let's verify your SNMP service is properly configured on Windows Server 2003:
# PowerShell check for SNMP service status
Get-Service -Name SNMP | Select-Object Status, Name, DisplayName
# Expected output if running:
# Status Name DisplayName
# ------ ---- -----------
# Running SNMP SNMP ServiceThe most reliable OID for CPU performance in Windows Server 2003 is part of the Host Resources MIB (RFC2790):
1.3.6.1.2.1.25.3.3.1.2This OID provides CPU utilization per processor core. For a single-core system, you'll get one value; multi-core returns multiple instances.
Here's how to retrieve CPU values using net-snmp tools:
# Basic SNMP walk command
snmpwalk -v 2c -c public 192.168.1.100 1.3.6.1.2.1.25.3.3.1.2
# Example output for quad-core system:
# HOST-RESOURCES-MIB::hrProcessorLoad.1 = INTEGER: 23
# HOST-RESOURCES-MIB::hrProcessorLoad.2 = INTEGER: 18
# HOST-RESOURCES-MIB::hrProcessorLoad.3 = INTEGER: 27
# HOST-RESOURCES-MIB::hrProcessorLoad.4 = INTEGER: 15For systems monitoring, you might want an average CPU utilization:
# Python script to calculate average CPU usage
import subprocess
import re
def get_avg_cpu(host, community):
cmd = f"snmpwalk -v 2c -c {community} {host} 1.3.6.1.2.1.25.3.3.1.2"
output = subprocess.getoutput(cmd)
values = [int(match.group(1))
for match in re.finditer(r'INTEGER: (\d+)', output)]
if not values:
return None
return sum(values) / len(values)Other useful Windows Server 2003 performance OIDs:
- Memory Usage: 1.3.6.1.2.1.25.2.3.1.6 (hrStorageUsed)
- Total Memory: 1.3.6.1.2.1.25.2.3.1.5 (hrStorageSize)
- Process Count: 1.3.6.1.2.1.25.1.6.0 (hrSystemProcesses)
When configuring SNMP on legacy systems:
# Recommended snmpd.conf settings:
com2sec readonly default my_community
group MyROGroup v2c readonly
view all included .1
access MyROGroup "" any noauth exact all none noneAlways use non-default community strings and consider IP-based restrictions.
If you're not getting expected results:
- Verify Windows Firewall allows UDP 161 inbound
- Check SNMP service is using the correct community string
- Confirm the SNMP agent has "Send authentication trap" disabled
- Ensure the monitoring system is in "Accepted Hosts" list