Version 5

    Install and Setup Net-SNMP for basic SNMP monitoring on Linux. Setup snmpd.conf SNMP Linux, Unix, HPUX systems. Whether 64bit, 32 bit, or ARM based system like Raspberry Pi.

     

    PURPOSE: Setup Net-SNMP with SNMPv3 Credentials with minimal effort to get System Monitoring & Process details.

     

    Reference:  SNMPv3

     

    With this Guide, you can Monitor:

    • Status
    • CPU
    • Memory
    • Topology
    • Interface Status/Utilization
    • Asset Inventory
    • Volumes such as /, /etc/ and other directories.
    • Running Processes

     

     

    Tested on: Ubuntu, Debian, CentOS.

     

    This is a basic configuration, for Either SNMPv2 or SNMPv3

     

    1. Start by updating the system, then installing snmpd
    apt-get update
    apt-get install snmpd

    Modify the snmpd.conf file to setup the configuration to monitor your system from across the network.  The configuration below allows anyone to read the SNMP data - you may want a more secure configuration.  These are the barebones needed to start monitoring right away via SNMPv2:

     

    • Open the snmpd.conf in your favorite editor
    nano /etc/snmp/snmpd.conf
    • Change IP Binding from local to All IPs or selected Interfaces
    • Note: Comment out the start of a line with #
    • Example output:
    #  Listen for connections from the local system only
    # agentAddress  udp:127.0.0.1:161
    #  Listen for connections on all interfaces (both IPv4 *and* IPv6)
    agentAddress udp:161,udp6:[::1]:161
    [::1]:161
                Note: this is where you can limit Interface snmp is bound

     

     

    Choose either SNMPv2, or SNMPv3 (encrypted traffic, more secure)

     

     

    SNMPv2

    • Scroll down the page and un-comment to Community String:
    #rocommunity public  localhost                    
    
    rocommunity public
    #rocommunity secret  10.0.0.0/16
    
    

    Note the example, you can use rocommunity public and the allowed IP Addresses as commented out on line 4.

     

    To maje it work it needs to basically look like:

      • rocommunity <snmpcommunity>
      • Limit to endpoint IP: rocommunity <snmpcommunity> 10.1.1.10
      • limit to IP Range: rocommunity <snmpcommunity> 10.0.0.0/16
      • ipv6only: rocommunity6 <snmpcommunity>
    • Restart the SNMP deamon:
    service snmpd restart
    • When Adding the Device for monitoring, select SNMPv2, use the Community string, enter ONLY into Read Only, then select Test.

     

    SNMPv3

    This is where I break from a lot of guides, probably because no one referenced the source material. We are editing the SNMPd.conf file directly, this way you are not dependent on net-snmp-utils.

     

    WARNING: SNMPv3 pass phrases must be at least 8 characters long!

     

    • Create the User (usually do not see the user in Show Run/Show Start configurations)
          • Example Command: CreateUser TestSNMPv3User SHA P@$$w0rd AES P@$$w0rd
            • Note: If the privacy passphrase is not specified, it is assumed to be the same as the authentication passphrase.
          1. MD5: Use HMAC MD5 algorithm for authentication
          2. SHA: Use HMAC SHA1 algorithm for authentication
          3. AES: Use AES 128 bit algorithm for encryption
          4. DES: Use 56 but DES algorithm for encryption

    What it would look like in the configuration

    ###############################################################################
    #
    #  SNMPv3 AUTHENTICATION
    #
    # I add the SNMPv3 Users in this area
    # Example 
    CreateUser TestSNMPv3User SHA SNMPv3SHAPass AES SNMPv3AESPass

     

    • Access Control
      • Example Command:  rouser     SNMPv3User      Priv  .1   
        • It is not appropriate to specify both rouser and rwuser directives referring to the same SNMPv3 user
        1. rouser: Read only user
        2. rwuser: Read/write User (should not use unless you have a reason to do so)
        3. Auth: Group using the authNoPriv Security Model
        4. Noauth: Group using the noAuthNoPriv Security Model
        5. Priv: Group using the authPriv Security Model

    Scroll down and set to allow the User and Privacy Type

    rouser     SNMPv3User      priv      .1    

     

    Why .1? .1 is the beginning of the SNMP OID tree, you can limit further, but .1 or 1.3.6 always works.

     

    • Restart the SNMP deamon:
    service snmpd restart

     

    When adding this device to add a Node, it should look like the following. Notice that Read/Write Must be blank.

    Net-SNMPv3 Add a Node

     

    Restart Services with new configuration

     

    • Restart the SNMP deamon:
    service snmpd restart

     

    • Device will show as Vendor Net-SNMP, changing the SystemObjectID will change the Vendor on Rediscovery.

     

     

    apt-get install snmp snmpwalk -v 3 -l authPriv -u SNMPv3User -a sha -A SNMPv3SHAPass -x aes -X SNMPv3AESPass localhost