• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 32 subscribers
  • Views 16767 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Net-SNMP SNMPv2/v3 Configuration Example for Linux Distros

sean.martinez

Install and Setup Net-SNMP for basic SNMP monitoring on Linux. Setup snmpd.conf SNMP Linux, Unix, HPUX systems. Whether 64bit, 32 bit, or ARM based system like Raspberry Pi.

PURPOSE: Setup Net-SNMP with SNMPv3 Credentials with minimal effort to get System Monitoring & Process details.

Reference:  SNMPv3

With this Guide, you can Monitor:

  • Status
  • CPU
  • Memory
  • Topology
  • Interface Status/Utilization
  • Asset Inventory
  • Volumes such as /, /etc/ and other directories.
  • Running Processes

Tested on: Ubuntu, Debian, CentOS.

This is a basic configuration, for Either SNMPv2 or SNMPv3

  1. Start by updating the system, then installing snmpd
apt-get update
apt-get install snmpd

Modify the snmpd.conf file to setup the configuration to monitor your system from across the network.  The configuration below allows anyone to read the SNMP data - you may want a more secure configuration.  These are the barebones needed to start monitoring right away via SNMPv2:

  • Open the snmpd.conf in your favorite editor
nano /etc/snmp/snmpd.conf
  • Change IP Binding from local to All IPs or selected Interfaces
  • Note: Comment out the start of a line with #
  • Example output:
#  Listen for connections from the local system only
# agentAddress  udp:127.0.0.1:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161
[::1]:161
            Note: this is where you can limit Interface snmp is bound

Choose either SNMPv2, or SNMPv3 (encrypted traffic, more secure)

SNMPv2

  • Scroll down the page and un-comment to Community String:
#rocommunity public  localhost                    

rocommunity public
#rocommunity secret  10.0.0.0/16

Note the example, you can use rocommunity public and the allowed IP Addresses as commented out on line 4.

To maje it work it needs to basically look like:

    • rocommunity <snmpcommunity>
    • Limit to endpoint IP: rocommunity <snmpcommunity> 10.1.1.10
    • limit to IP Range: rocommunity <snmpcommunity> 10.0.0.0/16
    • ipv6only: rocommunity6 <snmpcommunity>
  • Restart the SNMP deamon:
service snmpd restart
  • When Adding the Device for monitoring, select SNMPv2, use the Community string, enter ONLY into Read Only, then select Test.

SNMPv3

This is where I break from a lot of guides, probably because no one referenced the source material. We are editing the SNMPd.conf file directly, this way you are not dependent on net-snmp-utils.

WARNING: SNMPv3 pass phrases must be at least 8 characters long!

  • Create the User (usually do not see the user in Show Run/Show Start configurations)
        • Example Command: CreateUser TestSNMPv3User SHA P@$$w0rd AES P@$$w0rd
          • Note: If the privacy passphrase is not specified, it is assumed to be the same as the authentication passphrase.
        1. MD5: Use HMAC MD5 algorithm for authentication
        2. SHA: Use HMAC SHA1 algorithm for authentication
        3. AES: Use AES 128 bit algorithm for encryption
        4. DES: Use 56 but DES algorithm for encryption

What it would look like in the configuration

###############################################################################
#
#  SNMPv3 AUTHENTICATION
#
# I add the SNMPv3 Users in this area
# Example 
CreateUser TestSNMPv3User SHA SNMPv3SHAPass AES SNMPv3AESPass

  • Access Control
    • Example Command:  rouser     SNMPv3User      Priv  .1   
      • It is not appropriate to specify both rouser and rwuser directives referring to the same SNMPv3 user
      1. rouser: Read only user
      2. rwuser: Read/write User (should not use unless you have a reason to do so)
      3. Auth: Group using the authNoPriv Security Model
      4. Noauth: Group using the noAuthNoPriv Security Model
      5. Priv: Group using the authPriv Security Model

Scroll down and set to allow the User and Privacy Type

 rouser     SNMPv3User      priv      .1    

Why .1? .1 is the beginning of the SNMP OID tree, you can limit further, but .1 or 1.3.6 always works.

  • Restart the SNMP deamon:
service snmpd restart

When adding this device to add a Node, it should look like the following. Notice that Read/Write Must be blank.

snmpv3.png

Restart Services with new configuration

  • Restart the SNMP deamon:
service snmpd restart

  • Device will show as Vendor Net-SNMP, changing the SystemObjectID will change the Vendor on Rediscovery.

apt-get install snmp
snmpwalk -v 3 -l authPriv -u SNMPv3User -a sha -A SNMPv3SHAPass -x aes -X SNMPv3AESPass localhost
  • 0

    After way too much time trying to use the more complicated versions of snmpd.conf, I tried this one.  A whopping two line config without all the fluff, chaff, and useless example prose.  This worked fine to get me monitoring of the basic resources of my Airwave box.  Happy day!

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.