SNMP (Simple Network Management Protocol) is a protocol used for network management. How do I install SNMP server under Debian or Ubuntu Linux to configure various monitoring service?
The NET-SNMP project provides various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. The snmpd package contains the snmpd and snmptrapd daemons, documentation, etc.
Install snmpd
Type the following command as root, enter:
# apt-get update && apt-get install snmpd
Snmpd Configuration Files
The default configuration for snmpd is rather paranoid for security reasons. Edit /etc/snmp/snmpd.conf or run snmpconf to allow greater access. You can individually control whether or not snmpd and snmpdtrap are run by editing /etc/default/snmpd.
Configure SNMPD
Edit /etc/snmp/snmpd.conf, enter:
# vi /etc/snmp/snmpd.conf
Edit or update file as follows:
smuxsocket 127.0.0.1 rocommunity setMeHere com2sec local localhost public group MyRWGroup v1 local group MyRWGroup v2c local group MyRWGroup usm local view all included .1 80 access MyRWGroup "" any noauth exact all all none com2sec notConfigUser default mrtg group notConfigGroup v1 notConfigUser group notConfigGroup v2c notConfigUser view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 view systemview included .1 80 access notConfigGroup "" any noauth exact systemview none none syslocation Mumbai, IN (VSNL LB3) syscontact Vivek Gite <alert.client22@route.nixcraft.in>
See snmpd.conf(5) man page for details. Edit /etc/default/snmpd, enter:
# /etc/default/snmpd
Update it as follows:
# This file controls the activity of snmpd and snmptrapd # MIB directories. /usr/share/snmp/mibs is the default, but # including it here avoids some strange problems. export MIBDIRS=/usr/share/snmp/mibs # snmpd control (yes means start daemon). SNMPDRUN=yes # snmpd options (use syslog, close stdin/out/err). # replace 204.x.y.z with your public IP SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 204.x.y.z' # snmptrapd control (yes means start daemon). As of net-snmp version # 5.0, master agentx support must be enabled in snmpd before snmptrapd # can be run. See snmpd.conf(5) for how to do this. TRAPDRUN=no # snmptrapd options (use syslog). TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' # create symlink on Debian legacy location to official RFC path SNMPDCOMPAT=yes
Restart Snmpd Service
Type the following command:
# /etc/init.d/snmpd restart
Sample outputs:
Restarting network management services: snmpd.
Firewall Configuration
Here is a sample firewall config file:
#!/bin/sh # set shell vars PUB_IF="eth0" SNMPD_CLIENT="85.x.y.z" SNMPD_SERVER="203.a.b.c" IPT="/sbin/iptables" LO_IF="lo0" # DROP and close everything all incoming traffic $IPT -P INPUT DROP $IPT -P OUTPUT DROP $IPT -P FORWARD DROP # Allow Full Outgoing connection but no incoming stuff by default $IPT -A INPUT -i ${PUB_IF} -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A OUTPUT -o ${PUB_IF} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Unlimited lo access $IPT -A INPUT -i ${LO_IF} -j ACCEPT $IPT -A OUTPUT -o ${LO_IF} -j ACCEPT ### Open port 161 ### $IPT -A INPUT -i ${PUB_IF} -s ${SNMPD_CLIENT} -d ${SNMPD_SERVER} -p udp --dport 161 -j ACCEPT ### rest of iptables goes here ###
Test It
From local or remote system type the following command:
# snmpwalk -v 1 -c mrtg 204.x.y.z IP-MIB::ipAdEntIfIndex
Sample outputs:
IP-MIB::ipAdEntIfIndex.10.20.110.2 = INTEGER: 2 IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1 IP-MIB::ipAdEntIfIndex.204.xx.yy.zz = INTEGER: 3
Refernces:
- man pages - iptables, snmpd, snmpd.conf, apt-get
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 15 comments… read them below or add one }
Nice topic,
Title typo: Debain => Debian
@Philippe,
Thank you.
Great post, easy steps, was up in minutes. Thanks Vivek!
works great, thanks
Hi,
I’m looking to modify the snmpd.conf file so that I receive email notification when a printer toner is low
SNMPv2-SMI::mib-2.43.18.1.1.8.1.1 = STRING: “The machine has determined that the Toner’s capacity is low. User intervention is required to replace the Toner to avoid an interruption of print service. Printing is available.
Any ideas how this might be achieved?
Thanks,
Johnny
Is there a SNMP version 3 (secure) for ubuntu?
doesnt work, I made both my configuration files exactly how you demonstrated and this is what I get
root@ubuntu:~# /etc/init.d/snmpd restart
* Restarting network management services: [ OK ]
root@ubuntu:~# snmpwalk -Os -c mycommunity -v 1 localhost system
Timeout: No Response from localhost
root@ubuntu:~#
In newer versions of ubuntu snmpd is on localhost only, you have to modify /etc/default/snmpd and on the SNMPDOPTS parameter, remove the 127.0.0.1 parameter. If you use smux (like with nagios), also remove -smux.
does any one know how to install snmp throught the configure command and maybe explain a bit about the Export PATH=:$PATH…………
P.S. I am new at this ..sorry!
I installed it and it is working ..
what is the issue that you are facing ?
In squeeze the interface bindings are controlled via /etc/snmp/snmpd.conf not /etc/default/snmpd
# AGENT BEHAVIOUR
#
# Listen for connections from the local system only
agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161
thanks… i passed a long day before finding your site!
Merci beaucoup!
Hi,
SNMP is a great tool, but does exist a way in order to add a user specific OID (modifyng the tree)?
Ex.: Users logged (as a STRING for the user account)
Thanks
Hi All ,
This is a great site and I got a lot of help through this site …Thank you all …But i have a problem …I install Opennms in windows and installed snmp in ubuntu …My target is that I want to run a mib file …How to create and run a mib file…Please help me ..Thanking you in advance….
This was very helpful. I striggled (and struggled!) with this for some time. for some reason one of my Ubuntu servers was different on the snmp side or I didn’t follow the same path on this attempt as I did on the first. The Ubunter Server versions were different 10.10 was my first success and 11.10 was the one I was having a problem with.
The problem was /etc/default/snmpd
Now along with my other servers this one can now join the ranks of being monitored by Nagios!
Thanks again.