Documentations

Linux Requirements Configuration

On the page

Need some help?

1. Objective

Describe the SNMP configuration on a Linux device.

2. Debian, Ubuntu

2.1 Installation of SNMP

root@localhost # apt-get install snmp snmpd

2.2 Configuration

Edit the SNMP configuration file :

root@localhost # nano /etc/snmp/snmpd.conf

Make a backup of the file before modification

Read access to SNMP data must be allowed.

#AGENT BEHABIOUR#

agentAddress udp:161


#ACCESS CONTROL#

rocommunity  localhost
rocommunity> 

Then edit the file /etc/default/snmpd :

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1''

and replace 127.0.0.1 with the IP address of the network interface used to communicate with machine B. To avoid filtering at this level, simply remove the IP address.

Save the configuration file then restart the :

root@localhost # /etc/init.d/snmpd restart

3. Red Hat Enterprise Linux 3,4 and 7

3.1 Enabling SNMP access and trap forwarding for Red Hat Enterprise Linux versions 3 and 4

The OpenIPMI driver supported on Red Hat Enterprise Linux® versions 3 and 4 has a dependency on the version of Net-SNMP that is included with those Linux distributions. IBM® Director Core Services requires a different Net-SNMP version, 5.2.1. Installation of Net-SNMP 5.2.1 without removing the existing Net-SNMP version is required for IBM Director SNMP access and trap forwarding without compromising OpenIPMI services.

Complete the following steps to enable SNMP access and trap forwarding for managed systems running Red Hat Enterprise Linux versions 3 and 4:

1. Download the net-snmp-5.2.1.tar.gz file from the Net-SNMP Web site at www.net-snmp.org/download.html.

2. Build and install the Net-SNMP libraries using the following steps.

Notes:

  • This procedure does not perform a full installation of Net-SNMP, but installs only the Net-SNMP libraries, which are required for IBM Director Core Services SNMP functions.
  • Refer to the INSTALL and README files included in the net-snmp-5.2.1.tar.gz package for additional installation information.

Untar the source files. Type the following command and press Enter.

tar -xvzf net-snmp-5.2.1.tar.gz

Change to the source directory. Type the following command and press Enter.

cd net-snmp-5.2.1

Build the Net-SNMP libraries with default options. Type the following commands (press Enter after each).

./configure --with-defaults
make

Install the Net-SNMP libraries only to /usr/local/lib. Type the following command and press Enter.

make installlibs

To enable trap forwarding, edit the /etc/init.d/dacimlist file and uncomment the following two lines two lines in the SNMP End Consumer section.

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

Note: The configuration changes will not take effect until you restart the cimlistener daemon in step 7.

To enable SNMP access, edit the /etc/init.d/dasnmp file and uncomment the following two lines in the section regarding the location of the net-snmp libraries.

LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH

Configures the SNMP daemon that ships with Red Hat Enterprise Linux to support AgentX agents. For details, see the documentation on the Net-SNMP Web Site.

Create the file /usr/local/share/snmp/snmpd.conf to specify trapsink and trapcommunity settings. You might have to create the directory. This file should contain only settings for trapcommunity and trapsink.

a) Specify a trap community value by adding a line containing the word trapcommunity followed by a space and the trapcommunity value, as in the following example.

public trapcommunity

b) Specify a trapsink value for each destination to which IBM Director will send SNMP traps. Add a line containing the word trapsink followed by a space and the trapsink value, as in the following example.

trapsink 192.168.1.1

Restart the cimlistener daemon by typing the following commands and pressing Enter after each:

/etc/init.d/dacimlist stop/etc/init.d/dacimlist start

Restart the IBM Director AgentX subagent by typing the following commands and pressing Enter after each:

/etc/init.d/dasnmp stop
/etc/init.d/dasnmp start

3.2 Installing SNMP for Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 7 includes the following software suite Net-SNMPwhich offers a flexible and extensible agent or simple network management protocol (SNMP). This agent and its associated utilities can be used to provide performance data from a large number of systems on a variety of tools that support queries via the SNMP.

For example, to install the SNMP Agent daemon and SNMP clients used in the rest of this section, enter the following in a shell prompt as a user root :
~]# yum install net-snmp net-snmp-libs net-snmp-utils
For more information on how to install new packages on Red Hat Enterprise Linux, please see the Section 8.2.4, "Installing Packages"..

Run the Net-SNMP daemon

The package net-snmp contains snmpd...the demon of the SNMP agent. This section provides information on how to start, stop, and restart the snmpd.
To run the service snmpd in the current session, please enter the following in the shell prompt as a user root :
systemctl start snmpd.service
To configure the service to be automatically launched at startup, please use the following command:
systemctl enable snmpd.service

Configuring Net-SNMP

To change the configuration of the Net-SNMP Agent daemon, please modify the configuration file /etc/snmp/snmpd.conf. The default file snmpd.conf included with Red Hat Enterprise Linux 7 contains a lot of comments and can serve as a good starting point for agent configuration.
For more information on the available configuration guidelines, please see the man page of snmpd.conf(5). In addition, there is a utility in the package net-snmp named snmpconfwhich can be used interactively to generate a valid agent configuration.
The Net-SNMP Agent daemon supports all three versions of the SNMP protocol. The first two versions (1 and 2c) provide simple authentication using an community channel. This chain is a secret shared between the agent and any client utility. However, the string is transmitted in clear text over the network, and is therefore not considered secure. Version 3 of the SNMP protocol supports user authentication and message encryption using a variety of protocols. The Net-SNMP Agent also supports tunneling with SSH, TLS authentication with X.509 certificates, and Kerberos authentication.
Setting up an SNMP Version 2c community
To set up a SNMP version 2c communityplease use the rocommunity or rwcommunity in the configuration file /etc/snmp/snmpd.conf. The format of the guidelines is as follows :
directive community [source [OID]]
...with community corresponding to the community channel to be used, source is an IP address or subnet, and OID is the SNMP tree to which access is to be provided. Thus, the following directive provides read-only access to the SNMP tree system to a customer using the chain of custody "redhat" on the local machine:
rocommunity redhat 127.0.0.1 .1.3.6.1.2.1.1.1
To test the configuration, please use the snmpwalk with options -v and -c.
~]# snmpwalk -v2c -c redhat localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (101376) 0:16:53.76 SNMPv2-MIB::sysContact.0 = STRING: UNIX Admin  SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Datacenter, Row 4, Rack 3[Truncated exit]
Setting up an SNMP Version 3 user
To set up a SNMP version 3 usercommand, please use the net-snmp-create-v3-user. This command adds entries to the /var/lib/net-snmp/snmpd.conf and /etc/snmp/snmpd.conf that create the user and provide access to the user. Note that the net-snmp-create-v3-user can only be executed when the agent is not running. The following example creates the user "admin" with the password " redhatsnmp " :
~]# systemctl stop snmpd.service ~]# net-snmp-create-v3-user Enter a SNMPv3 user name to create: admin Enter authentication pass-phrase: redhatsnmp Enter encryption pass-phrase: [press return to reuse the authentication pass-phrase] adding the following line to /var/lib/net-snmp/snmpd.conf: createUser admin MD5 "redhatsnmp" DES adding the following line to /etc/snmp/snmpd.conf: rwuser admin ~]# systemctl start snmpd.service
The Directive rwuser (or scorch when the command line option -ro is provided) added by net-snmp-create-v3-user à /etc/snmp/snmpd.conf has a format similar to the rwcommunity and rocommunity :
directive use [noauth|auth|priv] [OID]
...when use is a username and OID is the SNMP tree to which access is to be provided . By default, the Net-SNMP Agent daemon allows only authenticated requests (the option auth). The option noauth allows you to allow non-authenticated queries, and the priv applies the use of encryption. The authpriv specifies that requests must be authenticated and responses must be encrypted.
Thus, the following line offers the user "admin" read and write access to the entire tree structure:
rwuser admin authpriv .1
To test the configuration, please create a directory .snmp/ in the user's home directory, as well as a configuration file named snmp.conf in this directory (~/.snmp/snmp.conf) with the following lines:
defVersion 3
defSecurityLevel authPriv
defSecurityName admin
defPassphrase redhatsnmp
The order snmpwalk will use these authentication parameters when queries are made to the :
~]$ snmpwalk -v3 localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64[Truncated exit]

This may also be of interest to you

How to Configure SNMP on Novell SuSE Linux Enterprise Server (SLES) 11

How to configure SNMPv3 on Ubuntu 12.04

en_USEnglish
fr_FRFrench en_USEnglish

Welcome to ServiceNav!

Need help? More information about our products? Write to us!
You have taken note of our privacy policy.

[COVID - 19 ] - TELEWORKING, TARGET AVAILABILITY 100% !

While the epidemic lasts, ensure the availability and performance of your IT services for teleworking, with ServiceNav!

Following the government's call to mobilize to help businesses overcome the current health and economic context, we help you, free of charge, to ensure the complete monitoring of your teleworking environments: VPN, VDI, Teams, Skype Enterprise, Citrix... Objectives: collection, availability and usage indicators, dashboards to support your communication.
We use cookies to ensure that you have the best possible experience on our site, and if you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

You have taken note of our privacy policy.