Quick Tip: Configure SNMP on CentOS for Network Monitoring

CentOS = 192.168.15.22 (SNMP Client) (Tested on CentOS8)
Ubuntu = 192.168.15.19 (SNMP Server) (Tested on Ubuntu 16.04.7 LTS)

@CentOS
1. Install SNMP package

yum install net-snmp

Sample Output:
[root@centos~]# yum install net-snmp
Last metadata expiration check: 0:45:08 ago on Mon 22 Feb 2021 09:22:23 PM EST.
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Installing:
net-snmp x86_64 1:5.8-18.el8_3.1 appstream 354 k
Upgrading:
net-snmp-libs x86_64 1:5.8-18.el8_3.1 baseos 824 k
Installing dependencies:
lm_sensors-libs x86_64 3.4.0-21.20180522git70f7e08.el8 baseos 59 k
mariadb-connector-c x86_64 3.1.11-2.el8_3 appstream 200 k
mariadb-connector-c-config
noarch 3.1.11-2.el8_3 appstream 15 k
net-snmp-agent-libs x86_64 1:5.8-18.el8_3.1 appstream 747 k

Transaction Summary
================================================================================
Install 5 Packages
Upgrade 1 Package

Total download size: 2.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): mariadb-connector-c-config-3.1.11-2.el8_ 789 kB/s | 15 kB 00:00
(2/6): mariadb-connector-c-3.1.11-2.el8_3.x86_6 4.5 MB/s | 200 kB 00:00
(3/6): lm_sensors-libs-3.4.0-21.20180522git70f7 2.6 MB/s | 59 kB 00:00
(4/6): net-snmp-5.8-18.el8_3.1.x86_64.rpm 3.3 MB/s | 354 kB 00:00
(5/6): net-snmp-libs-5.8-18.el8_3.1.x86_64.rpm 18 MB/s | 824 kB 00:00
(6/6): net-snmp-agent-libs-5.8-18.el8_3.1.x86_6 3.9 MB/s | 747 kB 00:00
——————————————————————————–
Total 2.2 MB/s | 2.1 MB 00:00

 

2. Configure SNMP community string and restart SNMP service

vi /etc/snmp/snmpd.conf

Syntax:
rocommunity “SNMPstring” “SNMPserverIP”

e.g.

rocommunity Fr33L1nuXTut0r14L5 localhost
rocommunity Fr33L1nuXTut0r14L5 192.168.15.19

Note: Comment also the line (recommended not to use “public” as community string)
#com2sec notConfigUser default public

Restart SNMP service:

service snmpd restart

Sample Output:
[root@centos~]# service snmpd restart
Redirecting to /bin/systemctl restart snmpd.service
[root@centos~]#

3. Test community string locally and remotely to verify configuration

Sample Output:
@CentOS SNMP client
[root@centos~]# snmpwalk -v2c -c Fr33L1nuXTut0r14L5 localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux CentOS-Server 4.18.0-240.el8.x86_64 #1 SMP Fri Sep 25 19:48:47 UTC 2020 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7591) 0:01:15.91

@Ubuntu SNMP server (Test if SNMP is working remotely). Use the following syntax below:

sudo snmpwalk -v2c -c “SNMPcommstring” “IP of SNMP client”

Sample Output:
tux@ubuntu:~$ sudo snmpwalk -v2c -c Fr33L1nuXTut0r14L5 192.168.15.22 system
[sudo] password for tux:
Timeout: No Response from 192.168.15.22

As observed, snmpwalk is unsuccessful even though we already added the SNMP server IP (192.168.15.19) in CentOS SNMP configuration (Step2). One thing to check is if there’s a firewall preventing SNMP requests.

4. Allow SNMP service in firewall
Note: For older version of CentOS, you need to inspect the “iptables” rule if there’s anything preventing SNMP requests

iptables -L

Sample Output:
[root@centos ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Notice there is no rules, but if there is such you can add iptables rule, something like this:

iptables -I INPUT -p udp -m udp –dport 161 -j ACCEPT
iptables -I INPUT -p udp -m udp –dport 162 -j ACCEPT

Sample Output:
[root@centos~]# iptables -I INPUT -p udp -m udp –dport 161 -j ACCEPT
[root@centos~]# iptables -I INPUT -p udp -m udp –dport 162 -j ACCEPT
[root@centos~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp — anywhere anywhere udp dpt:snmptrap
ACCEPT udp — anywhere anywhere udp dpt:snmp

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Save config: (permanently)

iptables-save > /etc/sysconfig/iptables

Else, need to allow in “firewalld” as it replaced “iptables” for newer version.

Steps:
(Optional: to verify if it is your firewalld causing why SNMP server cannot poll your server, you can stop the firewall first then try to snmpwalk again.
Sample:
@CentOS

service firewalld stop

Sample Output:
[root@centos~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service

@Ubuntu (After firewall stop)

tux@ubuntu:~$ sudo snmpwalk -v2c -c Fr33L1nuXTut0r14L5 192.168.15.22 system
SNMPv2-MIB::sysDescr.0 = STRING: Linux CentOS-Server 4.18.0-240.el8.x86_64 #1 SMP Fri Sep 25 19:48:47 UTC 2020 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (33338) 0:05:33.38

Success! Then we know it is the firewall.

@CentOS Configure the firewalld

a. List first existing zone

firewall-cmd – -list-all-zones

Sample Output: (some is ommited, showing only the default “public” zone)
[root@centos~]# firewall-cmd – -list-all-zones
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3
sources:
services: cockpit dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

b. Add the rule

firewall-cmd – -permanent – -add-service=snmp

Sample Output:
[root@centos~]# firewall-cmd –permanent –add-service=snmp
FirewallD is not running
[root@centos~]# service firewalld start
Redirecting to /bin/systemctl start firewalld.service
[root@centos~]# firewall-cmd –permanent –add-service=snmp
success

c. Reload firewalld configuration to take effect

firewall-cmd – -reload

Sample Output:
[root@centos~]# firewall-cmd – -reload
success

d. Verify config:

Sample Output: (after adding)
[root@centos~]# firewall-cmd – -list-all-zones
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3
sources:
services: cockpit dhcpv6-client snmp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

5. Verify to see if SNMP is working
@Ubuntu SNMP server

Sample Output:
tux@ubuntu:~$ sudo snmpwalk -v2c -c Fr33L1nuXTut0r14L5 192.168.15.22 system
SNMPv2-MIB::sysDescr.0 = STRING: Linux CentOS-Server 4.18.0-240.el8.x86_64 #1 SMP Fri Sep 25 19:48:47 UTC 2020 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (65567) 0:10:55.67
SNMPv2-MIB::sysContact.0 = STRING: Root <root@centos> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: CentOS-Server
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance

If SNMP walk/get is working, then it is ready to add it on your preferred NMS like Cacti. To configure Cacti as your Network Monitoring System , you can refer to this link –> How to Install and Configure Cacti Network Monitoring on Ubuntu

About the author

Free Linux Tutorials

View all posts

Leave a Reply