CentOS = 192.168.15.22 (SNMP Client) (Tested on CentOS8)
Ubuntu = 192.168.15.19 (SNMP Server) (Tested on Ubuntu 16.04.7 LTS)
@CentOS
1. Install SNMP package
yum install net-snmp
Sample Output:
[root@centos~]# yum install net-snmp
Last metadata expiration check: 0:45:08 ago on Mon 22 Feb 2021 09:22:23 PM EST.
Dependencies resolved.
================================================================================
Package Arch Version Repo Size
================================================================================
Installing:
net-snmp x86_64 1:5.8-18.el8_3.1 appstream 354 k
Upgrading:
net-snmp-libs x86_64 1:5.8-18.el8_3.1 baseos 824 k
Installing dependencies:
lm_sensors-libs x86_64 3.4.0-21.20180522git70f7e08.el8 baseos 59 k
mariadb-connector-c x86_64 3.1.11-2.el8_3 appstream 200 k
mariadb-connector-c-config
noarch 3.1.11-2.el8_3 appstream 15 k
net-snmp-agent-libs x86_64 1:5.8-18.el8_3.1 appstream 747 k
Transaction Summary
================================================================================
Install 5 Packages
Upgrade 1 Package
Total download size: 2.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): mariadb-connector-c-config-3.1.11-2.el8_ 789 kB/s | 15 kB 00:00
(2/6): mariadb-connector-c-3.1.11-2.el8_3.x86_6 4.5 MB/s | 200 kB 00:00
(3/6): lm_sensors-libs-3.4.0-21.20180522git70f7 2.6 MB/s | 59 kB 00:00
(4/6): net-snmp-5.8-18.el8_3.1.x86_64.rpm 3.3 MB/s | 354 kB 00:00
(5/6): net-snmp-libs-5.8-18.el8_3.1.x86_64.rpm 18 MB/s | 824 kB 00:00
(6/6): net-snmp-agent-libs-5.8-18.el8_3.1.x86_6 3.9 MB/s | 747 kB 00:00
——————————————————————————–
Total 2.2 MB/s | 2.1 MB 00:00
2. Configure SNMP community string and restart SNMP service
vi /etc/snmp/snmpd.conf
Syntax:
rocommunity “SNMPstring” “SNMPserverIP”
e.g.
rocommunity Fr33L1nuXTut0r14L5 localhost
rocommunity Fr33L1nuXTut0r14L5 192.168.15.19
Note: Comment also the line (recommended not to use “public” as community string)
#com2sec notConfigUser default public
Restart SNMP service:
service snmpd restart
Sample Output:
[root@centos~]# service snmpd restart
Redirecting to /bin/systemctl restart snmpd.service
[root@centos~]#
3. Test community string locally and remotely to verify configuration
Sample Output:
@CentOS SNMP client
[root@centos~]# snmpwalk -v2c -c Fr33L1nuXTut0r14L5 localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Linux CentOS-Server 4.18.0-240.el8.x86_64 #1 SMP Fri Sep 25 19:48:47 UTC 2020 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7591) 0:01:15.91
@Ubuntu SNMP server (Test if SNMP is working remotely). Use the following syntax below:
sudo snmpwalk -v2c -c “SNMPcommstring” “IP of SNMP client”
Sample Output:
tux@ubuntu:~$ sudo snmpwalk -v2c -c Fr33L1nuXTut0r14L5 192.168.15.22 system
[sudo] password for tux:
Timeout: No Response from 192.168.15.22
As observed, snmpwalk is unsuccessful even though we already added the SNMP server IP (192.168.15.19) in CentOS SNMP configuration (Step2). One thing to check is if there’s a firewall preventing SNMP requests.
4. Allow SNMP service in firewall
Note: For older version of CentOS, you need to inspect the “iptables” rule if there’s anything preventing SNMP requests
iptables -L
Sample Output:
[root@centos ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Notice there is no rules, but if there is such you can add iptables rule, something like this:
iptables -I INPUT -p udp -m udp –dport 161 -j ACCEPT
iptables -I INPUT -p udp -m udp –dport 162 -j ACCEPT
Sample Output:
[root@centos~]# iptables -I INPUT -p udp -m udp –dport 161 -j ACCEPT
[root@centos~]# iptables -I INPUT -p udp -m udp –dport 162 -j ACCEPT
[root@centos~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp — anywhere anywhere udp dpt:snmptrap
ACCEPT udp — anywhere anywhere udp dpt:snmp
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Save config: (permanently)
iptables-save > /etc/sysconfig/iptables
Else, need to allow in “firewalld” as it replaced “iptables” for newer version.
Steps:
(Optional: to verify if it is your firewalld causing why SNMP server cannot poll your server, you can stop the firewall first then try to snmpwalk again.
Sample:
@CentOS
service firewalld stop
Sample Output:
[root@centos~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
@Ubuntu (After firewall stop)
tux@ubuntu:~$ sudo snmpwalk -v2c -c Fr33L1nuXTut0r14L5 192.168.15.22 system
SNMPv2-MIB::sysDescr.0 = STRING: Linux CentOS-Server 4.18.0-240.el8.x86_64 #1 SMP Fri Sep 25 19:48:47 UTC 2020 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (33338) 0:05:33.38
Success! Then we know it is the firewall.
@CentOS Configure the firewalld
a. List first existing zone
firewall-cmd – -list-all-zones
Sample Output: (some is ommited, showing only the default “public” zone)
[root@centos~]# firewall-cmd – -list-all-zones
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3
sources:
services: cockpit dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
b. Add the rule
firewall-cmd – -permanent – -add-service=snmp
Sample Output:
[root@centos~]# firewall-cmd –permanent –add-service=snmp
FirewallD is not running
[root@centos~]# service firewalld start
Redirecting to /bin/systemctl start firewalld.service
[root@centos~]# firewall-cmd –permanent –add-service=snmp
success
c. Reload firewalld configuration to take effect
firewall-cmd – -reload
Sample Output:
[root@centos~]# firewall-cmd – -reload
success
d. Verify config:
Sample Output: (after adding)
[root@centos~]# firewall-cmd – -list-all-zones
public (active)
target: default
icmp-block-inversion: no
interfaces: ens3
sources:
services: cockpit dhcpv6-client snmp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
5. Verify to see if SNMP is working
@Ubuntu SNMP server
Sample Output:
tux@ubuntu:~$ sudo snmpwalk -v2c -c Fr33L1nuXTut0r14L5 192.168.15.22 system
SNMPv2-MIB::sysDescr.0 = STRING: Linux CentOS-Server 4.18.0-240.el8.x86_64 #1 SMP Fri Sep 25 19:48:47 UTC 2020 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (65567) 0:10:55.67
SNMPv2-MIB::sysContact.0 = STRING: Root <root@centos> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: CentOS-Server
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01
SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
If SNMP walk/get is working, then it is ready to add it on your preferred NMS like Cacti. To configure Cacti as your Network Monitoring System , you can refer to this link –> How to Install and Configure Cacti Network Monitoring on Ubuntu