What is SNMP? Install & Configure SNMP in Linux

snmp linux

SNMP (Simple Network Management Protocol) is an internet standard protocol used to remotely retrieve the operational statistics (current status) of the servers and infrastructure components. Devices that typically support SNMP include routers, switches, workstations, firewalls, and more.

In this tutorial, we will go through the installation and simple configuration of SNMP on Linux (CentOS 7, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04).

SNMP Basics concepts

SNMP protocol is implemented on the application layer of the networking stack.  It is one of the widely accepted protocols to manage and monitor network elements. The protocol was created as a way of gathering information from very different systems in a consistent manner.

In general, a network profiled by SNMP will mainly consist of devices containing SNMP agents. An agent is a program that can gather information about a piece of hardware, organize it into predefined entries, and respond to queries using the SNMP protocol.

In the core, SNMP management system read and write operational parameters in remote devices. These parameters are known as OID's (Object Identifiers).

SNMP requires only a couple of basic components to work:

  • SNMP Manager: Is an application that manages SNMP agents on the network. It can be any machine that can send query requests to agents with the correct credentials. Manager's key functions are queries agents, get responses from agents, set variables in agents and acknowledges asynchronous events from agents. It can be part of the network management station (NMS). Cacti, MRTG, Zabbix, Icinga, PRTG are some of the free opensource monitoring tool which acts as an SNMP manager.
  • Agent: When the manager application sends SNMP queries, the agent responds back with current status and statistics. Agents are responsible for gathering information about the local system and storing them in a format that can be queried and updating a database called the management information base (MIB).

MIB is a database that follows a standard that the manager and agents adhere to. Every agent maintains an information database describing the managed device parameters. The manager application uses this database to request the agent for specific information and translates the information as needed for the Network Management System (NMS). This commonly shared database between the Agent and the Manager is called MIB.

SNMP versions

Currently, there are 3 versions available.

SNMP Version 1: This is the first version of SNMP. It only supports 32-bit counters. This provides device statistics and error reporting without consuming a lot of system resources. Security is limited to community strings, if the string matches that configured in the equipment, the request will be carried out.

Access controls based on the IP address of the querying server. It has unencrypted data communication.

SNMP Version 2: This is referred to as v2c, which adds support for 64-bit counters. Has the ability to do bulk queries that more efficiently loaded response packets with data.

SNMP Version 3: This version provides greater security and remote configuration capabilities. Access isn't limited to a single community string for read-only and read/write access, as usernames and passwords have been introduced. It supports using encryption algorithms and authentication mechanisms.

SNMPv3 options,

3 Options for security and privacy:

noAuthNoPriv (no authentication, no privacy)
authNoPriv (authentication but no privacy)
authPriv (authentication and privacy)

Two authentication mechanisms:

md5
sha1

Two encryption algorithms:

DES
AES

1) Installation of snmp on Linux

On the SNMP agent machine, you required only SNMP daemon (snmpd) and for manager components, you can install snmp package on Ubuntu.

The following command install snmp service on Ubuntu and Debian derived systems:

$ sudo apt-get install -y snmpd snmp

On centos

$sudo yum install -y net-snmp net-snmp-utils

2) Configuration of SNMP

The configuration file of snmpd service can be found at /etc/snmp/snmpd.conf. Before modifying the file, make a copy of the file by the following command:

$ sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak

Remember to add a new SNMP user you use '/var/lib/net-snmp/snmpd.conf' file.

The following are the basic config parameters to configure SNMP.

  • Set community string: It is like a user id or password that allows access to a device's statistics. The client machine use this string to retrieve data (to generate monitoring graphs). It can be identified where you will see rocommunity or rwcommunity. The default value is 'public' which is not secured, should be disabled.
  • Listening address: We can configure the agent to listen only to a particular IP address as follows agentAddress udp:ip_address:161. The default port on which SNMP listens is 161. The default behavior of the agent is to listen on standard UDP port on all interfaces.
  • System information: It concerns personal info, process/disk monitoring,
    • syslocation: This is the [typically physical] location of the system.
    • syscontact: This is the contact information for the administrator.
  • SNMP traps: Helps to send traps (device down, interface down, etc) to monitoring tools.

Our modified information should be like below, notice that there are other default values on the file which don't appear here

A sample agent configuration file on Ubuntu:

#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161

#  ACCESS CONTROL
#
view   all  included   .1.3.6.1.2.1.1
view   all  included   .1.3.6.1.2.1.25.1

#rocommunity public  localhost
                                  #  Default access to basic system info
 rocommunity my_password  default    -V all
                                  #  rocommunity6 is for IPv6
 rocommunity6 my_password  default   -V all

sysLocation    linoxide
sysContact     Me <me@linoxide.com>

#  ACTIVE MONITORING
#
                                  #   send SNMPv1  traps
 trapsink     localhost public
                                  #   send SNMPv2c traps
 trap2sink    localhost public

A sample agent config file on CentOS:

#       sec.name  source          community
com2sec notConfigUser  default       my_comm

# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
view    systemview    included   .1.3.6.1.2.1
view    systemview    included   .1.3.6.1.2.1.25.1

##        incl/excl subtree mask
view all    included   .1    80

# variables through the snmpd.conf file:
syslocation centos linoxide
syscontact admin <admin@linoxide>

The SNMP service needs to be restarted for any configuration change (/etc/snmp/snmpd.conf) to take place.

The following will restart service on Linux, make sure to run with sudo access.

$ sudo service snmpd restart

On systemd systems, run the following command

$ sudo systemctl restart snmpd.service

3) Testing SNMP service

You can test whether SNMP can read the system and interface MIB's using the snmpwalk command.

On Ubuntu

$ sudo snmpwalk -c my_password -v2c -O e 127.0.0.1
iso.3.6.1.2.1.1.1.0 = STRING: "Linux ubuntu-01 4.4.0-66-generic #87-Ubuntu SMP Fri Mar 3 15:29:05 UTC 2017 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (1544) 0:00:15.44
iso.3.6.1.2.1.1.4.0 = STRING: "me <me@linoxide>"
iso.3.6.1.2.1.1.5.0 = STRING: "ubuntu-01"
iso.3.6.1.2.1.1.6.0 = STRING: "linoxide"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.11.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.15.2.1.1
iso.3.6.1.2.1.1.9.1.3.1 = STRING: "The MIB for Message Processing and Dispatching."
iso.3.6.1.2.1.1.9.1.3.3 = STRING: "The Management Architecture MIB."
iso.3.6.1.2.1.25.1.1.0 = Timeticks: (9971483) 1 day, 3:41:54.83
iso.3.6.1.2.1.25.1.2.0 = Hex-STRING: 07 E1 04 08 01 30 16 00 2B 00 00 
iso.3.6.1.2.1.25.1.3.0 = INTEGER: 393216
iso.3.6.1.2.1.25.1.4.0 = STRING: "BOOT_IMAGE=/boot/vmlinuz-4.4.0-66-generic root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyS0
"
iso.3.6.1.2.1.25.1.5.0 = Gauge32: 1
iso.3.6.1.2.1.25.1.6.0 = Gauge32: 121
iso.3.6.1.2.1.25.1.7.0 = INTEGER: 0

On Centos

$sudo snmpwalk -c my_comm -v1 -O e 127.0.0.1
SNMPv2-MIB::sysDescr.0 = STRING: Linux centos-01 3.10.0-514.6.1.el7.x86_64 #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (304) 0:00:03.04
SNMPv2-MIB::sysContact.0 = STRING: admin <admin@linoxide> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: centos-01
SNMPv2-MIB::sysLocation.0 = STRING: centos linoxide
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (8) 0:00:00.08
SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDCompliance

Once you have verified SNMP is working correctly, you can configure SNMP statistics gathering software such as MRTG to create online graphs of your traffic flows.

This example shows how to use snmpwalk command to verify the user authentication.

$ sudo snmpwalk -v 3 -l authPriv -u user01 -a MD5 -A password -x DES -X password localhost .1

Similar to snmpwalk, snmpget is command-line tool to get information from snmp enabled devices.

The following snmpget command, verify user authentication on snmp server.

$ sudo snmpget -u user01 -l authPriv -a MD5 -x DES -A password -X password remote_host 1.3.6.1.2.1.1.1.0

where,

-u: specify snmp user name

-l: Type of security and privacy method

-a: Which authentication mechanisms

-x: Type of encryption algorithms used

-A: Authentication password

-X: Encryption password

Conclusions

If you are configuring using SNMPv3, you should know about snmpusm command and used to creates and maintains SNMPv3 user's on a network entity.

In this tutorial we learn how to install and configure SNMP on Linux to monitor network devices. I hope you enjoyed reading and please leave your suggestions in the below comment section.

Bobbin Zachariah 10:21 pm

Comments

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.