Simple Network Management Protocol (SNMP) is an internet standard protocol which can be used to remotely retrieve the operational statistics of the routers and firewalls. Devices that typically support SNMP include routers, switches, servers, workstations and more. The monitoring tools such as MRTG, cacti uses SNMP to retrieve information from the routers to draw the graphs. In this article, we will go through the installation and simple configuration of SNMP on Linux (CentOS 7, Ubuntu 16.04).
SNMP is a protocol that is implemented on the application layer of the networking stack. It is one of the widely accepted protocols to manage and monitor network elements. The protocol was created as a way of gathering information from very different systems in a consistent manner. In general, a network being profiled by SNMP will mainly consist of devices containing SNMP agents. An agent is a program that can gather information about a piece of hardware, organize it into predefined entries, and respond to queries using the SNMP protocol. SNMP requires only a couple of basic components to work:
- Managed device: it is a computer that is configured to poll SNMP agent for information. It can be any machine that can send query requests to SNMP agents with the correct credentials. SNMP Manager’s key functions: queries agents, gets responses from agents, sets variables in agents and acknowledges asynchronous events from agents
- Agent: theses are softwares which run on managed devices. They are responsible for gathering information about the local system and storing them in a format that can be queried.updating a database called the "management information base" (MIB).
- Network management station (NMS): it executes applications that monitor and control managed devices.
MIB is a database that follows a standard that the manager and agents adhere to. Every SNMP agent maintains an information database describing the managed device parameters. The SNMP manager uses this database to request the agent for specific information and further translates the information as needed for the Network Management System (NMS). This commonly shared database between the Agent and the Manager is our MIB.
Currently, there are 3 versions for SNMP.
- SNMP Version 1: This provides device statistics and error reporting without consuming a lot of system resources. Security is limited to community strings and access controls based on the IP address of the querying server. Data communication isn't encrypted.
- SNMP Version 2: This is referred to as v2c which expanded the number of supported error codes, increased the size of counters used to track data and has the ability to do bulk queries that more efficiently loaded response packets with data.
- SNMP Version 3: This version provides greater security and remote configuration capabilities than its predecessors. Access isn't limited to a single community string for read-only and read/write access, as usernames and passwords have been introduced. Support for encrypted SNMP data transfer and transfer error detection is also provided.
1) Installation of snmp
We will present snmp installation both on ubuntu and centos
- On ubuntu
# apt-get install -y snmpd snmp
- On centos
# yum install -y net-snmp net-snmp-utils
2) Configuration of SNMP
The configuration file of SNMP service can be found at
/etc/snmp/snmpd.conf. Before modifying the file, make a copy of the file by the command
# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
Following are the basic configuration parameters you can use to configure SNMP.
- Set community string for SNMP: it is like a user id or password that allows access to a device's statistics. This string will be used by the client machines to retrieve data (to generate monitoring graphs). This is a mandatory configuration parameter. It can be identified where you will see rocommunity . The default value is public which is not secured because everybody know it by default.
- Listening address: We can configure the SNMP agent to listen only to a particular IP address as follows
agentAddress udp:ip_address:161. The default port on which SNMP listens is 161. The default behavior of the agent is to listen on standard UDP port on all interfaces.
- System information: it concerns personal infos, process/disk monitoring,
- syslocation: This is the [typically physical] location of the system.
- syscontact: This is the contact information for the administrator.
Our modified information should be like below, notice that there are other default values on the file which don't appear here
- On Ubuntu
# Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161,udp6:[::1]:161 # ACCESS CONTROL # view all included .126.96.36.199.2.1.1 view all included .188.8.131.52.184.108.40.206 #rocommunity public localhost # Default access to basic system info rocommunity my_password default -V all # rocommunity6 is for IPv6 rocommunity6 my_password default -V all sysLocation linoxide sysContact Me <firstname.lastname@example.org> # ACTIVE MONITORING # # send SNMPv1 traps trapsink localhost public # send SNMPv2c traps trap2sink localhost public
- on Centos
# sec.name source community com2sec notConfigUser default my_comm # Make at least snmpwalk -v 1 localhost -c public system fast again. # name incl/excl subtree mask(optional) view systemview included .220.127.116.11.2.1 view systemview included .18.104.22.168.22.214.171.124 ## incl/excl subtree mask view all included .1 80 # variables through the snmpd.conf file: syslocation centos linoxide syscontact admin <admin@linoxide>
The SNMP service needs to be restarted for any configuration change (
/etc/snmp/snmpd.conf) to take place. This can be accomplished as follows:
# service snmpd restart
with systemd do
# systemctl restart snmpd.service
3) Testing SNMP service
You can test whether SNMP can read the system and interface MIB's using the snmpwalk command.
- on Ubuntu
# snmpwalk -c my_password -v2c -O e 127.0.0.1 iso.126.96.36.199.188.8.131.52 = STRING: "Linux ubuntu-01 4.4.0-66-generic #87-Ubuntu SMP Fri Mar 3 15:29:05 UTC 2017 x86_64" iso.184.108.40.206.220.127.116.11 = OID: iso.18.104.22.168.1.8072.3.2.10 iso.22.214.171.124.126.96.36.199 = Timeticks: (1544) 0:00:15.44 iso.188.8.131.52.184.108.40.206 = STRING: "me <me@linoxide>" iso.220.127.116.11.18.104.22.168 = STRING: "ubuntu-01" iso.22.214.171.124.126.96.36.199 = STRING: "linoxide" iso.188.8.131.52.184.108.40.206 = INTEGER: 72 iso.220.127.116.11.18.104.22.168 = Timeticks: (1) 0:00:00.01 iso.22.214.171.124.126.96.36.199.2.1 = OID: iso.188.8.131.52.184.108.40.206.1 iso.220.127.116.11.18.104.22.168.2.2 = OID: iso.22.214.171.124.126.96.36.199.1 iso.188.8.131.52.184.108.40.206.3.1 = STRING: "The MIB for Message Processing and Dispatching." iso.220.127.116.11.18.104.22.168.3.3 = STRING: "The SNMP Management Architecture MIB." iso.22.214.171.124.126.96.36.199.0 = Timeticks: (9971483) 1 day, 3:41:54.83 iso.188.8.131.52.184.108.40.206.0 = Hex-STRING: 07 E1 04 08 01 30 16 00 2B 00 00 iso.220.127.116.11.18.104.22.168.0 = INTEGER: 393216 iso.22.214.171.124.126.96.36.199.0 = STRING: "BOOT_IMAGE=/boot/vmlinuz-4.4.0-66-generic root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyS0 " iso.188.8.131.52.184.108.40.206.0 = Gauge32: 1 iso.220.127.116.11.18.104.22.168.0 = Gauge32: 121 iso.22.214.171.124.126.96.36.199.0 = INTEGER: 0
- on Centos
# snmpwalk -c my_comm -v1 -O e 127.0.0.1 SNMPv2-MIB::sysDescr.0 = STRING: Linux centos-01 3.10.0-514.6.1.el7.x86_64 #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (304) 0:00:03.04 SNMPv2-MIB::sysContact.0 = STRING: admin <admin@linoxide> (configure /etc/snmp/snmp.local.conf) SNMPv2-MIB::sysName.0 = STRING: centos-01 SNMPv2-MIB::sysLocation.0 = STRING: centos linoxide SNMPv2-MIB::sysORLastChange.0 = Timeticks: (8) 0:00:00.08 SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDCompliance SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
Once you have verified that SNMP is working correctly, you can configure SNMP statistics gathering software such as MRTG to create online graphs of your traffic flows.
SNMP is used to monitor devices on a network. There are some monitoring tools based on it which are very popular and used across the world. We know the concept of snmp and how it works. With this basic concepts, you are able to use snmp tools to explore this environment.