SNMP (Simple Network Management Protocol) is an internet standard protocol used to remotely retrieve the operational statistics (current status) of the servers and infrastructure components. Devices that typically support SNMP include routers, switches, workstations, firewalls, and more.
In this tutorial, we will go through the installation and simple configuration of SNMP on Linux (CentOS 7, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04).
SNMP Basics concepts
SNMP protocol is implemented on the application layer of the networking stack. It is one of the widely accepted protocols to manage and monitor network elements. The protocol was created as a way of gathering information from very different systems in a consistent manner.
In general, a network profiled by SNMP will mainly consist of devices containing SNMP agents. An agent is a program that can gather information about a piece of hardware, organize it into predefined entries, and respond to queries using the SNMP protocol.
In the core, SNMP management system read and write operational parameters in remote devices. These parameters are known as OID's (Object Identifiers).
SNMP requires only a couple of basic components to work:
- SNMP Manager: Is an application that manages SNMP agents on the network. It can be any machine that can send query requests to agents with the correct credentials. Manager's key functions are queries agents, get responses from agents, set variables in agents and acknowledges asynchronous events from agents. It can be part of the network management station (NMS). Cacti, MRTG, Zabbix, Icinga, PRTG are some of the free opensource performance monitoring tool which acts as an SNMP manager.
- Agent: When the manager application sends SNMP queries, the agent responds back with current status and statistics. Agents are responsible for gathering information about the local system and storing them in a format that can be queried and updating a database called the management information base (MIB).
MIB is a database that follows a standard that the manager and agents adhere to. Every agent maintains an information database describing the managed device parameters. The manager application uses this database to request the agent for specific information and translates the information as needed for the Network Management System (NMS). This commonly shared database between the Agent and the Manager is called MIB.
Currently, there are 3 versions available.
SNMP Version 1: This is the first version of SNMP. It only supports 32-bit counters. This provides device statistics and error reporting without consuming a lot of system resources. Security is limited to community strings, if the string matches that configured in the equipment, the request will be carried out.
Access controls based on the IP address of the querying server. It has unencrypted data communication.
SNMP Version 2: This is referred to as v2c, which adds support for 64-bit counters. Has the ability to do bulk queries that more efficiently loaded response packets with data.
SNMP Version 3: This version provides greater security and remote configuration capabilities. Access isn't limited to a single community string for read-only and read/write access, as usernames and passwords have been introduced. It supports using encryption algorithms and authentication mechanisms.
3 Options for security and privacy:
noAuthNoPriv (no authentication, no privacy)
authNoPriv (authentication but no privacy)
authPriv (authentication and privacy)
Two authentication mechanisms:
Two encryption algorithms:
1) Installation of snmp on Linux
On the SNMP agent machine, you required only SNMP daemon (snmpd) and for manager components, you can install
snmp package on Ubuntu.
The following command install snmp service on Ubuntu and Debian derived systems:
$ sudo apt-get install -y snmpd snmp
$sudo yum install -y net-snmp net-snmp-utils
2) Configuration of SNMP
The configuration file of snmpd service can be found at
/etc/snmp/snmpd.conf. Before modifying the file, make a copy of the file by the following command:
$ sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
Remember to add a new SNMP user you use '/var/lib/net-snmp/snmpd.conf' file.
The following are the basic config parameters to configure SNMP.
- Set community string: It is like a user id or password that allows access to a device's statistics. The client machine use this string to retrieve data (to generate monitoring graphs). It can be identified where you will see
rwcommunity. The default value is 'public' which is not secured, should be disabled.
- Listening address: We can configure the agent to listen only to a particular IP address as follows
agentAddress udp:ip_address:161. The default port on which SNMP listens is 161. The default behavior of the agent is to listen on standard UDP port on all interfaces.
- System information: It concerns personal info, process/disk monitoring,
- syslocation: This is the [typically physical] location of the system.
- syscontact: This is the contact information for the administrator.
- SNMP traps: Helps to send traps (device down, interface down, etc) to monitoring tools.
Our modified information should be like below, notice that there are other default values on the file which don't appear here
A sample agent configuration file on Ubuntu:
# Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161,udp6:[::1]:161 # ACCESS CONTROL # view all included .22.214.171.124.2.1.1 view all included .126.96.36.199.188.8.131.52 #rocommunity public localhost # Default access to basic system info rocommunity my_password default -V all # rocommunity6 is for IPv6 rocommunity6 my_password default -V all sysLocation linoxide sysContact Me <firstname.lastname@example.org> # ACTIVE MONITORING # # send SNMPv1 traps trapsink localhost public # send SNMPv2c traps trap2sink localhost public
A sample agent config file on CentOS:
# sec.name source community com2sec notConfigUser default my_comm # Make at least snmpwalk -v 1 localhost -c public system fast again. # name incl/excl subtree mask(optional) view systemview included .184.108.40.206.2.1 view systemview included .220.127.116.11.18.104.22.168 ## incl/excl subtree mask view all included .1 80 # variables through the snmpd.conf file: syslocation centos linoxide syscontact admin <admin@linoxide>
The SNMP service needs to be restarted for any configuration change (
/etc/snmp/snmpd.conf) to take place.
The following will restart service on Linux, make sure to run with sudo access.
$ sudo service snmpd restart
On systemd systems, run the following command
$ sudo systemctl restart snmpd.service
3) Testing SNMP service
You can test whether SNMP can read the system and interface MIB's using the snmpwalk command.
$ sudo snmpwalk -c my_password -v2c -O e 127.0.0.1 iso.22.214.171.124.126.96.36.199 = STRING: "Linux ubuntu-01 4.4.0-66-generic #87-Ubuntu SMP Fri Mar 3 15:29:05 UTC 2017 x86_64" iso.188.8.131.52.184.108.40.206 = OID: iso.220.127.116.11.1.8072.3.2.10 iso.18.104.22.168.22.214.171.124 = Timeticks: (1544) 0:00:15.44 iso.126.96.36.199.188.8.131.52 = STRING: "me <me@linoxide>" iso.184.108.40.206.220.127.116.11 = STRING: "ubuntu-01" iso.18.104.22.168.22.214.171.124 = STRING: "linoxide" iso.126.96.36.199.188.8.131.52 = INTEGER: 72 iso.184.108.40.206.220.127.116.11 = Timeticks: (1) 0:00:00.01 iso.18.104.22.168.22.214.171.124.2.1 = OID: iso.126.96.36.199.188.8.131.52.1 iso.184.108.40.206.220.127.116.11.2.2 = OID: iso.18.104.22.168.22.214.171.124.1 iso.126.96.36.199.188.8.131.52.3.1 = STRING: "The MIB for Message Processing and Dispatching." iso.184.108.40.206.220.127.116.11.3.3 = STRING: "The Management Architecture MIB." iso.18.104.22.168.22.214.171.124.0 = Timeticks: (9971483) 1 day, 3:41:54.83 iso.126.96.36.199.188.8.131.52.0 = Hex-STRING: 07 E1 04 08 01 30 16 00 2B 00 00 iso.184.108.40.206.220.127.116.11.0 = INTEGER: 393216 iso.18.104.22.168.22.214.171.124.0 = STRING: "BOOT_IMAGE=/boot/vmlinuz-4.4.0-66-generic root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyS0 " iso.126.96.36.199.188.8.131.52.0 = Gauge32: 1 iso.184.108.40.206.220.127.116.11.0 = Gauge32: 121 iso.18.104.22.168.22.214.171.124.0 = INTEGER: 0
$sudo snmpwalk -c my_comm -v1 -O e 127.0.0.1 SNMPv2-MIB::sysDescr.0 = STRING: Linux centos-01 3.10.0-514.6.1.el7.x86_64 #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (304) 0:00:03.04 SNMPv2-MIB::sysContact.0 = STRING: admin <admin@linoxide> (configure /etc/snmp/snmp.local.conf) SNMPv2-MIB::sysName.0 = STRING: centos-01 SNMPv2-MIB::sysLocation.0 = STRING: centos linoxide SNMPv2-MIB::sysORLastChange.0 = Timeticks: (8) 0:00:00.08 SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDCompliance
Once you have verified SNMP is working correctly, you can configure SNMP statistics gathering software such as MRTG to create online graphs of your traffic flows.
This example shows how to use
snmpwalk command to verify the user authentication.
$ sudo snmpwalk -v 3 -l authPriv -u user01 -a MD5 -A password -x DES -X password localhost .1
Similar to snmpwalk, snmpget is command-line tool to get information from snmp enabled devices.
The following snmpget command, verify user authentication on snmp server.
$ sudo snmpget -u user01 -l authPriv -a MD5 -x DES -A password -X password remote_host 126.96.36.199.188.8.131.52.0
-u: specify snmp user name
-l: Type of security and privacy method
-a: Which authentication mechanisms
-x: Type of encryption algorithms used
-A: Authentication password
-X: Encryption password
If you are configuring using SNMPv3, you should know about
snmpusm command and used to creates and maintains SNMPv3 user's on a network entity.
In this tutorial we learn how to install and configure SNMP on Linux to monitor network devices. I hope you enjoyed reading and please leave your suggestions in the below comment section.