I've used this setup and it just workedTM, but I reckon it's not the best, since it doesn't supports views, groups and other (interesting) features.

You may use it to get an introduction to net-SNMP. I'm also assuming you're willing to configure it on CentOS or Ubuntu (the sudo / apt commands refer to Ubuntu).

Install NET-SNMP.

Follow those steps to install net-snmp on your system (1st command = CentOS/2nd command = Ubuntu):

yum install net-snmp-utils net-snmp-devel
apt-get install snmp libsnmp-base snmpd sysv-rc-conf

Configure NET-SNMP.

My article uses a Read-only snmp user (remove "-ro" for a rw-one). Name:"user"; Password: "[email protected]":

net-snmp-config --create-snmpv3-user -A MD5 -a [email protected] -x DES -X [email protected] -ro user
sudo net-snmp-config --create-snmpv3-user -A MD5 -a [email protected] -x DES -X [email protected] -ro user

The following autostarts snmpd:

chkconfig snmpd on
sudo sysv-rc-conf snmpd on

Make a backup copy of the original snmpd.conf:

sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.ori

Then edit it /etc/snmp/snmpd.conf:

###########################################################################
# SECTION: Access Control Setup
#
# rouser: a SNMPv3 read-only user
# arguments: user [noauth|auth|priv] [restriction_oid] rouser user authpriv
# rocommunity: a SNMPv1/SNMPv2c read-only access community name
# arguments: community [default|hostname|network/bits] [oid] # read-only SNMPv2c naw from all IP addresses/networks:
rocommunity public
interface eth0
agentaddress 192.168.2.11:161
interface lo0
agentaddress 127.0.0.1:161
syslocation "hq"
syscontact "[email protected]"

Verify NET-SNMP.

Launch snmpd:

/etc/init.d/snmpd start

Verify it works on your loopback I/F:

snmpwalk -v 3 -a sha -A [email protected] -x des -X [email protected] -u user -l authPriv localhost | less

Verify it works on your physical I/F adapter:

snmpwalk -a MD5 -A [email protected] -x DES -X [email protected] -u user -c public -l authPriv 192.168.2.11 | less

SNMP iptables rules.

# SNMP
iptables -A INPUT -p udp -m udp -s 0/0 --dport 161:162 -j ACCEPT

Verify user is inside /usr/share/snmp/snmpd.conf:

rouser user

Enable net-snmp logging.

[CentOS-only - for Ubuntu adjust accordingly] Enable net-snmp logging to snmpd.log:

sed -i 's|OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"|OPTIONS="-LS0-6d -Lf /var/log/snmpd.log -p /var/run snmpd.pid"|g' /etc/init.d/snmpd

  • Also, put snmpd.log into logrotate.d, for example:

/var/log/snmpd.log {
    notifempty
    missingok
    size 32M
    yearly
    compress
    compresscmd /usr/bin/bzip2
    compressext .bz2
    postrotate
       /sbin/service snmpd condrestart 2> /dev/null > /dev/null || true
    endscript
}

Debug NET-SNMP.

From a terminal, stop the snmpd daemon and start it manually with:

snmpd -f -L -Dread_config

Enable SNMP debug option as a default, edit /etc/init.d/snmpd:

OPTIONS="-Lsd -Lf /var/log/snmpd.log -p /var/run/snmpd.pid -a -Dread_config"

NET-SNMP AES Support.

[Bonus]: Check if your net-snmp instance supports AES (from http://www.zenoss.com/community/docs/zenoss-guide/2.4.2/apbs02.html).

snmpwalk -x AES 2>&1 | head -1

IF "No hostname specified." -> AES Supported.

IF "Invalid privacy protocol specified after -x flag: AES" -> AES NOT supported.

Senior Professional Network and Computer Systems Engineer during work hours and father when home.

Andrea strives to deliver outstanding customer service and heaps of love towards his family.

In this Ad-sponsored space, Andrea shares his quest for "ultimate" IT knowledge, meticulously brought to you in an easy to read format.

Very basic net-snmp setup.
Rate this post