SNMP minimal configuration for test purpose

Hi,

I’m trying to learn how to use SNMP. I did the following to get snmpd installed and running:

sudo dnf install net-snmp net-snmp-utils
sudo systemctl start snmpd.service

systemctl status snmpd shows an (apparently non-fatal) error ‘Can’t find directory of RPM packages’:

● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
     Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
     Active: active (running) since Thu 2022-05-19 07:21:33 EDT; 3s ago
   Main PID: 6290 (snmpd)
      Tasks: 1 (limit: 9411)
     Memory: 10.7M
        CPU: 44ms
     CGroup: /system.slice/snmpd.service
             └─6290 /usr/sbin/snmpd -LS0-6d -f

May 19 07:21:33 picard systemd[1]: Starting snmpd.service - Simple Network Management Protocol (SNMP) Daemon....
May 19 07:21:33 picard snmpd[6290]: Can't find directory of RPM packages
May 19 07:21:33 picard snmpd[6290]: NET-SNMP version 5.9.1
May 19 07:21:33 picard systemd[1]: Started snmpd.service - Simple Network Management Protocol (SNMP) Daemon..

But snmpwalk can’t query localhost, even using the basic example given in the Fedora documentation:

> snmpwalk -v2c -c public localhost system
Timeout: No Response from localhost

I’ve tried enabling snmp service in the firewall, disabling the firewall, and turning off selinux, but I still get the timeout from snmpwalk. Any idea why this doesn’t work?

System Monitoring Tools :: Fedora Docs

You might have to change the localhost name in the config, see link above. First you can check it with hostnamectl and try the exact name you have there. The default in the config is localhost.localdoman

hostnamectl gives the following:

$ hostnamectl
 Static hostname: picard
       Icon name: computer-laptop
         Chassis: laptop 💻
      Machine ID: 2cac644794cb4796846d673756a023b3
         Boot ID: a9f0a0898ace43c9a2914546f9bb27ee
Operating System: Fedora Linux 36 (Workstation Edition)
     CPE OS Name: cpe:/o:fedoraproject:fedora:36
          Kernel: Linux 5.17.7-300.fc36.x86_64
    Architecture: x86-64
 Hardware Vendor: Apple Inc.
  Hardware Model: MacBookAir6,1

So I tried picard for the hostname, but that times out too:

$ snmpwalk -v2c -c public picard system
Timeout: No Response from picard

You have to debug first if IP works as it should.
What says ping tolocalhost and to picard? Ip4 or Ip6 address ? Can it be resolved?
Check if SNMP is configured for the right protocol (ip4/6) etc.

IP doesn’t work either. I can ping the machine by its IPV4 address with either ping picard or ping localhost (ping6 picard doesn’t work, but that’s expected because I don’t have IPV6 working on my network).

snmpwalk doesn’t work with the IP address either:

$ snmpwalk -v2c -c public 127.0.0.1 system
Timeout: No Response from 127.0.0.1

I installed it too and do get same error on F35. So might be something not correct anymore in the manual ?

That or a problem with the default /etc/snmp/snmpd.conf?

1 Like

The text below shows that localhost.localdomain is not active in the config file … at least I could not grep it.

There is a commented out example config. You might have to go thru and activate as it fits to your network. I believe somehow you will configure the IP range who is able to use snmp like:

192.168.0.0/24

and do not forget to restart de service after every change you make.

$ sudo cat /etc/snmp/snmpd.conf |grep -i localhost
# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#com2sec local     localhost       COMMUNITY
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
#   % snmpwalk -v 1 localhost -c public system
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"

This will take some research; that config file looks complicated. Thanks for your help!

1 Like

( Source see Install and Configure SNMP on RHEL/CentOS/Fedor | Windows OS Hub )
There where some errors in the commands, so I copied the info and corrected it.

Install and Configure SNMP on RHEL/CentOS/Fedora

Simple Network Management Protocol (SNMP) is used to get information about the current status of servers, network equipment, printers or other IP devices. You can get different metrics through SNMP: CPU utilization, number of processes, state of services, etc. The major SNMP advantages are that it is supported by almost any devices and doesn’t require a separate monitoring system agent to be installed. In this article we will show how to install and configure an SNMP (and SNMP v3) agent on a Linux host running CentOS, RHEL, or Fedora.

Installing SNMP Agent and Diagnostic Tools on Linux

Before you install SNMP packages, install the latest updates on your server using dnf (yum):

# dnf update -y

Then install the SNMP agent and additional tools from the base repository:

# dnf install net-snmp net-snmp-utils -y

How to Enable and Configure SNMP Agent on Linux?

Prior to SNMP configuration, create a copy of the original config file:

# mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig

Then edit the SNMP agent settings:

# nano /etc/snmp/snmpd.conf

Add the following lines:

rocommunity public
syslocation GE-DC2
syscontact gedc2-admins@woshub.com

These are three basic SNMP parameters. There are many other options for configuring the Net-SNMP agent, but we cannot cover everything in one article.

Save the file (it is recommended to enter a correct location and a valid email address). Then enable the snmpd service and start it:

# systemctl enable snmpd.service
# systemctl start snmpd

Make sure that the service is running:

# systemctl status snmpd

run the snmpd service on linux host

If you are using a firewall on your server, allow connections to TCP/UDP ports 161 and 162. Use the following commands to open SNMP ports in firewalld:

# sudo firewall-cmd --zone=public --add-port=161/udp --permanent
# sudo firewall-cmd --zone=public --add-port=161/tcp --permanent
# sudo firewall-cmd --zone=public --add-port=162/udp --permanent
# sudo firewall-cmd --zone=public --add-port=162/tcp --permanent
# sudo firewall-cmd --reload

Poll SNMP Agent Using Snmpwalk

You can poll the SNMP agent using the snmpwalk tool. To check the service locally using the SMMPv2 protocol, use the command:

# snmpwalk -v 2c -c public -O e 127.0.0.1

If SNMP is configured correctly, you will receive a set of SNMP data from the agent.
After setting the configuration file and running a test command, I received the error below:

Timeout: No Response from localhost

I fixed it by clearing the configuration file and adding only the lines I specified above. If you need some specific settings, check everything thoroughly, since the service starts without any problems, but it is not working.

You can also query your server locally using this command:

# snmpwalk -v2c -c public localhost system

SNMPv2-MIB::sysDescr.0 = STRING: Linux server1.test.com 4.18.0-147.8.1.el8_1.x86_64 #1 SMP Thu Apr 9 13:49:54 UTC 2020 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (106564) 0:17:45.64
SNMPv2-MIB::sysContact.0 = STRING: gedc2-admins@woshub.com
SNMPv2-MIB::sysName.0 = STRING: server1.test.com
SNMPv2-MIB::sysLocation.0 = STRING: GE-DC2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.9 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.10 = Timeticks: (0) 0:00:00.00

Then make sure that your SNMP agent is available remotely. Run this command on another server (install snmp tools prior to doing it):

# snmpwalk -v2c -c public 192.168.21.205 system

polling the snmp agent using the snmpwalk tool

As you can see, the remote server received the information from the server over SNMP. Now you can add the server to any SNMP monitoring system (like Zabbix or Cacti).
Here is an article on “How to configure SNMP on a VMWare ESXi host?”.

Configure SNMPv3 on Linux CentOS/RHEL/Fedora

In the beginning of the article we have shown how to configure an SNMP agent that uses SNMP v1 and v2. SNMPv3 is a newer and more secure version of the protocol with support for authentication and encryption. To configure SNMPv3, create a user with a password, set an encryption password, access rights and an encryption algorithm (MD5 or SHA).

To create a user for SNMPv3, stop the snmpd daemon:

# systemctl stop snmpd

Then you can create a user:

# net-snmp-create-v3-user -ro -A o2ps2w0dD -a SHA -X r30svV33 -x AES snmpuser
Here is the syntax of net-snmp-create-v3-user:

net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass][-x DES|AES] [username]

-ro – it means that a user has read-only privileges
Authpass – authentication password
Privpass – private key

After running the command, a user with the specified password and key will be created:

# create snmpv3 user

Start the service:

# systemctl start snmpd

Try to poll the SNMP agent using snmpwalk. Note that to poll over SNMPv3, you must specify the user name, the password and the key.

# snmpwalk -v3 -a SHA -A o2ps2w0dD -x AES -X r30svV33 -l authPriv -u snmpuser 192.168.21.205 | head

1 Like

Thanks, adding just the rocommunity public to /etc/snmpd.conf seems to be the minimum required to be able to query snmpd. Now on to learning how SNMP works…

1 Like