Net-SNMP installation and configuration

Net-SNMP is a suite of applications used to implement various versions of the Simple Network Management Protocol. With SNMP you can retrieve information from and configure network devices. Yet Net-SNMP lacks a clear and easy-to-understand installation and configuration documentation for newbies. Here is a step-by-step guide to installing and configuring this software suite.

I tested these procedures under CentOS 6.5.

Installation

To get started, you can install the net-snmp package from repositories using the command yum install net-snmp-utils. If the repositories contain an older version, you can instead download the latest source package and compile Net-SNMP yourself. For example, to download the current net-snmp version (5.7.2.1) use the command

$  wget http://sourceforge.net/projects/net-snmp/files/net-snmp/5.7.2.1/net-snmp-5.7.2.1.tar.gz

Then uncompress the package with the command:

$  tar -xvzf net-snmp-5.7.2.1.tar.gz

Before you can configure and compile net-snmp from source you need to have installed the GCC compiler and the Perl development package, which you can do using yum:

$  yum install perl-devel
 $  yum install gcc

Now you can configure net-snmp using the command sudo ./configure. Among its tasks, this command asks how SNMP-related applications are to function. For example, it prompts you for which SNMP version to use as default, who should be contacted about the host the agent is running on, the location of the system, default location for the snmpd agent to dump information and errors to, directory for the SNMP library to store persistent data in the form of a configuration file, and more. You can enter these values at the prompts, or just press Enter to let the configuration script set the default values. If everything goes fine, the configuration setup should end with a summary like this:

---------------------------------------------------------
                Net-SNMP configuration summary:
 ---------------------------------------------------------
 
  SNMP Versions Supported:        1 2c 3
  Building for:                   linux
  Net-SNMP Version:               5.7.2.1
  Network transport support:  Callback Unix Alias TCP UDP IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase
  SNMPv3 Security Modules:         usm
  Agent MIB code:                 default_modules =>  snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host
  MYSQL Trap Logging:             unavailable
  Embedded Perl support:          enabled
  SNMP Perl modules:              building -- embeddable
  SNMP Python modules:            disabled
  Crypto support from:            internal
  Authentication support:         MD5 SHA1
  Encryption support:             DES AES
  Local DNSSEC validation:        disabled
 
 ---------------------------------------------------------

After the configuration completes, run make and make install from within the same directory to compile and install the package. When they finish, all the client-side applications should be available for you to use.

You can test the installation using the command:

$  snmpget --version
 NET-SNMP version: 5.7.2

The output of the command confirms that the client package was installed successfully. Now you must install the server daemon and related configuration files with the command yum install net-snmp, and start the net-snmp daemon using the command /etc/init.d/snmpd start.

Using Net-SNMP

Once the daemon is started successfully you can use the client-side commands to monitor your system. For example, to check the system uptime, run the command:

$  snmpget -v 2c -c public 127.0.0.1 SNMPv2-MIB::sysUpTime.0

In my case, that command produced the following line on the console:

DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (14433) 0:02:24.33

indicating that my system had been up for 2 minutes, 24 seconds – because the time is calculated from the time snmpd was started. Therefore, for an accurate report in the future, you should make sure that the daemon starts as soon as you start your Linux system.

Configuring information

Net-SNMP configuration is one of the most time-consuming and complex tasks for first-timers. Although most of the configuration parameters are set in the /etc/snmp/snmpd.conf file, it takes effort to understand and master them. Let’s get started with some basic configuration. Run snmpwalk and you should see output that looks something like:

$  snmpwalk -v2c -c public localhost system
 SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.32-431.el6.i686 #1 SMP Fri Nov 22 00:26:36 UTC 2013 i686
 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (200907) 0:33:29.07
 SNMPv2-MIB::sysContact.0 = STRING: Root <[email protected]> (configure /etc/snmp/snmp.local.conf)
 SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain
 SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
 SNMPv2-MIB::sysORLastChange.0 = Timeticks: (9) 0:00:00.09
 ...
 ...
 ...

This snmpwalk command retrieves the values of all the system-specific variables present under the .iso.org.dod.internet.mgmt.mib-2.system tree.

As you might be able to tell from the output, you can configure information such as sysLocation and sysContact by editing their respective configuration files. For example, I changed the sysLocation information in the configuration file /etc/snmp/snmpd.conf from syslocation Unknown to syslocation Datacenter, Row 5, Rack 3.

If you restart the net-snmp daemon with the command /etc/init.d/snmpd restart and run snmpwalk again, you should see your changes reflected:

$  snmpwalk -v2c -c public localhost system
 SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.32-431.el6.i686 #1 SMP Fri Nov 22 00:26:36 UTC 2013 i686
 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1856) 0:00:18.56
 SNMPv2-MIB::sysContact.0 = STRING: Root <[email protected]> (configure /etc/snmp/snmp.local.conf)
 SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain
 SNMPv2-MIB::sysLocation.0 = STRING: Datacenter, Row 5, Rack 3 (edit /etc/snmp/snmpd.conf)
 SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1) 0:00:00.01

Alternatively you can use Net-SNMP’s snmpconf utility for configuration, but it only understands a subset of the tokens that snmpd offers, so you’re better advised to edit the /etc/snmp/snmpd.conf file, which is heavily commented, and tweak the configuration parameters to make your configuration changes.

Configuring authentication

Both the Net-SNMP client utilities and the agent daemon support all SNMP versions: v1, v2c, and v3. The first two versions of the protocol support only simple authentication, with information passed over network in form of clear text. Version 3 not only provides stronger authentication, but also provides optional encryption of the messages shared between daemon and client.

To set up SNMPv3, first stop the snmpd service with the command $ /etc/init.d/snmpd stop. Edit /var/lib/net-snmp/snmpd.conf and add the following line to the file, preferably at the bottom:

createUser USERNAME SHA "AUTH-PASSWORD" AES "ENCR-PASSWORD"

Replace USERNAME, AUTH-PASSWORD, and ENCR-PASSWORD with values you want to use on your system. USERNAME is specific to Net-SNMP only, and is not related to your Linux system, so you can use any string. AUTH-PASSWORD is used for authentication, while ENCR-PASSWORD is used for encryption, but you can leave off ENCR-PASSWORD if you want to use AUTH-PASSWORD for encryption as well.

Edit /etc/snmp/snmpd.conf and add the following line, preferably at the bottom:

rouser USERNAME priv

This line assigns read-only permissions to the user created in the previous step that can only be accessed via AuthPriv, a Net-SNMP mode that enables communication with authentication and privacy. Replace rouser with rwuser if you want the user to have write permissions, as you might if you want to configure values by overwriting existing ones.

Start the SNMP daemon again with the command /etc/init.d/snmpd start.

Test the v3 communication using the following command:

snmpwalk -v 3 -l authPriv -a sha -A AUTH-PASSWORD -x AES -X ENCR-PASSWORD -u USERNAME localhost system

This command enables SNMP v3 (-v 3). The -a and -A arguments specify authentication protocol and password, while -x and -X specify the encryption protocol and password.

If SNMP V3 user is set up correctly, this command should produce output like:

SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 2.6.32-431.el6.i686 #1 SMP Fri Nov 22 00:26:36 UTC 2013 i686
 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2291) 0:00:22.91
 SNMPv2-MIB::sysContact.0 = STRING: Root <[email protected]> (configure /etc/snmp/snmp.local.conf)
 SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain
 SNMPv2-MIB::sysLocation.0 = STRING: Datacenter, Row 5, Rack 3 (edit /etc/snmp/snmpd.conf)
 SNMPv2-MIB::sysORLastChange.0 = Timeticks: (4) 0:00:00.04
 SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDMIBObjects.3.1.1
 SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
 SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
 SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
 SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
 SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
 SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
 SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
 ...
 ...
 ...

Conclusion

I’ve barely scratched the surface here, as Net-SNMP provides a huge array of configuration options. Install the package and then go through the snmpd.conf man page to learn about all of the parameters in the file.


One Response

  1. Alex G.

Leave a Reply