How to Configure SNMP Version 2c on Debian 9

koromicha
|
Last Updated:
|
Monitoring, HowTos, Icinga, Nagios, SNMP, Zabbix
|
Leave a Comment

Welcome to our tutorial on how to configure SNMP version 2c on Debian 9. If you are looking at monitoring your Debian servers via SNMP with tools like Nagios, Cacti etc, then you need to configure SNMP. In that case, you are at the right place. In our previous articles discusses configuration of SNMP on Ubuntu 18.04 and CentOS 7.

Configuring SNMP Version 2c on Debian 9

To configure SNMP on Debian 9, you need to install the necessary packages. For example, the snmp which provides SNMP command line client applications, snmpd which is the daemon providing SNMP services and other required libraries.

apt update
apt install snmpd snmp libsnmp-dev

Once the packages above are installed, proceed to configure SNMP on Debian 9. To kick off with, you need to define the method in which the SNMP clients on the monitoring servers will connect to the SNMP agents on the Debian 9 server to poll specific requests.

The most common authentication methods involves the use community string and User-based Security Model. While the former is used with SNMP protocols version 1 and 2c the later is used by  SNMP protocol version 3.

Configure SNMP Version 2c Community String

SNMP v2 provides access using a permission directive, a community string and the source Address. The syntax of this directive is define below;

directive community [source [OID]]

Where:

  • directive can be set to rocommunity (provides read-only access) or rwcommunity (provides read-write access)
  • community is a user ID or password-like string that allows access to server statistics
  • source is the IP address of the monitoring server
  • OID is the optional SNMP tree to provide access to.

Hence, make a backup of the SNMP configuration file, /etc/snmp/snmpd.conf before you can make changes to the original configuration file.

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak

Create a new SNMP daemon configuration file.

touch /etc/snmp/snmpd.conf

Configure SNMP deamon to listen on a public IP interface. By default, it only listens on a loopback interface. Hence, edit the line below to set it to listen on both loopback and public IP interface so that it can be access by the monitoring server.

vim /etc/snmp/snmpd.conf

#  AGENT BEHAVIOUR
#

#  Listen for connections from the local system only
agentAddress  udp:127.0.0.1:161,udp:192.168.43.188:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161

Next, you need to configure SNMP version 2c community string used to allow access to statistics within the server. In this case, we are going to set a string that allows read only access from the monitoring server. The syntax of the string is explained above.


###############################################################################
#
#  ACCESS CONTROL
#

                                                 #  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

                                                 #  Full access from the local host
#rocommunity public  localhost
                                                 #  Default access to basic system info
 rocommunity public  default    -V systemonly
                                                 #  rocommunity6 is for IPv6
 rocommunity6 public  default   -V systemonly
# Read only Access from monitoring server (192.168.43.203
 rocommunity MyStrinG+ 192.168.43.203

If any firewall is running, be sure to open the ports and allow access from the monitoring server.
Restart the SNMP service.

systemctl restart snmpd

Check the ports are now listening

ss -alnp | grep snmp | grep 161
udp    UNCONN     0      0      192.168.43.188:161                   *:*                   users:(("snmpd",pid=6149,fd=12))
udp    UNCONN     0      0      127.0.0.1:161                   *:*                   users:(("snmpd",pid=6149,fd=9))

The configuration of SNMP version 2c is done. Let us now verify that everything is fine. The verification can be done locally and from the monitoring server using the snmpwalk tool which retrieve a subtree of management values using SNMP GETNEXT requests

From the localhost, you can verify that all is well by running the command below.

snmpwalk -v2c -c public localhost

iso.3.6.1.2.1.1.1.0 = STRING: "Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (19557) 0:03:15.57
iso.3.6.1.2.1.1.4.0 = STRING: "Me <[email protected]>"
iso.3.6.1.2.1.1.5.0 = STRING: "debian"
iso.3.6.1.2.1.1.6.0 = STRING: "Sitting on the Dock of the Bay"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
...

From the remote monitoring host, you can run the commanad as shown below, specifying the string.

snmpwalk -v2c -c MyStrinG+ 192.168.43.188 | head -10

iso.3.6.1.2.1.1.1.0 = STRING: "Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (64405) 0:10:44.05
iso.3.6.1.2.1.1.4.0 = STRING: "Me <[email protected]>"
iso.3.6.1.2.1.1.5.0 = STRING: "debian"
iso.3.6.1.2.1.1.6.0 = STRING: "Sitting on the Dock of the Bay"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.11.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.15.2.1.1

If you are using Nagios and would like to monitor other system metics like uptime, disk load, logged in users etc, check our previous article by following the link below;

Nagios SNMP Monitoring of Linux Hosts

You may also be interested in our articles on Nagios monitoring;

How to Install and Configure Nagios Core From repo Ubuntu 18.04

How to Install and Configure Nagios Core From the Source Ubuntu 18.04

How to Install and Configure NSClient++ Nagios Agent on Windows System

How to Install Nagios NRPE Agent on RHEL/CentOS/Oracle Linux

How to Install Nagios Plugins From Source RHEL/CentOS/Oracle Linux

Configure Nagios Availability Monitoring on AlienVault USM/OSSIM

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Related Posts

Assign Static IP Addresses for OpenVPN Clients

Example Usage of ls Command in Linux

Mastering Kubernetes Autoscaling: Horizontal vs Vertical Scaling

Easy Way to Extend KVM Virtual Machine Disk Size

How to Install LAMP Stack (Apache,MariaDB, PHP 7.2) on Ubuntu 18.04 LTS

Analyze Network Traffic Using Brim Security

Leave a Comment

© 2024 kifarunix.com

Home Advertise with us Privacy Policy