How to Configure SNMP Version 2c on Debian 9

0
8201

Welcome to our tutorial on how to configure SNMP version 2c on Debian 9. If you are looking at monitoring your Debian servers via SNMP with tools like Nagios, Cacti etc, then you need to configure SNMP. In that case, you are at the right place. In our previous articles discusses configuration of SNMP on Ubuntu 18.04 and CentOS 7.

How to Configure SNMP Version 2c on Debian 9

To configure SNMP on Debian 9, you need to install the necessary packages. For example, the snmp which provides SNMP command line client applications, snmpd which is the daemon providing SNMP services and other required libraries.

apt update
apt install snmpd snmp libsnmp-dev

Once the packages above are installed, proceed to configure SNMP on Debian 9. To kick off with, you need to define the method in which the SNMP clients on the monitoring servers will connect to the SNMP agents on the Debian 9 server to poll specific requests.

The most common authentication methods involves the use community string and User-based Security Model. While the former is used with SNMP protocols version 1 and 2c the later is used by  SNMP protocol version 3.

Configure SNMP Version 2c Community String

SNMP v2 provides access using a permission directive, a community string and the source Address. The syntax of this directive is define below;

directive community [source [OID]]

Where:

  • directive can be set to rocommunity (provides read-only access) or rwcommunity (provides read-write access)
  • community is a user ID or password-like string that allows access to server statistics
  • source is the IP address of the monitoring server
  • OID is the optional SNMP tree to provide access to.

Hence, make a backup of the SNMP configuration file, /etc/snmp/snmpd.conf before you can make changes to the original configuration file.

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak

Create a new SNMP daemon configuration file.

touch /etc/snmp/snmpd.conf

Configure SNMP deamon to listen on a public IP interface. By default, it only listens on a loopback interface. Hence, edit the line below to set it to listen on both loopback and public IP interface so that it can be access by the monitoring server.

vim /etc/snmp/snmpd.conf
#  AGENT BEHAVIOUR
#

#  Listen for connections from the local system only
agentAddress  udp:127.0.0.1:161,udp:192.168.43.188:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161

Next, you need to configure SNMP version 2c community string used to allow access to statistics within the server. In this case, we are going to set a string that allows read only access from the monitoring server. The syntax of the string is explained above.

###############################################################################
#
#  ACCESS CONTROL
#

                                                 #  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

                                                 #  Full access from the local host
#rocommunity public  localhost
                                                 #  Default access to basic system info
 rocommunity public  default    -V systemonly
                                                 #  rocommunity6 is for IPv6
 rocommunity6 public  default   -V systemonly
# Read only Access from monitoring server (192.168.43.203
 rocommunity MyStrinG+ 192.168.43.203   

If any firewall is running, be sure to open the ports and allow access from the monitoring server.
Restart the SNMP service.

systemctl restart snmpd

Check the ports are now listening

ss -alnp | grep snmp | grep 161
udp    UNCONN     0      0      192.168.43.188:161                   *:*                   users:(("snmpd",pid=6149,fd=12))
udp    UNCONN     0      0      127.0.0.1:161                   *:*                   users:(("snmpd",pid=6149,fd=9))

The configuration of SNMP version 2c is done. Let us now verify that everything is fine. The verification can be done locally and from the monitoring server using the snmpwalk tool which retrieve a subtree of management values using SNMP GETNEXT requests

From the localhost, you can verify that all is well by running the command below.

snmpwalk -v2c -c public localhost
iso.3.6.1.2.1.1.1.0 = STRING: "Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (19557) 0:03:15.57
iso.3.6.1.2.1.1.4.0 = STRING: "Me <[email protected]>"
iso.3.6.1.2.1.1.5.0 = STRING: "debian"
iso.3.6.1.2.1.1.6.0 = STRING: "Sitting on the Dock of the Bay"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
...

From the remote monitoring host, you can run the commanad as shown below, specifying the string.

snmpwalk -v2c -c MyStrinG+ 192.168.43.188 | head -10
iso.3.6.1.2.1.1.1.0 = STRING: "Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (64405) 0:10:44.05
iso.3.6.1.2.1.1.4.0 = STRING: "Me <[email protected]>"
iso.3.6.1.2.1.1.5.0 = STRING: "debian"
iso.3.6.1.2.1.1.6.0 = STRING: "Sitting on the Dock of the Bay"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72
iso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.11.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.15.2.1.1

If you are using Nagios and would like to monitor other system metics like uptime, disk load, logged in users etc, check our previous article by following the link below;

That is all about how to configure SNMP version 2c on Debian 9. We hope this article helped. We will learn how to configure SNMP version 3 in our next article.

You may also be interested in our articles on Nagios monitoring;

LEAVE A REPLY

Please enter your comment!
Please enter your name here