Basic SNMP Configuration for Debian

Published by Torry Crass on

So I keep having to do this to bring all of my systems in line for monitoring with Observium.  While I might not continue to use it long term (I'm still debating between it and Zenoss), it's still good to have all my ducks in a row with SNMP configurations.  Since I initially had some trouble with this I'm going to share what I did to configure mine.  This article assumes that you have a working knowledge of debian linux, system services and administration.

NOTE:  There are ways innumberable to set up and configure snmpd.  This is the way I configured it and what works for me.  This may or may not work for you so just keep that in mind.

The first thing that you need to do is install snmpd.  That task is accomplished as follows:

apt-get install snmpd

Naturally, answer yes to the prompts and once you are back at a command prompt you'll need to install the MIBs required to have snmpd effectively report back statuses.  That is accomplished by installing a lovely little packaged called snmp-mibs-downloader (see my other article if you have errors with it, it might help):

apt-get install snmp-mibs-downloader

Now, you need to edit the snmpd default startup script to include the mibs path (/usr/share/mibs).  Edit the file and change the entry as shown below:

vi /etc/default/snmpd

Original:

export MIBS=

New:

export MIBS=/usr/share/mibs

Next you need to edit the snmpd configuration file directly:

vi /etc/snmp/snmpd.conf

By default the config is set to listen only on localhost, you may want to open it to all adapters (unless you have a specific managment network connected, then I'd do that).  Note that the changes here are mostly commenting out one line and uncommenting another so please pay attention to the # (hash) marks:

#  Listen for connections from the local system only
#agentAddress  udp:127.0.0.1:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161

Now you should change the access control section to reflect what your monitoring system requires, I've restricted down mine so that only localhost and my monitoring system have access to the SNMP traffic.  No need for prying eyes to see this.  Again, please compare your files contents to this one and pay attention to the hash marks:

###############################################################################
#
#  ACCESS CONTROL
#

                                                 #  system + hrSystem groups only
view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

                                                 #  Full access from the local host
rocommunity public  localhost
                                                 #  Default access to basic system info
# rocommunity public  default    -V systemonly

                                                 #  Full access from an example network
                                                 #     Adjust this network address to match your local
                                                 #     settings, change the community string,
                                                 #     and check the 'agentAddress' setting above
#rocommunity secret  10.0.0.0/16
rocommunity YourSecret 123.456.789.012
                                                 #  Full read-only access for SNMPv3
# rouser   authOnlyUser
                                                 #  Full write access for encrypted requests
                                                 #     Remember to activate the 'createUser' lines above
#rwuser   authPrivUser   priv

Now you should edit your location and contact information to reflect the systems location (or whatever else you'd like to put here) and the e-mail contact information for the system.  This contact info is used by some systems to display location maps as well as to generate and send alerts to the contact.

#
#  SYSTEM INFORMATION
#

#  Note that setting these values here, results in the corresponding MIB objects being 'read-only'
#  See snmpd.conf(5) for more details
sysLocation    YourCity, YourStateOrCountry
sysContact     YourName <[email protected]>

Save the changes to the configuration file; if you used vi, you should just enter:

:wq

Now restart the snmpd service:

/etc/init.d/snmpd restart

That should take care of making it accessible for your monitoring system.  Again, you may need to tweek certain aspects of it in order to get it to do exactly what you're looking for, but for me, this worked out quite well.

Happy monitoring!


0 Comments

Leave a Reply