You are on page 1of 3

3/22/13

16.5.3. Configuring Net-SNMP

Prev

Next

16.5.3. Configuring Net-SNMP
To change the Net-SNM P Agent Daemon configuration, edit the / e t c / s n m p / s n m p d . c o n fconfiguration file. The default s n m p d . c o n ffile shipped with Fedora 16 is heavily commented and serves as a good starting point for agent configuration. This section focuses on two common tasks: setting system information and configuring authentication. For more information about available configuration directives, refer to the snmpd.conf(5) manual page. Additionally, there is a utility in the net-snmp package named s n m p c o n fwhich can be used to interactively generate a valid agent configuration. Note that the net-snmp-utils package must be installed in order to use the s n m p w a l kutility described in this section.

Applying the changes
For any changes to the configuration file to take effect, force the s n m p dservice to re-read the configuration by running the following command as r o o t :
s y s t e m c t lr e l o a ds n m p d . s e r v i c e

16.5.3.1. Setting System Information
Net-SNM P provides some rudimentary system information via the s y s t e mtree. For example, the following s n m p w a l k command shows the s y s t e mtree with a default agent configuration.
~ ] #s n m p w a l kv 2 ccp u b l i cl o c a l h o s ts y s t e m S N M P v 2 M I B : : s y s D e s c r . 0=S T R I N G :L i n u xl o c a l h o s t . l o c a l d o m a i n2 . 6 . 3 2 1 2 2 . e l 6 . x 8 6 _ 6 4# 1S M P W e dM a r92 3 : 5 4 : 3 4E S T2 0 1 1x 8 6 _ 6 4 S N M P v 2 M I B : : s y s O b j e c t I D . 0=O I D :N E T S N M P M I B : : n e t S n m p A g e n t O I D s . 1 0 D I S M A N E V E N T M I B : : s y s U p T i m e I n s t a n c e=T i m e t i c k s :( 9 9 5 5 4 )0 : 1 6 : 3 5 . 5 4 S N M P v 2 M I B : : s y s C o n t a c t . 0=S T R I N G :R o o t< r o o t @ l o c a l h o s t >( c o n f i g u r e / e t c / s n m p / s n m p . l o c a l . c o n f ) S N M P v 2 M I B : : s y s N a m e . 0=S T R I N G :l o c a l h o s t . l o c a l d o m a i n S N M P v 2 M I B : : s y s L o c a t i o n . 0=S T R I N G :U n k n o w n( e d i t/ e t c / s n m p / s n m p d . c o n f )

By default, the s y s N a m eobject is set to the hostname. The s y s L o c a t i o nand s y s C o n t a c tobjects can be configured in the / e t c / s n m p / s n m p d . c o n ffile by changing the value of the s y s l o c a t i o nand s y s c o n t a c t directives, for example:
s y s l o c a t i o nD a t a c e n t e r ,R o w3 ,R a c k2 s y s c o n t a c tU N I XA d m i n< a d m i n @ e x a m p l e . c o m >

After making changes to the configuration file, reload the configuration and test it by running the s n m p w a l k command again:

docs.fedoraproject.org/en-US/Fedora/16/html/System_Administrators_Guide/sect-System_Monitoring_Tools-Net-SNMP-Configuring.html

1/3

fedoraproject. l o c a l d o m a i n S N M P v 2 M I B : : s y s L o c a t i o n . 0=S T R I N G :l o c a l h o s t . and Kerberos authentication.R a c k2 Configuring SNMP Version 3 User To configure an SNMP version 3 user. 6 . 5 7 S N M P v 2 M I B : : s y s C o n t a c t . 1 0 D I S M A N E V E N T M I B : : s y s U p T i m e I n s t a n c e=T i m e t i c k s :( 1 5 8 3 5 7 )0 : 2 6 : 2 3 . 0 . c o n fconfiguration file. 0=S T R I N G :l o c a l h o s t . c o n f : c r e a t e U s e ra d m i nM D 5" r e d h a t s n m p "D E S a d d i n gt h ef o l l o w i n gl i n et o/ e t c / s n m p / s n m p d . c o n fand / e t c / s n m p / s n m p d .5. 0=S T R I N G :L i n u xl o c a l h o s t .3.3/22/13 16. The following example creates the “sysadmin” user with the password “redhatsnmp”: ~ ] #s y s t e m c t ls t o ps n m p d . 3 2 1 2 2 . 1 . 1 To test the configuration. Configuring SNMP Version 2c Community To configure an SNMP version 2c community . 0=S T R I N G :U N I XA d m i n< a d m i n @ e x a m p l e . 0=S T R I N G :L i n u xl o c a l h o s t . 6 .5.509 certificates. 2 . This command adds entries to the / v a r / l i b / n e t s n m p / s n m p d . Configuring Net-SNMP ~ ] #s y s t e m c tr e l o a ds n m p d . c o m > S N M P v 2 M I B : : s y s N a m e .org/en-US/Fedora/16/html/System_Administrators_Guide/sect-System_Monitoring_Tools-Net-SNMP-Configuring. 5 7 S N M P v 2 M I B : : s y s C o n t a c t . s o u r c eis an IP address or subnet. Version 3 of the SNM P protocol supports user authentication and message encryption using a variety of protocols. For example. 0 . 1 . The format of the directives is the following: d i r e c t i v ec o m m u n i t y[ s o u r c e[ O I D ] ] … where c o m m u n i t yis the community string to use. TLS authentication with X. e l 6 . The first two versions (1 and 2c) provide for simple authentication using a community string. use the s n m p w a l kcommand with the vand coptions.R o w3 . and O I Dis the SNM P tree to provide access to. 0=S T R I N G :D a t a c e n t e r . l o c a l d o m a i n2 .2. l o c a l d o m a i n S N M P v 2 M I B : : s y s L o c a t i o n . l o c a l d o m a i n2 . s e r v i c e ~ ] #s n m p w a l kv 2 ccp u b l i cl o c a l h o s ts y s t e m S N M P v 2 M I B : : s y s D e s c r .R o w3 . ~ ] #s n m p w a l kv 2 ccr e d h a tl o c a l h o s ts y s t e m S N M P v 2 M I B : : s y s D e s c r . s e r v i c e ~ ] #n e t s n m p c r e a t e v 3 u s e r E n t e raS N M P v 3u s e rn a m et oc r e a t e : a d m i n E n t e ra u t h e n t i c a t i o np a s s p h r a s e : r e d h a t s n m p E n t e re n c r y p t i o np a s s p h r a s e : [ p r e s sr e t u r nt or e u s et h ea u t h e n t i c a t i o np a s s p h r a s e ] a d d i n gt h ef o l l o w i n gl i n et o/ v a r / l i b / n e t s n m p / s n m p d . 1. 3 . x 8 6 _ 6 4# 1S M P W e dM a r92 3 : 5 4 : 3 4E S T2 0 1 1x 8 6 _ 6 4 S N M P v 2 M I B : : s y s O b j e c t I D .R a c k2 16. 0=S T R I N G :U N I XA d m i n< a d m i n @ e x a m p l e . c o n f : r w u s e ra d m i n ~ ] #s y s t e m c t ls t a r ts n m p d . 0=O I D :N E T S N M P M I B : : n e t S n m p A g e n t O I D s . x 8 6 _ 6 4# 1S M P W e dM a r92 3 : 5 4 : 3 4E S T2 0 1 1x 8 6 _ 6 4 S N M P v 2 M I B : : s y s O b j e c t I D . 1 0 D I S M A N E V E N T M I B : : s y s U p T i m e I n s t a n c e=T i m e t i c k s :( 1 5 8 3 5 7 )0 : 2 6 : 2 3 . Configuring Authentication The Net-SNM P Agent Daemon supports all three versions of the SNM P protocol. c o m > S N M P v 2 M I B : : s y s N a m e . Note that the n e t s n m p c r e a t e v 3 u s e rcommand may only be run when the agent is not running. 1 . The string is passed in clear text over the network however and is not considered secure. use the n e t s n m p c r e a t e v 3 u s e rcommand. s e r v i c e The r w u s e rdirective (or r o u s e rwhen the r ocommand line option is supplied) that n e t s n m p c r e a t e v 3 u s e r 2/3 docs. use either the r o c o m m u n i t yor r w c o m m u n i t ydirective in the / e t c / s n m p / s n m p d . The Net-SNM P agent also supports tunneling over SSH.3. c o n ffiles which create the user and grant access to the user. 6 . the following directive provides read-only access to the s y s t e mtree to a client using the community string “redhat” on the local machine: r o c o m m u n i t yr e d h a t1 2 7 . e l 6 .html . 0=S T R I N G :D a t a c e n t e r . This string is a shared secret between the agent and any client utilities. 0=O I D :N E T S N M P M I B : : n e t S n m p A g e n t O I D s . 3 2 1 2 2 .

The a u t h p r i voption specifies that requests must be authenticated and replies should be encrypted.html 3/3 .5. c o n fin that directory (~ / . 0=S T R I N G :L i n u xl o c a l h o s t . c o n fhas a similar format to the r w c o m m u n i t yand r o c o m m u n i t ydirectives: d i r e c t i v eu s e r[ n o a u t h | a u t h | p r i v ][ O I D ] … where u s e ris a username and O I Dis the SNM P tree to provide access to. 3 2 1 2 2 . create a . l o c a l d o m a i n2 . e l 6 .fedoraproject. 6 . s n m p / s n m p . Retr ieving Per for mance Data over SNMP docs. Configuring Net-SNMP The r w u s e rdirective (or r o u s e rwhen the r ocommand line option is supplied) that n e t s n m p c r e a t e v 3 u s e r adds to / e t c / s n m p / s n m p d . and the p r i voption enforces the use of encryption. 1 To test the configuration.4.3. the Net-SNM P Agent Daemon allows only authenticated requests (the a u t hoption).5.org/en-US/Fedora/16/html/System_Administrators_Guide/sect-System_Monitoring_Tools-Net-SNMP-Configuring. The n o a u t hoption allows you to permit unauthenticated requests. Running the Net-SNMP Daemon Up Home Next 16. the following line grants the user “admin” read-write access to the entire tree: r w u s e ra d m i na u t h p r i v. For example. By default.3/22/13 16.5.2. c o n f ) with the following lines: d e f V e r s i o n3 d e f S e c u r i t y L e v e la u t h P r i v d e f S e c u r i t y N a m ea d m i n d e f P a s s p h r a s er e d h a t s n m p The s n m p w a l kcommand will now use these authentication settings when querying the agent: ~ ] $s n m p w a l kv 3l o c a l h o s ts y s t e m S N M P v 2 M I B : : s y s D e s c r . x 8 6 _ 6 4# 1S M P W e dM a r92 3 : 5 4 : 3 4E S T2 0 1 1x 8 6 _ 6 4 [ o u t p u tt r u n c a t e d ] Prev 16. s n m pdirectory in your user's home directory and a configuration file named s n m p .