SNMP on Centos 7.5 config

por | 6 mayo, 2019
0 comentarios

Install
Install the service using our loved yum.

  • yum install net-snmp net-snmp-utils

Config
To the configuration; which can be found here : /etc/snmp/snmpd.conf
I however remove the original one -most of the time- and just copy/paste the one I use on all servers; Keep the original for reference, although its very verbose (IMHO)

  • mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.ori

This is the config I use and why in the comments :

# this create a  SNMPv1/SNMPv2c community named "my_servers"
# and restricts access to LAN adresses 192.168.0.0/16 (last two 0's are ranges)
rocommunity my_servers 192.168.0.0/16

# setup info
syslocation  "rack 1, room 3, Antwerpen serverrroom"
syscontact  "Svenn"

# open up
agentAddress  udp:161

# run as
agentuser  root

# dont log connection from UDP:
dontLogTCPWrappersConnects yes

# fix for larger then 2TB disks (raid!)
realStorageUnits 0

Before we can start the service, I like to have SNMP a little less verbose, since by default EVERY connection is logged in rsyslog. Considering I poll every 5 minutes, this adds up in /var/log/messages. So lets down it a bit, this can be done in /etc/sysconfig/snmpd add the following, to reduce the verbosity :

  • OPTIONS=»-Ls3d»

firewall

The correct way to do this is to add a profile for SNMP to firewalld. Using UDP 161 not TCP

vim /etc/firewalld/services/snmp.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SNMP</short>
  <description>SNMP protocol</description>
  <port protocol="udp" port="161"/>
</service>
Then you should reload your firewall

firewall-cmd --reload

Then you need to add the service to your public zone

firewall-cmd --zone=public --add-service snmp --permanent

Then finally reload your firewall again

firewall-cmd --reload

When this has been done, lets open up the Iptables to allow for requests.  (change the -s if you have another range!)

  • iptables -A INPUT -s 192.168.0.0/16 -p udp –dport 161 -j ACCEPT

Starting the daemon

  • systemctl start snmpd
  • systemctl enable snmpd

Extending snmp

Librenms can track multiple snmp extends, most relevant for me are zfsapc upsnfs server (my own creation), these can generally be added using a small executable script adding this in snmp.conf

  • extend nfs-server /etc/snmp/nfs-server.sh
  • extend zfs /etc/snmp/zfs-linux
  • extend ups-apcups /etc/snmp/ups-apcups.sh

For more info on these, I would refer to the documentation of LibreNMS.

librenms apps overview

Multiple extends available !

Testing … 123
On the machine you are installing LibreNMS or any other NMS package try :

  • snmpwalk -c my_servers -v1 servername SNMPv2-MIB::sysDescr.0

This should return the system description. (only change -c COMMUNITY and -v1 SERVERNAME/IP)

Happy monitoring!