logo

Maycke's IT Guides

 
	  
###################################### SNMP ##############################################
~Simple Network Management Protocol

# The SNMP collects information from the monitored devices, it is composed from a 
#  manager/server who receives the information and manage the network, and the agents
#  in the monitored devices, who sends the information to the server.
# The agent can also be installed on the server to obtain information from that device, if
#  that is desirable.

# In this guide, we provide 2 possible paths for SNMP configuration and OpManager installation:


# guide option A:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
########################~~~~ basic SNMP configuration PUBLIC COMMUNITY (SNMP v.1) ~~~~#######################

### on the server/manager:---------------------------------------------------------------------------------- 
## install packets for snmp commands and mib management:
apt install snmp snmp-mibs-downloader

## configuration
nano /etc/snmp/snmp.conf    #comment the line: 'mibs :'

### on the agent device:------------------------------------------------------------------------------------ 
## install snmp daemon:
apt install snmpd

## configuration: 
nano /etc/snmp/snmpd.conf
# (optional) update the information on 'sysLocation' and 'sysContact', example:
sysLocation    Laboratory 255
syscontact     Someone <someone@example.com>

# IF the agent is in a different device than the manager/server:
#comment the line: 'agentaddress  127.0.0.1,[::1]' #OR 'agentAddress  udp:127.0.0.1:161'
#and add (temporarily) this line instead:
agentAddress udp:161,udp6:[::1]:161

# in any case, add your IP to the 'agentaddress' line, example:
agentaddress  127.0.0.1,[::1],192.168.56.111

# comment the 'view' lines, example:
#view   systemonly  included   .1.3.6.1.2.1.1
#view   systemonly  included   .1.3.6.1.2.1.25.1

# edit the read-only 'rocommunity' lines, example:
rocommunity  public    #keep only this part of this line, delete the rest
rocommunity6  public   #//

## restart the agent service:
systemctl restart snmpd

### (optional) on the server/manager:----------------------------------------------------------------------- 
# test the configuration done by issuing a snmp command using this syntax:
#  snmpcommand -c NameOfTheCommunity -v VersionOfSNMP Agent_IP MIBsDescription, for example:
snmpget -c public -v 1 192.168.56.111 sysUpTime.0
# the command above should return for how long has the snmp service been working.

# a list of MIBs description can be found in the files from this directory:
cd /usr/share/snmp/mibs/ietf/
#########################################################################################

# guide option B:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
##########################~~~~~~~ basic SNMP configuration (SNMP v.3) ~~~~~~~##########################

### on the server/manager:---------------------------------------------------------------------------------- 
## install packets for snmp commands and mib management:
apt install snmp snmp-mibs-downloader

## configuration
nano /etc/snmp/snmp.conf    #comment the line: 'mibs :'

### on the agent device:------------------------------------------------------------------------------------ 
## install snmp daemon:
apt install snmpd

## configuration: 
nano /etc/snmp/snmpd.conf
# IF the agent is in a different device than the manager/server:
#comment the line: 'agentaddress  127.0.0.1,[::1]' #OR 'agentAddress  udp:127.0.0.1:161'
#and add (temporarily) this line instead:
agentAddress udp:161,udp6:[::1]:161
# in any case, add your IP to the 'agentaddress' line, example:
agentaddress  127.0.0.1,[::1],192.168.56.111
# at the end of this file (snmpd.conf), create a (temporary) user and give it and the user 'demo' permissions:
createUser bootstrap MD5 temp_password DES
rwuser bootstrap priv
rwuser demo priv

## restart the agent service:
systemctl restart snmpd

### on the server/manager:---------------------------------------------------------------------------------- 
## test the connection with the agent using this command and replacing the Agent_IP for the real agent's IP:
snmpget -u bootstrap -l authPriv -a MD5 -x DES -A temp_password -X temp_password Agent_IP 1.3.6.1.2.1.1.1.0
#you should get an answer with the agent's 'uname -a', ex.:
#SNMPv2-MIB::sysDescr.0 = STRING: Linux ubuntu 5.15.0-105-generic #115-Ubuntu SMP Mon Apr 15 09:52:04 UTC 2024 x86_64

## create the user 'demo' in the agent, while logged in the server/manager, using the 'bootstrap' user 
##  as a template:
snmpusm -u bootstrap -l authPriv -a MD5 -x DES -A temp_password -X temp_password Agent_IP create demo bootstrap
#you should get the message: "User successfully created."
## change the 'demo' user's password (for safety reasons):
snmpusm -u demo -l authPriv -a MD5 -x DES -A temp_password -X temp_password Agent_IP passwd temp_password new_password
#you should get the message: "SNMPv3 Key(s) successfully changed."

## test the 'demo' user's credentials by asking, for example, how long has the snmp service been working: 
snmpget -u demo -l authPriv -a MD5 -x DES -A new_password -X new_password Agent_IP sysUpTime.0
#you should get a message similar to this one:
#"DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (96999) 0:16:09.99"

## Create a configuration file with the user'a login data to make the demands from the manager 
##  easier to type in:
## IF you want the access to that configuration file to be available from any valid user on the 
##  server, edit this file:
nano /etc/snmp/snmp.conf
## ELSE, in case you want to restrict that access to a specific user, create this file in a
##  hidden directory called snmp inside the user's home directory: 
mkdir ~/.snmp
nano ~/.snmp/snmp.conf
#content to add to the file snmp.conf (in both cases):
defSecurityName demo
defSecurityLevel authPriv
defAuthType MD5
defPrivType DES
defAuthPassphrase new_password
defPrivPassphrase new_password

## now, the same command used before, to verify how long has the snmp service been 
##  working, can be resumed like this:
snmpget Agent_IP sysUpTime.0

# a list of MIBs description (sysUptime and others) can be found in the files from this directory:
cd /usr/share/snmp/mibs/ietf/

### on the agent device:------------------------------------------------------------------------------------
## Removing the user 'bootstrap':
nano /etc/snmp/snmpd.conf
#comment or REMOVE the lines: 
createUser bootstrap MD5 temp_password DES
rwuser bootstrap priv

## restart the agent service:
systemctl restart snmpd

### on the server/manager:---------------------------------------------------------------------------------- 
snmpusm Agent_IP delete bootstrap
#you should get the message: "User successfully deleted."

####### The service is installed and working, now all you have to do is to execute the SNMP commands as
#######  you need them, in order to retrieve the desired information from the agent(s)
## some useful commands: snmpget, snmpwalk e snmptable
#########################################################################################

##########################~~~~~~~~~~~~~~~~~ OpManager ~~~~~~~~~~~~~~~~~##########################
# OpManager is a network monitoring software that provides a graphic interface to collect and 
#  manage SNMP information. It's a paid software, but it has a 29-day trial.

# Other software options include:
#  Zabbix (open-source)
#  Datadog Network Device Monitoring
#  SolarWinds Network Performance Monitor

### installation and configuration:

## requirements
# you need to have mySQL server and Apache already installed on your server in order to proceed with
#  this guide. In case you don't, the next command will install the standard-configured version of those:
apt install mysql-server apache2


## install dependencies:
apt install openjdk-11-jdk postgresql-client mysql-client

## install OpManager:
wget https://www.manageengine.com/network-monitoring/29809517/ManageEngine_OpManager_Free_64bit.bin
chmod +x ManageEngine_OpManager_Free_64bit.bin
./ManageEngine_OpManager_Free_64bit.bin
# accept everything, except for the tech support, and select the default option for the other questions

## execute OpManager:
cd /opt/ManageEngine/OpManager/bin
./StartOpManagerServer.sh
# when the 'Server started in ::' message shows up, keep it running on your server and access via browser:
# http://your_server's_IP:8060/
#########################################################################################

~~~~~~~~~~SNMP Server Script:~~~~~~~~~~

ATTENTION: Always read a script before you run it!!!


To run a basic SNMP Server configuration script, run the following command line in your server's terminal: 

     wget -nc https://www.maycke.com.br/guides/raw/snmp-server.sh && chmod 700 snmp-server.sh && sudo ./snmp-server.sh && sudo rm snmp-server.sh
#########################################################################################

~~~~~~~~~~SNMP Client Script:~~~~~~~~~~

ATTENTION: Always read a script before you run it!!!


To run a basic SNMP Client configuration script, run the following command line in your client's terminal: 

     wget -nc https://www.maycke.com.br/guides/raw/snmp-client.sh && chmod 700 snmp-client.sh && sudo ./snmp-client.sh && sudo rm snmp-client.sh
#########################################################################################

Maycke's IT Guides by Maycke is licensed under CC BY-SA 4.0CreativeCommonsAttributionShareAlike 📬 Contact