SNMP is Simple Network Management Protocol. It allows the operational statistics of a computer to be stored in object identifiers (OIDs) which can then be remotely queried and changed.
For any serious remote monitoring, SNMP is required. I generally prefer to monitor server performances remotely using Nagios and SNMP.
This document describes the SNMP setup, which can then be used by any SNMP remote management software.
As a security measure, one needs to know the passwords or community strings in order to query the OIDs. The read-only community strings allow the data to be queried only and the read-write community strings allows the data to be changed.
I will be refering the setup on an Ubuntu server, while they should apply to any linux distribution.
Install SNMP daemon by
$ sudo apt-get install snmpd
and then add the following lines on top of the cofiguration file – /etc/snmp/snmpd.conf as follows.
$ sudo vi /etc/snmp/snmpd.conf # type of string private/public host-from-which-access-is-restricted rwcommunity private 127.0.0.1 rocommunity public 127.0.0.1 rwcommunity ultraprivate cms.unixclinic.net rocommunity itsallyours cms.unixclinic.net
The first column is the type of community string, the second column is the community string itself and the third column (not mandatory) is the host restricted to use that community string.
The first two lines specifies that only localhost (127.0.0.1) is allowed to query the SNMP daemon using the specified read-only and read-write community strings. The next two lines specifies that only the host cms.unixclinic.net is allowed to query the SNMP daemon using the specified read-only and read-write strings.
If I remove the hostname (cms.unixclinic.net) then basically any host can query the snmp daemon if it knows the right community strings.
After making these changes, give the snmp daemon a restart and then test it using snmpwalk program:
$ sudo invoke-rc.d snmpd restart Restarting network management services: snmpd. $ snmpwalk -v1 -c public localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux cms.unixclinic.net 2.6.17-10-generic #2 SMP Tue Dec 5 21:16:35 UTC 2006 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1314) 0:00:13.14 SNMPv2-MIB::sysContact.0 = STRING: Ajitabh Pandey <hostmaster (at) unixclinic (dot) net> SNMPv2-MIB::sysName.0 = STRING: cms.unixclinic.net ....... .......
As a result of snmpwalk, you should see the system details as reported by SNMP. The snmpwalk command executed above means, you are querying “localhost” for “system” MIB and have specified SNMP ver 1 protocol to be used and the community string is “public”. Now as you know that this community string is for read-only access and is restricted to queries from 127.0.0.1 IP address only, so this works fine.
Further, if you now try to execute the following command over the network from host “cms.unixclinic.net” using the community string “itsallyours”, it should also work. But in mycase instead a timeout is received:
$ snmpwalk -v1 -c itsallyours cms.unixclinic.net system Timeout: No Response from cms.unixclinic.net
Just for clarification, the current host from which snmpwalk is being run is also cms.unixclinic.net.
This should work on most distributions (RHEL 3, RHEL 4 and Debian Sarge it works like this), but on Ubuntu “Edgy Eft” 6.10 its not the case. This will fail. The reason being the defualt settings of SNMP. Following is the output of ps command from both an Edgy Eft machine and Sarge machine:
Ubuntu $ ps -ef|grep snmp|grep -v "grep" snmp 5620 1 0 11:39 ? 00:00:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 Debian $ ps -ef|grep snmp|grep -v "grep" root 2777 1 0 2006 ? 00:46:35 /usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd.pid
If you see carefully, that Ubuntu 6.10 snmp daemon is by default restricted to 127.0.0.1. This means that it is only listening on localhost. To change that and make it listen on all interfaces we need to change the /etc/default/snmpd file:
Change the following line
$ sudo vi /etc/default/snmpd ..... SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1' .....
to
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid'
and then restart SNMPD
$ sudo invoke-rc.d snmpd restart