In this guide, we are going to learn how to install and configure SNMP on Ubuntu 22.04/Debian 11. SNMP is an acronym for Simple Network Management Protocol. It provides an agentless method of managing and monitoring of network devices and servers for health information, system metrics such as CPU load, Physical Memory usage, number of running processes, service state or any other service/process that support polling over theSNMPprotocol.
Install and Configure SNMP on Ubuntu 22.04/Debian 11
Before you can monitor Linux hosts via SNMP using monitoring tools like Nagios/Cacti/LibreNMS, you first need to install and configure SNMP.
In this setup, we will install and configure SNMP on Ubuntu 22.04/Debian 11.
Install SNMP on Ubuntu 22.04/Debian 11
The SNMP packages are available on default Ubuntu 22.04/Debian 11 repositories.
You first need to update your package cache;
apt update
Once the update is done, install SNMP on Ubuntu 22.04/Debian 11.
apt install snmpd snmp libsnmp-dev
Configure SNMP on Ubuntu 22.04/Debian 11
Once the installation is done, proceed to configure SNMP as follows.
The default configuration file for SNMP is/etc/snmp/snmpd.conf.
The file is highly commented and thus, we will only make a few changes. As a result, make a copy of the original file before you can proceed.
cp /etc/snmp/snmpd.conf{,.bak}Configuring SNMP Authentication on Ubuntu 22.04/Debian 11
SNMP supports three versions of SNMP protocol;
- SNMP
v1 - SNMP
v2c - SNMP
v3
Both SNMP version 1 and 2c provides authentication usingcommunity string, which is a shared secret between the agent and the client that is passed in clear text over the network
SNMP version 3 supports user authentication and message encryption using a variety of protocols and is thus a bit more secure.
Configuring SNMP Version 2c Community on Ubuntu 22.04/Debian 11
As stated above, SNMP v2 provides access using a permission directive, a community string and the source Address. The source address can be IP of the monitoring server such as Nagios Server (SNMP server) or Cacti for example. This directive should be set in the format;
directive community [source [OID]]
Where
directivecan berocommunity(provides read-only access) orrwcommunity(provides read-write access)sourcecan be IP of the monitoring server such as Nagios Server (SNMP server) or Cacti or LibreNMS for exampleOIDis the optional SNMP tree to provide access to.
To configure SNMP v2c, edit thesnmpdconfiguration file and configure it to listen on both a localhost and an interface IP. By default, SNMP agent on is set to allow connections originating from the localhost only.
vim /etc/snmp/snmpd.conf...############################################################################ SECTION: Agent Operating Mode## This section defines how the agent will operate when it# is running....#agentaddress 127.0.0.1,[::1]agentAddress udp:127.0.0.1:161,udp:192.168.56.124:161
The above will allow SNMP agent to listen on loopback interface and on an interface IP 192.168.56.124, port 161/UDP.
Next, configure SNMP agent to allow the monitoring server (LibreNMS server in my case, with IP, 192.168.60.22) only to connect using the community string ([emailprotected]).
...#SECTION: Access Control Setup#This section defines who is allowed to talk to your runningsnmp agent....# Read-only access to everyone to the systemonly view#rocommunity public default -V systemonly#rocommunity6 public default -V systemonlyrocommunity [emailprotected] 192.168.60.22Save the changes and exit the configuration file.
Note that for any changes to the configuration file to take effect, force thesnmpdservice to re-read the configuration by running the following command:
systemctl restart snmpd
If you can check, SNMP is now listening on two interfaces;
netstat -nlpu|grep snmp
udp 0 0 192.168.56.124:161 0.0.0.0:* 4226/snmpd udp 0 0 127.0.0.1:161 0.0.0.0:* 4226/snmpdIf firewall is running, allow connection from the monitoring server.
ufw allow from 192.168.60.22 to any port 161 proto udp comment "Allow SNMP Scan from Monitoring Server"For IPTABLES, this is the rule;
iptables -A INPUT -s 192.168.60.22 -p udp --dport 161 -j ACCEPT -m comment --comment "Allow SNMP Checks"cp /etc/iptables/rules.v4{,.bak}iptables-save > /etc/iptables/rules.v4Verify SNMP v2c Connection with Community String
Next, run the command below from the monitoring server to verify access to the host;
snmpwalk -v2c -c [emailprotected] 192.168.56.124If you received such an output, then all is fine
SNMPv2-MIB::sysDescr.0 = STRING: Linux jellyfish 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:28 UTC 2022 x86_64SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (675) 0:00:06.75SNMPv2-MIB::sysContact.0 = STRING: MeSNMPv2-MIB::sysName.0 = STRING: jellyfishSNMPv2-MIB::sysLocation.0 = STRING: Sitting on the Dock of the BaySNMPv2-MIB::sysServices.0 = INTEGER: 72SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBComplianceSNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDComplianceSNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBComplianceSNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIBSNMPv2-MIB::sysORID.5 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroupSNMPv2-MIB::sysORID.6 = OID: TCP-MIB::tcpMIBSNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIBSNMPv2-MIB::sysORID.8 = OID: IP-MIB::ipSNMPv2-MIB::sysORID.9 = OID: SNMP-NOTIFICATION-MIB::snmpNotifyFullComplianceSNMPv2-MIB::sysORID.10 = OID: NOTIFICATION-LOG-MIB::notificationLogMIBSNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB.SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.SNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entitiesSNMPv2-MIB::sysORDescr.5 = STRING: View-based Access Control Model for SNMP.SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing TCP implementationsSNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementationsSNMPv2-MIB::sysORDescr.8 = STRING: The MIB module for managing IP and ICMP implementationsSNMPv2-MIB::sysORDescr.9 = STRING: The MIB modules for managing SNMP Notification, plus filtering.SNMPv2-MIB::sysORDescr.10 = STRING: The MIB module for logging SNMP Notifications.SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.2 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORUpTime.3 = Timeticks: (0) 0:00:00.00...
If you receive, Timeout: No Response from 192.168.56.124, then check your agent firewall as well as SNMP access control.
Configure SNMP Version 3 on Ubuntu 22.04/Debian 11
SNMP v3 uses a username, permission, security level, authentication and privacy passphrases to allow access. As a result, you need to create user for authenticating. When created, the user is added to the following configuration files;/etc/snmp/snmpd.confand/var/lib/net-snmp/snmpd.conf.
Similarly, make a copy of the original configuration file just like we did above.
cp /etc/snmp/snmpd.conf{,.bak}Stop SNMP daemon
systemctl stop snmpd
Create SNMP v3 Authentication User
Create a read-only authentication user using thenet-snmp-create-v3-usercommand. The command syntax is;
net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass][-x DES|AES] [username]
On Debian 11, due to some “bug” with the net-snmp-create-v3-user script, you may see such an error as touch: cannot touch ‘/snmp/snmpd.conf’: No such file or directory.
Thus, before you generate the SNMP v3 authentication credentials, run the command below to update the paths;
cp /usr/bin/net-snmp-create-v3-user ~/sed -ie '/prefix=/adatarootdir=${prefix}\/share' /usr/bin/net-snmp-create-v3-userNext, generate the authentication user.
net-snmp-create-v3-user -ro -A [emailprotected] -a SHA -X [emailprotected] -x AES snmpadminadding the following line to /var/lib/snmp/snmpd.conf: createUser snmpadmin SHA "[emailprotected]" AES "[emailprotected]"adding the following line to /usr/share//snmp/snmpd.conf: rouser snmpadminStart SNMP daemon and configure inbound Firewall rules to UDP port 161 as we did above.
systemctl start snmpd
Enable SNMP daemon to run on system reboot.
systemctl enable snmpd
Verify SNMP v3 Connection
Test to verify that everything is working as expected. Note that we ran this command from the SNMP monitoring server.
snmpwalk -v3 -a SHA -A [emailprotected] -x AES -X [emailprotected] -l authPriv -u snmpadmin 192.168.56.124
SNMPv2-MIB::sysDescr.0 = STRING: Linux jellyfish 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:28 UTC 2022 x86_64SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (3436) 0:00:34.36SNMPv2-MIB::sysContact.0 = STRING: MeSNMPv2-MIB::sysName.0 = STRING: jellyfishSNMPv2-MIB::sysLocation.0 = STRING: Sitting on the Dock of the BaySNMPv2-MIB::sysServices.0 = INTEGER: 72SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBComplianceSNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDComplianceSNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBComplianceSNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIBSNMPv2-MIB::sysORID.5 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroupSNMPv2-MIB::sysORID.6 = OID: TCP-MIB::tcpMIBSNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIBSNMPv2-MIB::sysORID.8 = OID: IP-MIB::ipSNMPv2-MIB::sysORID.9 = OID: SNMP-NOTIFICATION-MIB::snmpNotifyFullComplianceSNMPv2-MIB::sysORID.10 = OID: NOTIFICATION-LOG-MIB::notificationLogMIBSNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB.SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.SNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entitiesSNMPv2-MIB::sysORDescr.5 = STRING: View-based Access Control Model for SNMP.SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing TCP implementationsSNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementationsSNMPv2-MIB::sysORDescr.8 = STRING: The MIB module for managing IP and ICMP implementationsSNMPv2-MIB::sysORDescr.9 = STRING: The MIB modules for managing SNMP Notification, plus filtering.SNMPv2-MIB::sysORDescr.10 = STRING: The MIB module for logging SNMP Notifications.SNMPv2-MIB::sysORUpTime.1 = Timeticks: (0) 0:00:00.00...
Great!! You have successfully setup SNMP v2c and SNMP v3 on an Ubuntu 22.04/Debian 11 system. You can now configure your server for polling from a remove monitoring server using SNMP strings or with SNMP v3.
That brings us to the end of our tutorial on how to install and configure SNMP on Ubuntu 22.04/Debian 11.
Other Tutorials
Install LibreNMS on Rocky Linux
Easily Install and Setup Cacti on Ubuntu 20.04
FAQs
How Install SNMP walk Ubuntu? ›
- Redhat/Fedora/CentOs: yum install net-snmp-utils.
- Ubuntu: apt-get install snmp.
- Execute any one of the command in the console. $ /etc/rc.d/init.d/snmpd status or $ service snmpd status.
- If SNMP is installed, but is not started, execute any one of the command in the console to start SNMP (as root) ...
- If SNMP is not installed, install SNMP.
- Obtain MIB and trap destination information from the library. (See "Obtain the Management Information Base" and "Obtain Trap Destination Information".)
- Manage SNMP users. ...
- Configure trap recipients. ...
- Enable the agent within the library controller card. ...
- Configure SNMP service information.
- Installation. yum install net-snmp.
- Configuration. Edit the file: /etc/snmp/snmpd.conf. Add the following lines: rocommunity public. agentAddress udp:161,udp6:[::1]:161. Start the snmpd service: systemctl enable snmpd && systemctl start snmpd.
- Allow SNMP ports in Firewall.
- Open Control Panel.
- Select Program.
- Click on Program and features.
- Click on Turn Windows features on or off.
- Find the Simple Network Management Protocol.
- Check the box and click OK.
- Download it from the Net-SNMP website and install.
- Open the cmd command prompt window and run the following command: snmpwalk.exe -c public -v1 -On 192.168.2.66.
- There is also a command for using external MIBs: snmpwalk.exe -c public -v1 192.168.2.66 MIB [MIB name]
SNMP is a Windows feature for the last 20 years. By default, it is not installed and you will need to do it manually.
What is SNMP GET command? ›The snmpget command retrieves the value of a MIB object. It adds an OID to the current SNMP GET PDU, or if a PDU does not already exist, it creates one. Once you have constructed the GET PDU using one or more snmpget commands, send it using the snmpsync command. The snmpget command has the format: snmpget oid element.
Is SNMP same as ping? ›Ping is simpler than SNMP in that it doesn't report any other information about a device other than whether it's up or down (assuming the device you're trying to reach is accepting requests), and how long it took to get a response from that device.
How do I fix SNMP problems? ›- Ping a PC near the device. ...
- Ping the device. ...
- Telnet and/or browse to the device. ...
- Confirm the port configuration of the device. ...
- Confirm that important IP addresses are not blocked. ...
- Trace the route to the device.
How check SNMP connection in Linux? ›
- version V1 or v2c ((it is recommended to use v2c)
- communauty name name of the community declare in the device to access the information.
- ip device The IP or hostname address of the device to test.
- oid constructor identifier for obtaining device information.
The servers that should be monitored needs to be reachable on port 161, TCP and UDP. The snmp daemon's configuration file is commonly found at /etc/snmp/snmpd.
How do I know if SNMP is enabled? ›- Verify that SNMP is enabled.
- Add an SNMP community.
- Add an SNMPv3 security user.
- Add an SNMP traphost.
- Test SNMP traps.
- Test SNMP polling.
As a result, SNMP uses the UDP port 161 of the SNMP Agent for sending and receiving requests. On the other hand, port 162 of the SNMP Manager is used for receiving traps from managed devices. To conclude, every device that implements SNMP must use these port numbers as the defaults.
How do I enable SNMP manager? ›- Telnet to the router/switch. ...
- Go to the enable mode by specifying the password: ...
- Go into configuration mode: ...
- Use the command below to add a Read-Only community string: ...
- To add a Read-Write Community string, use the command below: ...
- Exit the configuration mode and save the settings:
SNMP. Port 161 is the default port on network devices to which SNMP queries are sent during the discovery and monitoring processes. Defined in the column m_SnmpPort in the database table snmpStack.
Does Linux support SNMP? ›The most common SNMP configuration on Linux/UNIX is by using the net-snmp package maintained by http://www.net-snmp.org/ (aka "the nice BSD folks"). Installing and configuring net-snmp varies slightly depending on the specific Linux/UNIX distribution you are working with.
How do I connect to SNMP service? ›Click Start, point to Control Panel, point to Administrative Tools, and then click Computer Management. In the console tree, expand Services and Applications, and then click Services. In the right pane, double-click SNMP Service.
Is SNMP required? ›SNMP monitoring tools are necessary to: Automatically discover, monitor, and manage network devices. Monitor key performance metrics at the device and interface level.
Is enabling SNMP safe? ›Both the original SNMPv1 and SNMPv2c are vulnerable to this type of attack because they display community strings in clear-text. As a consequence, one of the best ways to protect against DoS and man-in-the-middle attacks is to avoid using SNMPv1 and SNMPv2c, while restricting SNMP-enabled devices to read-only access.
How set SNMP string in Linux? ›
- Execute the following command: > yum install net-snmp.
- Set the SNMP v1 Read-Only Community String as 'public' by adding the line below to the configuration file (/etc/snmp/snmpd.conf): rocommunity public.
- Restart the snmpd service: /bin/systemctl restart snmpd.service.
Click Get SNMP variable icon (the 7th icon below the menu bar) or go to Operations > Get. The attribute values of each row in the selected SNMP OID are displayed as a result. Copy the Object ID displayed below and add as a tabular performance counter.
What is the difference between an SNMP MIB and an OID? ›MIB files are written in an independent format and the object information they contain is organized hierarchically. The various pieces of information can be accessed by SNMP. OIDs or object identifiers are uniquely identify managed objects in the MIB.
What is snmpd Service Linux? ›snmpd is an SNMP agent which binds to a port and awaits requests from SNMP management software. Upon receiving a request, it processes the request(s), collects the requested information and/or performs the requested operation(s) and returns the information to the sender.
What is the default SNMP port? ›The default SNMP port number is 161. snmp-agent-protocol—The protocol the SNMP agent will communicate with. The default protocol is UDP. system-contact—The contact information for this sensor.
How do I set up a SNMP trap server? ›- Ensure that SNMP is enabled and then enable traps in your network device.
- Set the trap destination host address as the IP address or the host name of the respective On-Premise Poller.
- Set the trap destination port to be 162.
- Specify Community. ...
- Save the configuration.
Compare between SNMP v1, SNMP v2 and SNMP v3. SNMPv3 is the newest version of SNMP. SNMPv2 failed to improve on security. Its primary feature is enhanced security.
What is the difference between SNMP and Snmpd? ›snmp contains tools to talk to SNMP "agents". snmpd contains a server which you can install on a device to implement such an "agent". It listens for SNMP client connections and delivers responses to requests for status reports.
Is SNMP port 161 TCP or UDP? ›SNMP is a request/response protocol. UDP port 161 is its well-known port. SNMP uses UDP as its transport protocol because it has no need for the overhead of TCP.
Does SNMP need an IP address? ›SNMP access requires an IP address and subnet mask configured on the switch. If you are using DHCP/Bootp to configure the switch, ensure that the DHCP/Bootp process provides the IP address.
Can SNMP be hacked? ›
If SNMP is allowed to remain open, hackers are able to obtain information such as ARP table network information, usernames and open TCP ports that can allow them to attack the system further.
What is the replacement for SNMP? ›WMI and CIM.
Windows Management Instrumentation (WMI) is a popular implementation of the Common Information Model (CIM) for monitoring and managing Windows devices. In many cases, particularly Windows environments, WMI or CIM can supplement or replace SNMP.
By disabling SNMP, you significantly hamper your organizations ability to monitor infrastructure. Yes, other protocols like WMI, SOAP and the RESTful API are available, but they often incur much higher CPU utilization on the monitoring server and monitored devices.
Why do we need SNMP? ›Although the original purpose of the Simple Network Management Protocol (SNMP) was to let network administrators remotely manage an Internet system, the design of SNMP lets network administrators manage applications and systems. SNMP provides the following capabilities: Hides the underlying system network.
Why is SNMP still used? ›Without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network or determine the status of network devices in real-time.
How do you check if a SNMP trap is received in Linux? ›Open a command prompt and type snmputil trap. If no traps are received by snmputil, then catrapd will not display any traps. You can use a network sniffer to determine if traps are being received by your system. UDP 0.0.
What are ports 161 and 162? ›SNMP ports are utilized via UDP 161 for SNMP Managers communicating with SNMP Agents (i.e. polling) and UDP 162 when agents send unsolicited Traps to the SNMP Manager.
What is a .my file SNMP? ›Many IT organizations use Simple Network Management Protocol (SNMP) tools, such as those provided by the Net-SNMP open source project, to monitor and extend data that identifies products and potential problems that those hardware and software products recognize.
What are the 3 elements of SNMP? ›SNMP consists of three key components: managed devices, agents, and the network management station (NMS). A managed device is a node that has an SNMP agent and resides on a managed network.
Does SNMP use Ping? ›SNMPc supports various device access modes including TCP only, ICMP (Ping), SNMP V1, SNMP V2c and SNMP V3. Each mode is briefly described below. Null access is used for polling TCP services only, where ICMP/SNMP access is restricted by a firewall.
Is port 162 UDP or TCP? ›
Side note: UDP port 162 uses the Datagram Protocol, a communications protocol for the Internet network layer, transport layer, and session layer. This protocol when used over PORT 162 makes possible the transmission of a datagram message from one computer to an application running in another computer.
What is the difference between port 139 and 445? ›Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network. Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.
What is the difference between SMTP and SNMP? ›For instance, using the GET command, the SNMP Manager can acquire information from a device. The Managed Devices may include PCs, Routers, Servers and Switches etc. SMTP stands for Simple Mail Transfer Protocol. It deals with the methods, to send and receive email from one client to another over the internet.
Is SNMP enabled by default? ›By default, SNMP is disabled. 3. If you enable SNMP, specify the SNMP version. The security appliance provides support for network monitoring using SNMP Versions 1, 2c, and 3.
Should I enable SNMP? ›SNMP is without a doubt a very useful protocol for the management and monitoring of network devices, servers and applications. Whether it is secure or not really comes down to the level of risk which is acceptable to the organisation. SNMPv1 and v2c do have flaws in that authentication is almost non-existent.
What is the command for SNMP? ›The snmpset command sets the value of a MIB object. It adds an OID to the current SNMP SET PDU, or if a PDU does not already exist, it creates one. Once you have constructed a SET PDU using one or more snmpset commands, send it using the snmpsync command. Table 4 describes each parameter in this command.
Is it safe to enable SNMP? ›Is SNMP a secure protocol? SNMP v3 is secure. However, SNMP v1 and SNMP v2c are not secure. SNMP v3 includes processes for authentication and messages are encrypted.
What are ports 161 and 162 used for? ›161 or 162? SNMP uses both port 161 and port 162 for sending commands and messages. The "SNMP manager" at the head of your system sends commands down to a network device, or "SNMP agent," using destination port 161.
How do I find my SNMP details? ›Click Start>Control Panel>Administrative Tools>Computer Management. Click on Services>Applications>Services. Double-click on the SNMP Service option. Go to the Security tab and enter your connection string.
How do I check my SNMP settings? ›Click “Start,” “Administrative Tools,” then “Server Manager.” Click “Features,” then “Add Features.” At this stage, verify all the correct SNMP services have been installed. Click “Configuration,” then “Services.” Right-click on “SNMP Service,” then click “Properties.”
What is the most secure SNMP version? ›
SNMPv3. This version of SNMP supports the remote configuration of SNMP entities. It also adds both encryption and authentication, which can be used together or separately, making this the most secure version yet. SNMPv3 is defined by RFC 1905, RFC 1906, RFC 2571, RFC 2572, RFC 2574, and RFC 2575.
Should SNMP be exposed to Internet? ›Direct Attack on the device.
If SNMP is open to the Internet, the device is open to a direct DDoS attack. A low-level DDoS attack that is just enough to overload the device's route processor will be as effective as a colossal bandwidth-intensive volumetric attack.