snmp = Simple Network Management Protocol - monitoring/management of remote devices The SNMP agent receives requests on UDP port 161 (TLS might use 10161 with 10162 for traps) SNMPv1 -> SNMPv2c = SNMPv2 with the community string (instead of a complex security model) SNMPv3 can support encryption (DES)
snmpd = snmp daemon = managed device (i.e. router,voip phone,server,etc) MIB = management information bases (the actual data that can be presented via SNMP) - a hierarchical namespace containing object identifiers (OID) - a variable that can be read/set via SNMP The internet as the OID 1.3.6.1, which is defined as a subtree of iso.org.dod, or 1.3.6 - to be able to query by "object name" the client needs the correct MIB (maps the oid to the resource and name) - Counters go up and reset at the max, gauge's do not exceed the max (i.e. netw traffic vs cpu usage)
apt-get update (apt-get upgrade) apt-get install snmpd -y (For an snmp client then use apt-get install snmp , required for snmpwalk testing...)
define security config (i.e. what ip addresses, what "community string" password, etc.)
sudo vi /etc/snmp/snmpd.conf
com2sec SECURITYNAME NETWORKALLOWED COMMUNITYSTRINGPASSWORD
com2sec localhost localhost public
group GROUPNAME SNMPVERSION SECURITYNAME
group MyLocalhost v1 localhost group MyLocalhost v2c localhost
view VIEWNAME INCLUDED/EXCLUDED OPTIONAL-MASK
view all included .1
inclusion - you access only that branch of the mib tree
exclusion - you access all the branches except that one
access GROUPNAME CONTEXT SNMPVERSION SECURITY MATCH READ WRITE NOTIFICATION
access MyLocalhost "" all noauth exact all none none
ALSO: sudo vi /etc/default/snmpd
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
if you prefer to restrict what interfaces append at the end...
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1 192.168.1.1'
FIREWALL - snmp uses UDP 161
below would restrict udp 161 access to only the subnet: 192.168.1.0/24
/sbin/iptables -A RH-Firewall-1-INPUT -p udp -s 192.168.1.0/24 -m udp --dport 161 -j ACCEPT
/usr/share/snmp/mibs/ You might add new .txt config based MIB files...
TESTING snmpwalk (version) (community string) (target ip) (target oid)
general info
snmpwalk -v 1 -c public localhost system
everything
snmpwalk -c public -v 1 127.0.0.1 . snmpwalk -c public -v 2c 127.0.0.1 . | grep time
test from a remote machine
snmpwalk -c public -v2c 10.10.10.197 system snmpwalk -c public -v2c 10.10.10.197
processes
snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2
disk check
snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9
for more info on SNMPv3 http://crazy8s.info/wiki/index.php/Network_-_SNMPv3_Configuration for more info on MIB's http://www.net-snmp.org/wiki/index.php/TUT:snmptranslate http://oreilly.com/catalog/esnmp/chapter/ch02.html
Similar to Disk monitoring specific processes can be monitored:
proc NAME [MAX=0] [MIN=0] proc sendmail 10 1
snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2
Further example ubuntu configs of snmpd.conf
syslocation California syscontact support@domain.com
com2sec Localhost localhost mypassword com2sec Subnet 192.168.1.0/24 mypassword
group MyLocalhost v2c Localhost group MySubnet v2c Subnet
view all included .1 80 view system included .1.3.6.1.2.1.1 view system included .iso.org.dod.internet.mgmt.mib-2.system
access MyLocalhost "" any noauth exact all none none access MySubnet "" any noauth exact system none none
syslocation California syscontact support@domain.com
com2sec Localhost localhost mypassword group MyLocalhost v2c Localhost view all included .1 80 access MyLocalhost "" any noauth exact all none none
com2sec Subnet 10.10.10.0/24 mypassword group MySubnet v2c Subnet
iso.org.dod.internet.mgt = 1.3.6.1.2
iso.org.dod.internet.private = 1.3.6.1.4
sysName
view system included iso.org.dod.internet.mgmt.1.1.5
ip address, interfaces, subnet
view system included iso.org.dod.internet.mgmt.1.4.20.1
hrSystemUptime
view system included iso.org.dod.internet.mgmt.1.25.1.1
Total RAM
view system included iso.org.dod.internet.private.1.2021.4.5.0
Memory available RAM
view system included iso.org.dod.internet.private.1.2021.4.6.0
Disk basics
disk / 5% view system included iso.org.dod.internet.private.1.2021.9.1
cpu idle percentage
view system included iso.org.dod.internet.private.1.2021.11.11
access MySubnet "" any noauth exact system none none
snmpwalk -c public -v2c 10.10.10.197 .