Checklist: Setting up SNMP on Linux
 
Every so often, monitoring devices via SNMP causes issues. We collect the most common problems with SNMP in this article. On Linux systems, some additional points have to be considered. This article sums up the basic steps to set up SNMP on Debian-based systems for monitoring with PRTG. However, specific problems often require deeper analysis. If you have followed the checklist below and monitoring still does not work, do not hesitate to contact our support!
Good resources for information about SNMP on Linux systems are Debianhelp and ubuntuusers Wiki (only in German). Please refer to these pages if you need more details on this topic.
Note: This article applies to Debian-based systems. For other Linux distributions like RedHat, CentOS, and Suse you will have to adapt the following steps a bit. For details, please see this article on dump4.network.eu.
1. Set up SNMP
 
First, you need an SNMP server on your Linux machine. Install the packet snmpd to query network components and the packet snmp to request values (i.e., walk, get, etc.). Use the following commands:
sudo apt-get install snmpd
sudo apt-get install snmp
After installing these packets, you have to accomplish the following configuration steps.
Basic Configuration: SNMP v1 and v2
 
The configuration file snmpd.conf is located in the /etc/snmp directory. Please make a backup of the original file before editing.
You have to set up the SNMP server in order to allow read access from other machines. Open the configuration file with an editor.
 #       sec.name  source          community
com2sec paranoid  default         public
Change the entry paranoid to readonly or readwrite. You can define sources as you want (e.g., 127.0.0.1 to allow access only from the local machine), as well as you can modify the community string. Save the changes to the configuration and restart the SNMP daemon:
 sudo service snmpd restart
Basic Configuration: SNMP v3
 
If you want to use SNMP v3, you need the packet openssl additionally. Stop the SNMP daemon and create an SNMP v3 user:
 sudo service snmpd stop
 
 sudo net-snmp-config --create-snmpv3-user -ro -X DES -A MD5 -a "SNMP_PWD" -x "SNMP_PWD" username
 
After that, force encryption in the file /usr/share/snmp/snmpd.conf by adding AuthPriv:
rouser username AuthPriv
 
Furthermore, delete the file /etc/snmp/snmpd.conf and create a new one with the following content:
group groupv3             usm      username  
view    all included   .iso      80
# context sec.model                      sec.level   match  read        write      notif
access groupv3         ""        any       auth      exact    all         all        all
syslocation Unknown  
syscontact Root <root@localhost>
 
Then start the daemon again:
sudo service snmpd start
 
2. Set up Access
 
By default, only requests on localhost are allowed. In order to allow access for other IPs on the monitored computer, modify the start options in the file /etc/default/snmpd. There is the following line:
 SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
You have two options now:
In order to allow requests for all network interfaces, delete 127.0.0.1 from the line.
To allow requests only for specific devices, add the corresponding IPs after 127.0.0.1 separated by spaces. Then restart snmpd. You can also allow access only for specific computers by modifying /etc/snmp/snmpd.conf accordingly. Just specify the sources there with the IP addresses that should get access.
# com2sec paranoid  default         public
# com2sec readonly  default         public
com2sec     readonly  xxx.xxx.xxx.xxx/32         public
com2sec     readonly  yyy.yyy.yyy.yyy/32         public
 
Note: If you have a firewall, you need to open the UDP port 161 to get access from other computers. For example, use the following commands to open access:
iptables -A OUTPUT -p udp -m udp --sport 161 -j ACCEPT
iptables -A ufw-user-input -p udp -m udp --dport 161 -j ACCEPT
 
3. Test the Configuration with an SNMP Walk
 
You can test your configuration with an SNMP walk. A walk shows you lists of return values requested from a specific device. Use the following command to show a list of available data on your Linux machine:
snmpwalk –v1 –c public localhost
With the following command, a list of memory values on a specific device (indicated with <IP> ) is returned:
snmpwalk v1 –c –private <IP> memory
 
Note: Do not only use 127.0.0.1 for testing but also external IPs.
4. Test the Configuration with the SNMP Tester
 
Use the SNMP Tester to run test queries against your Linux device. This tool enables you to debug SNMP activities in order to find problems in your SNMP configuration. For more information, the download, and the manual, please refer to Paessler SNMP Tester.