This is the follow-up to my . Make sure you check out that post first for some background information if you need it.
So let’s get started.
If SNMP is not yet installed on your server, execute the following shell command:
sudo yum -y install net-snmp net-snmp-utils
Create an SNMP configuration file
When net-snmp is installed on the machine, a sample/default file is created. So lets move that file to a new location as we are not going to use it. Execute,
sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
Next, lets create a new file from scratch:
sudo vim /etc/snmp/snmpd.conf
Hit 'i' to enter insert mode, then enter in the following text:
Basic SNMP Community Information# Note Source IPs. Enter in your own IPs that will be allowed to communicate with the service.# It is recommended to allow localhost so you can run tests with snmpwalk.# Otherwise omit localhost if it is not needed.# You can list allowed subnets if you wish. Example below.## Community.Name Source.IP.Allowedrocommunity public 127.0.0.1rocommunity public 10.40.60.57rocommunity public 192.168.1.0/24# Optional location informationsyslocation MyLocation# Optional contact informationsyscontact Super User firstname.lastname@example.org# SNMP v3 User Information
** Note that the last line is commented out by the '#' and there is nothing in the SNMP v3 User Information section yet. Also, do NOT use "public". Define your own community name.
Save the file and exit by hitting Esc, then :wq to save and quit.
Create the SNMP v3 User
In this example, the read only SNMP v3 user we are going to create in this example defines three things
- snmpv3user = Rename this to the user name you desire.
- snmpv3authentication = Define your user authetication key here.
- snmpv3privacy = Define your privacy key here.
Execute the following commands in order to create your user:
sudo systemctl stop snmpd.service sudo net-snmp-create-v3-user -ro -A snmpv3authentication -a SHA -X snmpv3privacy -x AES snmpv3user sudo systemctl reload snmpd.service sudo systemctl start snmpd.service
** This specific user, with these specific options, is set up with SHA authentication and AES 128 bit privacy.
Note the difference in how to restart services in CoreOS/RHEL v7 - It now uses systemd which takes time to get used to...
So now the core configuration for SNMP v2c communities and your v3 user are now set up. Lets finish this by creating the firewall rules to allow the monitoring traffic in/out.
Create a Firewall Rule to Allow SNMP Traffic
Execute the following command,
sudo firewall-cmd --add-port=161-162/udp --zone=public --permanent
** This rule allows SNMP communication from ALL inbound IP addresses. Note that in v7 we must use "firewall-cmd" instead of iptables to make firewall rule changes.
Set SNMP to Run at Boot Time
sudo chkconfig snmpd on
From this point, you can now add in your CentOS/RHEL server to your monitoring system via SNMP v2c (as defined by your community you selected), or by SNMP v3 user you created.