Saturday, 9 Feb, 2013 I've used this setup and it just workedTM, but I reckon it's not the best, since it doesn't supports views, groups and other (interesting) features. You may use it to get an introduction to net-SNMP. I'm also assuming you're willing to configure it on CentOS or Ubuntu (the sudo / apt commands refer to Ubuntu). Install NET-SNMP. Follow those steps to install net-snmp on your system (1st command = CentOS/2nd command = Ubuntu): yum install net-snmp-utils net-snmp-devel apt-get install snmp libsnmp-base snmpd sysv-rc-conf Configure NET-SNMP. My article uses a Read-only snmp user (remove "-ro" for a rw-one). Name:"user"; Password: "p@ssword": net-snmp-config --create-snmpv3-user -A MD5 -a p@ssword -x DES -X p@ssword -ro user sudo net-snmp-config --create-snmpv3-user -A MD5 -a p@ssword -x DES -X p@ssword -ro user The following autostarts snmpd: chkconfig snmpd on sudo sysv-rc-conf snmpd on Make a backup copy of the original snmpd.conf: sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.ori Then edit it /etc/snmp/snmpd.conf: ########################################################################### # SECTION: Access Control Setup # # rouser: a SNMPv3 read-only user # arguments: user [noauth|auth|priv] [restriction_oid] rouser user authpriv # rocommunity: a SNMPv1/SNMPv2c read-only access community name # arguments: community [default|hostname|network/bits] [oid] # read-only SNMPv2c naw from all IP addresses/networks: rocommunity public interface eth0 agentaddress 192.168.2.11:161 interface lo0 agentaddress 127.0.0.1:161 syslocation "hq" syscontact "[email protected]" Verify NET-SNMP. Launch snmpd: /etc/init.d/snmpd start Verify it works on your loopback I/F: snmpwalk -v 3 -a sha -A p@ssword -x des -X p@ssword -u user -l authPriv localhost | less Verify it works on your physical I/F adapter: snmpwalk -a MD5 -A p@ssword -x DES -X p@ssword -u user -c public -l authPriv 192.168.2.11 | less SNMP iptables rules. # SNMP iptables -A INPUT -p udp -m udp -s 0/0 --dport 161:162 -j ACCEPT Verify user is inside /usr/share/snmp/snmpd.conf: rouser user Enable net-snmp logging. [CentOS-only - for Ubuntu adjust accordingly] Enable net-snmp logging to snmpd.log: sed -i 's|OPTIONS="-LS0-6d -Lf /dev/null -p /var/run/snmpd.pid"|OPTIONS="-LS0-6d -Lf /var/log/snmpd.log -p /var/run snmpd.pid"|g' /etc/init.d/snmpd Also, put snmpd.log into logrotate.d, for example: /var/log/snmpd.log { notifempty missingok size 32M yearly compress compresscmd /usr/bin/bzip2 compressext .bz2 postrotate /sbin/service snmpd condrestart 2> /dev/null > /dev/null || true endscript } Debug NET-SNMP. From a terminal, stop the snmpd daemon and start it manually with: snmpd -f -L -Dread_config Enable SNMP debug option as a default, edit /etc/init.d/snmpd: OPTIONS="-Lsd -Lf /var/log/snmpd.log -p /var/run/snmpd.pid -a -Dread_config" NET-SNMP AES Support. [Bonus]: Check if your net-snmp instance supports AES (from http://www.zenoss.com/community/docs/zenoss-guide/2.4.2/apbs02.html). snmpwalk -x AES 2>&1 | head -1 IF "No hostname specified." -> AES Supported. IF "Invalid privacy protocol specified after -x flag: AES" -> AES NOT supported. Rate this post Andrea MatesiSenior Professional Network and Computer Systems Engineer during work hours and father when home. Andrea strives to deliver outstanding customer service and heaps of love towards his family. In this Ad-sponsored space, Andrea shares his quest for "ultimate" IT knowledge, meticulously brought to you in an easy to read format. Share this:LinkedIn Related