Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
For most common Linux-based application and devices, enabling the SNMP background service is an essential step to configuring your host for monitoring. The goal of this page is to provide you with a general understanding of how to configure SNMP on your Linux host and troubleshoot issues that may relate to IPtables blocking either of these protocols from working to the utmost potential. Depending on your configuration, additional adjustments may be necessary.
If you are looking for help configuring SNMP v3, see SNMPv3 Configuration. If you are looking for help troubleshooting SNMP, see Troubleshooting SNMP.
To ensure that you have sufficient permission, you should become root or use the sudo command for the following configuration steps.
rocommunity $CommunityString <10.0.0.0/8>
2. You may either replace the entire text file or you can prepend the above line to the top of the file. It is recommended that you backup your existing file:
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.old
3. The IP range is optional. If set, only hosts within that network/mask combination will be able to query snmpd, so ensure it contains the IP address of the LogicMonitor collector(s) that will monitor this Linux device. You can enable all addresses by omitting the IP.
4. If you are running Dell hardware you will also want to include these lines in snmpd.conf so the underlying hardware can be monitored via the Dell OpenManage suite of packages:
smuxsocket 127.0.0.1 smuxpeer .220.127.116.11.4.1.674.10892.1
5. After updating the snmpd.conf file, set snmpd to start on boot and start it now:
chkconfig snmpd on service snmpd restart
For instructions specific to the Linux distribution you are using, see the RedHat/CentOS and Debian/Ubuntu sections below.
yum install net-snmp
2. Optionally, you can install snmpwalk and other tools that can be useful for troubleshooting:
yum install net-snmp-utils
3. Move the default config file and keep it as backup:
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.original
4. Define an snmp community in a new config file:
echo "rocommunity notpublic" > /etc/snmp/snmpd.conf
Note the following:
If you are using sudo, the command may look like:
sudo sh -c "echo 'rocommunity notpublic' > /etc/snmp/snmpd.conf"
Optionally, you can include an IP address or a range of IP addresses to restrict which IP addresses can connect to your system via SNMP. To do this, add the IP address after the community string in the command above:
echo "rocommunity notpublic 10.9.8.0/24" > /etc/snmp/snmpd.conf
5. Start the daemon, and set it to start on server boot. For RedHat/CentOS 7.0 you can use the following commands:
systemctl restart snmpd.service
systemctl enable snmpd.service
For older versions of RedHat/CentOS, use the following commands:
chkconfig snmpd on
apt-get install snmpd
2. Back up the original snmpd.conf file
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
3. Create a new snmpd.conf file, replacing “logicmonitor” with the community string that you are using.
echo "rocommunity logicmonitor" > /etc/snmp/snmpd.conf
4. Edit the snmpd file.
5. Comment out the following line (or similar):
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -p /var/run/snmpd.pid'
6. Add the following line below the link you commented out:
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
7. If you are running iptables, make the following exception, replacing “10.1.1.10” with the IP of your collector machine:
iptables -A INPUT -p udp -s 10.1.1.10 --dport 161 -j ACCEPT
8. Save and close the file.
9. Depending on your environment, execute one of the following sets of commands to restart snmpd and set it to start on server boot:
systemctl restart snmpd
systemctl enable snmpd
service snmpd start
chkconfig snmpd on
The following procedures detail how to allow both SNMP and NTP access for Linux devices.
-A RH-Firewall-1-INPUT -p udp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 123 -j ACCEPT
4. Save and close the file.
5. Restart the firewall service using the following command:
service iptables restart
Use the following commands to add firewall rules using firewalld:
firewall-cmd --permanent --add-port=161/udp
firewall-cmd --permanent --add-service=ntp
firewall-cmd --permanent --list-all
In This Article