SNMP v1/v2 Configuration
For most common Linux-based application and devices, enabling the SNMP background service is an essential step in the the very minimal steps that it takes to configure your host for monitoring. The aim of this page is to provide you with a general understanding of how to configure SNMP on your Linux host, and troubleshoot issues that may relate to IPtables blocking either of these protocols from working to the utmost potential. Depending on your configuration, additional adjustments may be necessary.
The most basic steps to configure SNMP are as follows. To ensure that you have sufficient permission, you should become root or use the sudo command for the following configuration steps.
- Start out by editing your /etc/snmp/snmpd.conf file to declare your read-only community string (think of it as a password). We recommend you replace your entire /etc/snmp/snmpd.conf with a simple version:
- You may either replace the entire text file or you can prepend the above line to the top of the file. Of course, backing up your existing file is always a good idea:
- The IP range is optional. If set, only hosts within that network/mask combination will be able to query snmpd, so ensure it contains the IP address of the LogicMonitor collector(s) that will monitor this Linux device. You can enable all addresses by omitting the IP.
- If you are running Dell hardware you will also want to include these lines in snmpd.conf so the underlying hardware can be monitored via the Dell OpenManage suite of packages:
- After updating the snmpd.conf file, set snmpd to start on boot and start it now:
For more detailed instructions specific to the Linux distribution you are using, see the following RedHat/CentOS and Debian/Ubuntu sections:
The following procedures below detail how to allow both SNMP and NTP access for Linux devices.
- Access the command shell of the Linux host (via ssh or from the console).
- Open the file/etc/sysconfig/iptables in your preferred editor.
- After the line matching similar to "-A RH-Firewall-1-INPUT –p udp –dport 5353", add the following lines to the INPUT section: