When you intend to monitor your devices using SNMP it’s best to use SNMP version 3 as it offers authentication and encryption. Both SNMP versions 1 and 2 only use the community-string as the password and all traffic is clear text. Configuring SNMPv3 on CentOS is pretty easy, in this lesson, I’ll show you how to do it.
First, install the required SNMP utilities.
# yum install net-snmp net-snmp-utils net-snmp-libs
Make sure that the SNMP daemon is not running, or you will be unable to add a new user:
# service snmpd stop
Stopping snmpd: [ OK ]
Now we will create a new SNMPv3 user called “SNMPV3USER”. I will use MD5 for authentication and AES encryption, “AUTH-PASS” will be the password for authentication, and “ENCRYPT-PASS” will be used for encryption:
# net-snmp-create-v3-user -ro -A AUTH-PASS -X ENCRYPT-PASS -a MD5 -x AES SNMPV3USER
Now we can start the SNMP daemon:
# service snmpd start
Starting snmpd: [ OK ]
Make sure the SNMP daemon starts whenever you reboot your machine. You can do this with the chkconfig
command:
# chkconfig snmpd on
# chkconfig | grep snmpd
snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
This ensures that it runs at runlevel 3,4, and 5. You are now ready to monitor your CentOS machine, just to be sure, we can use snmpwalk
to test if everything is reachable and working:
# snmpwalk -v 3 -u SNMPV3USER -a MD5 -A AUTH-PASS -l authPriv -x AES -X ENCRYPT-PASS 192.168.81.250
iso.3.6.1.2.1.1.1.0 = STRING: "Linux asterisk.networklessons.local 2.6.32-358.11.1.el6.x86_64 #1 SMP Wed Jun 12 03:34:52 UTC 2013 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (16738) 0:02:47.38
iso.3.6.1.2.1.1.4.0 = STRING: "Root <root@localhost> (configure /etc/snmp/snmp.local.conf)"
iso.3.6.1.2.1.1.5.0 = STRING: "asterisk.networklessons.local"
iso.3.6.1.2.1.1.6.0 = STRING: "Unknown (edit /etc/snmp/snmpd.conf)"
iso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.11.2.3.1.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.15.2.1.1
iso.3.6.1.2.1.1.9.1.2.3 = OID: iso.3.6.1.6.3.10.3.1.1
iso.3.6.1.2.1.1.9.1.2.4 = OID: iso.3.6.1.6.3.1
As you can see, I’m able to extract information from my CentOS server using the SNMPv3 user account that we created. You are now ready to add it to the network management software of your choice. Good luck monitoring!