Setting up SNMP
In order to get the most out of your installation it is preferable to have your systems ready for SNMP Monitoring.
Vendors that provide SNMP management support have different methods for enabling the service and access to it.
We aim to assist in the set-up of common systems here, but you may need to refer to manufacturers documentation in some cases.
Before embarking on a roll-out of SNMP please refer to our SNMP security guidelines at www.mutiny.com/PDFs/GuidelinePolicyOnTheUseOfSNMP.pdf
Manager - The ipaddress of the monitoring system
Community String - access password for the service
Read Only - as it suggests this is a restriction on the ability to send configuration commands
Read Write - Allows configuration changes . NOT required for Mutiny installations
Traps - Alert messages sent by the device. Point to Mutiny address.
Windows 2000/2003 Servers
With windows 2000 the SNMP service is normally installed and running with "public" as the community string and no restriction on access.
If not installed the service can be added from;
[Control Panels]=>[Add or Remove Programs]=>[Windows Components]=>[Management & Monitoring Tools]=>[Simple Network Management Protocol]
Without some minor configuration your Windows 2003 servers are not fully discovered.
This is because the default security on 2003 is tighter.
To allow Mutiny to monitor 2003 SNMP do the following;
1. Connect to your 2003 server as administrator and open the "Services" snap-in and scroll down to the SNMP service.
2. Select the |Security| tab and you will see 2 sections.
3. In the upper section you can define the SNMP Community String (password). Windows 2000 used "public".
4. In the lower section use the [Add] button to add the IP address of the Mutiny server.
5. Apply the changes and close the properties window.
6. Right click on the SNMP service and select "Restart" to effect the changes.
Link to HP Insight agents for HP hardware monitoring.
Windows 2008/2012 Servers
As 2003 but you need to add the service from the add service/features and you also need to edit the firewall policy to allow domain access to the SNMP service for polling.
Most linux distributions use NET SNMP as the default installed SNMP agent, generally all that is required to make these work is to know the community string that has been set up. However, the standard config files do not provide much more than basic system information and therefore we have provided a set of configuration files that you can use to give you CPU disk and memory values where available. snmp configuration files.
Find where your Net-SNMP configuration files are located – normally “/etc/snmp”.
Copy from the archive, the files “snmpd.conf” & “snmpd.local.conf” to this directory, overwriting any files of the same name that are there already.
- If necessary, use an editor of your choice to change the SNMP Community String (on lines 8 & 9) of the file “snmpd.conf”, from the default “public”, to the string of your choice (note these strings are case-sensitive).
- In the file “snmpd.local.conf”, you should change the “sysLocation” and “sysContact”, from the defaults, to their correct values for your system.
- Next you need to restart the snmpd daemon:
# /etc/init.d/snmpd restart.
There are a few options regarding access control lists etc, but basically do the following;
1. Telnet to your device and login with your password.
2. type "en" and return to enter enabled mode.
3. Enter your enable password.
4. Type "sh run" to display the running config. Look for the line "snmp-server community ....." to see if the service is already configured, if not;
5. type "conf t" to enter config mode from a terminal.
6. paste in the following lines one at a time. Comments in italics
access-list 10 permit (mutinyipaddress)
make sure access list 10 is not already used in the running config choose another number if necessary and use the number at the end of the next command.
snmp-server community public ro 10
logging trap warnings
7. do a ctrl-Z to leave config mode.
8. type "copy run star" to write the config to the startup config.
9. Type "exit" to leave
The command "logging trap warnings" adds additional alert traps to be sent to mutiny some useful ones include;
- Authentication failures
- Configuration changes
- Transient link failures
VMware includes SNMP monitoring it just needs a small amount of configuration.
VMware ESXi 6+ (does not apply to free hypervisor version)
First enable the SSH service on the Host.
Then shell on with your root user account and run the following commands:
esxcli system snmp set -r
esxcli system snmp set -c public (or your chosen community string)
esxcli system snmp set -p 161
esxcli system snmp set -L "Location etc"
esxcli system snmp set -C email@example.com
esxcli system snmp set -e yes
VMware ESXi 5, 5.5 (does not apply to free hypervisor version)
Using the Vsphere remote cli run the following commands to the host;
vicfg-snmp.pl --server hostname --username username --password password -c public
vicfg-snmp.pl --server hostname --username username --password password --enable
vicfg-snmp.pl --server hostname --username username --password password -p 161
To send traps to mutiny use
vicfg-snmp.pl --server hostname --username username --password password -t your.mutiny.add@162/public
Remember to add the Mutiny Trap agent to the list of agents on the node in Mutiny.
further reading at; vSphere Documentation Centre
Other sources of reference
http://www.net-snmp.org/wiki/index.php/Main_Page#The_Net-SNMP_Wiki NET-SNMP for unix variants