For CentOS/RHEL 5 and 6
On CentOS/RHEL 5 there is no configuration file for snmptrapd.conf. As per manual pages “The Net-SNMP notification receiver (trap daemon) uses one or more configuration files to control its operation and how incoming traps(and INFORM requests) should be processed. This file (snmptrapd.conf)can be located in one of several locations, as described in the snmp_config(5) manual page.”
The configuration file /etc/snmp/snmptrapd.conf can be manually created if it doesn’t exists. On CentOS/RHEL 6 these configuration files exists. snmp listens on port 161 and snmptrapd listen on 162.
snmp configuration:
To make snmpd to listen on localhost (127.0.0.1) append the below line to /etc/snmp/snmpd.conf using echo command followed by restart or reload the service.
# echo "agentAddress 127.0.0.1" >> /etc/snmp/snmpd.conf
To make snmpd to listen remotely append the below line to /etc/snmp/snmpd.conf with IP of the server using echo command and restart the service.
# echo "agentAddress" >> /etc/snmp/snmpd.conf # /etc/init.d/snmpd restart
Check if it is listening on localhost/IP:
# netstat -ntulp | grep :161
snmptrapd configuration:
To make snmptrapd to listen on localhost (127.0.0.1) append the below line to /etc/snmp/snmptrapd.conf using echo command and restart or reload the service.
# echo "snmpTrapdAddr 127.0.0.1" >> /etc/snmp/snmptrapd.conf # /etc/init.d/snmptrapd restart
To make snmptrapd to listen remotely append the below line to /etc/snmp/snmptrapd.conf w with IP of the server using echo command and restart the service.
# echo "agentAddress" >> /etc/snmp/snmptrapd.conf
Check if it is listening on locahost/IP.
# netstat -ntulp |grep :162
Since these ports use UDP for connection you can check the connectivity with nc and not with telnet.
# nc -vz -u 127.0.0.1 161 Connection to 127.0.0.1 161 port [udp/snmp] succeeded!
# nc -vz -u 127.0.0.1 162 Connection to 127.0.0.1 162 port [udp/snmptrap] succeeded!
snmpd configuration on CentOS/RHEL 7
Login to CentOS/RHEL 7 server via ssh as root. Install below packages for snmpd if not already installed.
# yum install net-snmp-utils net-snmp-devel net-snmp
If snmpd is already configured and running, stop the service using below command:
# systemctl stop snmpd.service
# net-snmp-create-v3-user -ro -A test123authPass -a SHA -X test123encPass -x AES user1 adding the following line to /var/lib/net-snmp/snmpd.conf: createUser user1 SHA "test123authPass" AES test123encPass adding the following line to /etc/snmp/snmpd.conf: rouser user1
# systemctl start snmpd.service
Testing with snmpwalk locally:
# snmpwalk -u user1-A test123authPass -a SHA -X test123encPass -x AES -l authPriv 127.0.0.1 -v3
If you have firewall enabled; add enable snmp ports at firewalld level using below commands:
# firewall-cmd --zone=public --add-port=162/udp --permanent # firewall-cmd --zone=public --add-port=161/udp --permanent # firewall-cmd --reload
Testing with snmpwalk from Remote machine:
# snmpwalk -u user1 -A test123authPass -a SHA -X test123encPass -x AES -l authPriv 192.168.22.21 -v3