The Geek Diary

CONCEPTS | BASICS | HOWTO

How To Configure SNMP Daemons: snmpd and snmptrapd on CentOS/RHEL 5,6 and 7

By

For CentOS/RHEL 5 and 6

On CentOS/RHEL 5 there is no configuration file for snmptrapd.conf. As per manual pages “The Net-SNMP notification receiver (trap daemon) uses one or more configuration files to control its operation and how incoming traps(and INFORM requests) should be processed. This file (snmptrapd.conf)can be located in one of several locations, as described in the snmp_config(5) manual page.”

The configuration file /etc/snmp/snmptrapd.conf can be manually created if it doesn’t exists. On CentOS/RHEL 6 these configuration files exists. snmp listens on port 161 and snmptrapd listen on 162.

snmp configuration:

To make snmpd to listen on localhost (127.0.0.1) append the below line to /etc/snmp/snmpd.conf using echo command followed by restart or reload the service.

# echo "agentAddress 127.0.0.1" >> /etc/snmp/snmpd.conf

To make snmpd to listen remotely append the below line to /etc/snmp/snmpd.conf with IP of the server using echo command and restart the service.

# echo "agentAddress " >> /etc/snmp/snmpd.conf
# /etc/init.d/snmpd restart

Check if it is listening on localhost/IP:

# netstat -ntulp | grep :161

snmptrapd configuration:

To make snmptrapd to listen on localhost (127.0.0.1) append the below line to /etc/snmp/snmptrapd.conf using echo command and restart or reload the service.

# echo "snmpTrapdAddr 127.0.0.1" >> /etc/snmp/snmptrapd.conf
# /etc/init.d/snmptrapd restart

To make snmptrapd to listen remotely append the below line to /etc/snmp/snmptrapd.conf w with IP of the server using echo command and restart the service.

# echo "agentAddress " >> /etc/snmp/snmptrapd.conf

Check if it is listening on locahost/IP.

# netstat -ntulp |grep :162

Since these ports use UDP for connection you can check the connectivity with nc and not with telnet.

# nc -vz -u 127.0.0.1 161
Connection to 127.0.0.1 161 port [udp/snmp] succeeded!
# nc -vz -u 127.0.0.1 162
Connection to 127.0.0.1 162 port [udp/snmptrap] succeeded!

snmpd configuration on CentOS/RHEL 7

Login to CentOS/RHEL 7 server via ssh as root. Install below packages for snmpd if not already installed.

# yum install net-snmp-utils net-snmp-devel net-snmp

If snmpd is already configured and running, stop the service using below command:

# systemctl stop snmpd.service
# net-snmp-create-v3-user -ro -A test123authPass -a SHA -X test123encPass -x AES user1
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser user1 SHA "test123authPass" AES test123encPass
adding the following line to /etc/snmp/snmpd.conf:
rouser user1
Note: You have two passwords here authentication password and privacy key for encryption. This should add a line /etc/snmp/snmpd.conf and /var/lib/net-snmp/snmpd.conf as mentioned in the console. So you need to delete those lines if you want to make any changes. So better take a backup of those two conf files.
# systemctl start snmpd.service

Testing with snmpwalk locally:

# snmpwalk -u user1-A test123authPass -a SHA -X test123encPass -x AES -l authPriv 127.0.0.1 -v3

If you have firewall enabled; add enable snmp ports at firewalld level using below commands:

# firewall-cmd --zone=public --add-port=162/udp --permanent
# firewall-cmd --zone=public --add-port=161/udp --permanent
# firewall-cmd --reload

Testing with snmpwalk from Remote machine:

# snmpwalk -u user1 -A test123authPass -a SHA -X test123encPass -x AES -l authPriv 192.168.22.21 -v3

You May Also Like