Getting SNMP working on Ubuntu 18.04 can be a challenge. The reason is the default SNMP configuration file contains so many entries it’s totally overwhelming and additionally it might be configured to only listen on localhost. Finally if you don’t have UDP port 161 allowed on your firewall you will endless be going in circles.
In this article we will attempt to install SNMP on Ubuntu so that an external server can access your setup.
We’ll install the libraries, then do a backup and minimal configuration, and then start testing. Optionally we’ll check if there is a localhost restriction. I’ll leave the firewall checking to you or contact us if you require additional assistance.
SNMP library to install
sudo apt-get install snmpd
For testing, you would need snmpwalk, so do this
sudo apt-get install snmp
snmpd.conf file provided with Ubuntu is overly complicated and we really only need a few entries. So what we’ll do is first back it up so that we can start from scratch with some intelligent defaults:
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup
Now you can edit the file using your favourite text editor, e.g.
vi /etc/snmp/snmpd.conf and remove everything.
Note about Firewalls
You have to enable
161 on your firewall if you’re monitoring your server from the outside. Firewall configuration can prove one of the more challenging aspects of SNMP monitoring, because at times you might be going through multiple firewall, e.g. an AWS firewall, and a local Virtualmin firewall. If you get the following problem, you might well be dealing with a firewall issue:
Timeout: No Response from host.domain.com
Here is an example of a config that works.
If you’re using a system such as PRTG to monitor your servers, try the following settings:
# cat /etc/snmp/snmpd.conf com2sec readonly your_secret_community syslocation "Server Location" syscontact Firstname Lastname sysservices 76 master yes agentaddress udp:161 rocommunity your_secret_community
Once you’ve save the
snmpd.conf file, restart the
service snmpd restart
You can use snmpwalk to test SNMP, provided it’s installed. Install this utility by doing this:
apt install snmp
Then do: snmpwalk -c your_secret_community -v1 localhost from the localhost or remote host to test. First try
localhost then try the IP address of your server. Ideally you also want to perform this test from your NMS to the remote host.
/etc/default/snmpd for localhost restriction
You may have to check the following line to see if your SNMP is not locked to localhost:
# cat /etc/default/snmpd SNMPDOPTS='-Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
If you see
127.0.0.1 but you’re trying to connect SNMP from a remote system, remove the
Test to see if SNMP is listening on all ports:
[email protected]:~# netstat -ulnp | grep 161 udp 0 0 0.0.0.0:161 0.0.0.0:* 33914/snmpd
Missing Community Parameter
When you do
service snmpd status you might see the following message:
/etc/snmp/snmpd.conf: line 1: Error: missing COMMUNITY parameter
Ignore the error. It’s bogus.