SNMP Network Monitoring
Simple Network Management Protocol for monitoring network devices.
SNMP Versions
| Version | Security | Authentication |
|---|---|---|
| v1 | Low | Community string |
| v2c | Low | Community string |
| v3 | High | User-based |
Install SNMP Tools
# Debian/Ubuntu
sudo apt install snmp snmpd snmp-mibs-downloader
# Enable MIBs
sudo sed -i 's/^mibs :/# mibs :/' /etc/snmp/snmp.confConfigure SNMP Agent
/etc/snmp/snmpd.conf
# Listen on all interfaces
agentAddress udp:161,udp6:[::1]:161
# System information
sysLocation Data Center 1
sysContact [email protected]
sysServices 72
# SNMPv2c communities
rocommunity public localhost
rocommunity public 192.168.1.0/24
# SNMPv3 user
createUser authPrivUser SHA "authPassword123" AES "privPassword123"
rouser authPrivUser authPriv
# Views
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# Disk monitoring
disk / 10%
disk /var 20%
# Process monitoring
proc sshd
proc nginxRestart Service
sudo systemctl restart snmpd
sudo systemctl enable snmpdSNMP Commands
snmpwalk
# Walk entire tree
snmpwalk -v2c -c public localhost
# Specific OID
snmpwalk -v2c -c public localhost 1.3.6.1.2.1.1
# With MIB names
snmpwalk -v2c -c public localhost system
# SNMPv3
snmpwalk -v3 -u authPrivUser -l authPriv -a SHA -A "authPassword123" -x AES -X "privPassword123" localhost systemsnmpget
# Get specific OID
snmpget -v2c -c public localhost sysUpTime.0
# Multiple OIDs
snmpget -v2c -c public localhost sysName.0 sysLocation.0snmpset
# Set value (requires RW community)
snmpset -v2c -c private localhost sysLocation.0 s "New Location"Common OIDs
System Information:
.1.3.6.1.2.1.1.1.0 sysDescr
.1.3.6.1.2.1.1.3.0 sysUpTime
.1.3.6.1.2.1.1.5.0 sysName
.1.3.6.1.2.1.1.6.0 sysLocation
Interfaces:
.1.3.6.1.2.1.2.2.1.2 ifDescr
.1.3.6.1.2.1.2.2.1.10 ifInOctets
.1.3.6.1.2.1.2.2.1.16 ifOutOctets
Host Resources:
.1.3.6.1.2.1.25.2.2.0 hrMemorySize
.1.3.6.1.2.1.25.3.3.1.2 hrProcessorLoad
Network:
.1.3.6.1.2.1.4.3.0 ipInReceives
.1.3.6.1.2.1.4.10.0 ipOutRequestsMonitor Interface Traffic
# Get interface names
snmpwalk -v2c -c public localhost ifDescr
# Get input octets
snmpwalk -v2c -c public localhost ifInOctets
# Get output octets
snmpwalk -v2c -c public localhost ifOutOctets
# Calculate bandwidth script
#!/bin/bash
HOST=$1
COMMUNITY=$2
INTERFACE=$3
IN1=$(snmpget -v2c -c $COMMUNITY $HOST ifInOctets.$INTERFACE -Oqv)
sleep 5
IN2=$(snmpget -v2c -c $COMMUNITY $HOST ifInOctets.$INTERFACE -Oqv)
DIFF=$((IN2 - IN1))
RATE=$((DIFF / 5 * 8 / 1024))
echo "Inbound: $RATE kbps"SNMPv3 Security
Create User
# Stop service
sudo systemctl stop snmpd
# Create user
sudo net-snmp-create-v3-user -ro -A authPassword123 -X privPassword123 -a SHA -x AES authPrivUser
# Start service
sudo systemctl start snmpdTest SNMPv3
snmpwalk -v3 -u authPrivUser -l authPriv \
-a SHA -A "authPassword123" \
-x AES -X "privPassword123" \
localhost systemSNMP Trap Configuration
Send Traps
# /etc/snmp/snmpd.conf
trap2sink 192.168.1.10 public
informsink 192.168.1.10 public
# Send test trap
snmptrap -v2c -c public 192.168.1.10 '' .1.3.6.1.4.1.8072.2.3.0.1 \
.1.3.6.1.4.1.8072.2.3.2.1 s "Test trap message"Receive Traps
# /etc/snmp/snmptrapd.conf
authCommunity log public
traphandle default /usr/local/bin/handle_trap.shSecurity Best Practices
- Use SNMPv3 - Encrypted and authenticated
- Restrict access - ACLs for SNMP networks
- Change communities - Never use "public"
- Firewall rules - Limit port 161/162
- Monitor logs - Watch for enumeration
# Firewall rules
sudo iptables -A INPUT -p udp --dport 161 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 161 -j DROPBest Practices
- Use SNMPv3 - Always for production
- Restrict communities - By IP and view
- Monitor traps - Set up trap handlers
- Document OIDs - For your devices
- Regular polling - Balance frequency vs load
- snmp
- network monitoring
- oid
- mib
- snmpd
- network management