HxHippy

SNMP Network Monitoring

Configure SNMP for centralized network device monitoring and management.

Last updated: 2025-01-15

SNMP Network Monitoring

Simple Network Management Protocol for monitoring network devices.

SNMP Versions

Version Security Authentication
v1 Low Community string
v2c Low Community string
v3 High User-based

Install SNMP Tools

# Debian/Ubuntu
sudo apt install snmp snmpd snmp-mibs-downloader

# Enable MIBs
sudo sed -i 's/^mibs :/# mibs :/' /etc/snmp/snmp.conf

Configure SNMP Agent

/etc/snmp/snmpd.conf

# Listen on all interfaces
agentAddress udp:161,udp6:[::1]:161

# System information
sysLocation    Data Center 1
sysContact     [email protected]
sysServices    72

# SNMPv2c communities
rocommunity public localhost
rocommunity public 192.168.1.0/24

# SNMPv3 user
createUser authPrivUser SHA "authPassword123" AES "privPassword123"
rouser authPrivUser authPriv

# Views
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1

# Disk monitoring
disk / 10%
disk /var 20%

# Process monitoring
proc sshd
proc nginx

Restart Service

sudo systemctl restart snmpd
sudo systemctl enable snmpd

SNMP Commands

snmpwalk

# Walk entire tree
snmpwalk -v2c -c public localhost

# Specific OID
snmpwalk -v2c -c public localhost 1.3.6.1.2.1.1

# With MIB names
snmpwalk -v2c -c public localhost system

# SNMPv3
snmpwalk -v3 -u authPrivUser -l authPriv -a SHA -A "authPassword123" -x AES -X "privPassword123" localhost system

snmpget

# Get specific OID
snmpget -v2c -c public localhost sysUpTime.0

# Multiple OIDs
snmpget -v2c -c public localhost sysName.0 sysLocation.0

snmpset

# Set value (requires RW community)
snmpset -v2c -c private localhost sysLocation.0 s "New Location"

Common OIDs

System Information:
.1.3.6.1.2.1.1.1.0    sysDescr
.1.3.6.1.2.1.1.3.0    sysUpTime
.1.3.6.1.2.1.1.5.0    sysName
.1.3.6.1.2.1.1.6.0    sysLocation

Interfaces:
.1.3.6.1.2.1.2.2.1.2  ifDescr
.1.3.6.1.2.1.2.2.1.10 ifInOctets
.1.3.6.1.2.1.2.2.1.16 ifOutOctets

Host Resources:
.1.3.6.1.2.1.25.2.2.0  hrMemorySize
.1.3.6.1.2.1.25.3.3.1.2 hrProcessorLoad

Network:
.1.3.6.1.2.1.4.3.0    ipInReceives
.1.3.6.1.2.1.4.10.0   ipOutRequests

Monitor Interface Traffic

# Get interface names
snmpwalk -v2c -c public localhost ifDescr

# Get input octets
snmpwalk -v2c -c public localhost ifInOctets

# Get output octets
snmpwalk -v2c -c public localhost ifOutOctets

# Calculate bandwidth script
#!/bin/bash
HOST=$1
COMMUNITY=$2
INTERFACE=$3

IN1=$(snmpget -v2c -c $COMMUNITY $HOST ifInOctets.$INTERFACE -Oqv)
sleep 5
IN2=$(snmpget -v2c -c $COMMUNITY $HOST ifInOctets.$INTERFACE -Oqv)

DIFF=$((IN2 - IN1))
RATE=$((DIFF / 5 * 8 / 1024))
echo "Inbound: $RATE kbps"

SNMPv3 Security

Create User

# Stop service
sudo systemctl stop snmpd

# Create user
sudo net-snmp-create-v3-user -ro -A authPassword123 -X privPassword123 -a SHA -x AES authPrivUser

# Start service
sudo systemctl start snmpd

Test SNMPv3

snmpwalk -v3 -u authPrivUser -l authPriv \
    -a SHA -A "authPassword123" \
    -x AES -X "privPassword123" \
    localhost system

SNMP Trap Configuration

Send Traps

# /etc/snmp/snmpd.conf
trap2sink 192.168.1.10 public
informsink 192.168.1.10 public

# Send test trap
snmptrap -v2c -c public 192.168.1.10 '' .1.3.6.1.4.1.8072.2.3.0.1 \
    .1.3.6.1.4.1.8072.2.3.2.1 s "Test trap message"

Receive Traps

# /etc/snmp/snmptrapd.conf
authCommunity log public
traphandle default /usr/local/bin/handle_trap.sh

Security Best Practices

  1. Use SNMPv3 - Encrypted and authenticated
  2. Restrict access - ACLs for SNMP networks
  3. Change communities - Never use "public"
  4. Firewall rules - Limit port 161/162
  5. Monitor logs - Watch for enumeration
# Firewall rules
sudo iptables -A INPUT -p udp --dport 161 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 161 -j DROP

Best Practices

  1. Use SNMPv3 - Always for production
  2. Restrict communities - By IP and view
  3. Monitor traps - Set up trap handlers
  4. Document OIDs - For your devices
  5. Regular polling - Balance frequency vs load
advanced Monitoring Updated 2025-01-15
  • snmp
  • network monitoring
  • oid
  • mib
  • snmpd
  • network management