admin

Monitoring of servers is very important in any IT environment. It’s important to know when a device is down before people start calling you or that a hard drive is full before the operating system stops  responding. It allows you as a system admin to be proactive about the state of your network. Cacti needs SNMP to be up and running to be able to monitor properly.

The following describes the steps needed to get SNMP running in Ubuntu.

Install SNMP daemon

sudo apt-get update
sudo apt-get install snmpd

Install SNMP mibs

This downloads another package called snmp-mibs-downloader which contains information about the mib to get a translation into a more human readable format.

sudo apt-get install snmp snmp-mibs-downloader

Modify the configuration files

Modify the following file

sudo nano /etc/snmp/snmpd.conf

with the following information (Customize for your environment)

Modify the agentAddress

#  Listen for connections from the local system only
agentAddress  udp:127.0.0.1:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161

to

#  Listen for connections from the local system only
#agentAddress  udp:127.0.0.1:161
#  Listen for connections on all interfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161
agentAddress 161
rocommunity public
syslocation "Boyds, MD"
syscontact info@example.net

Modify the following file

sudo nano /etc/default/snmpd

Change from:

# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS=

To:

# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS=/usr/share/mibs

Modify the following file

sudo nano /etc/snmp/snmp.conf

comment out the line containing “mibs:” from

mibs :

to

#mibs :

Restart the SNMP daemon.

sudo service snmpd restart

To check that things are working you can ‘walk’ the MIB tree by doing the following

snmpwalk -v2c -c public localhost system

You’ll see a lot of information scroll by with information that is used by cacti.

Notes on SNMP security

SNMP is widely known to be insecure. In SNMP versions 1, 2, and 2c the community strings used for authentication are communicated in cleartext over the network and can potentially be captured. Then used to conduct subsequent attacks against other internal network infrastructure.SNMP V3 improved the situation by essentially using the community string as a password for the device. However, successfully implementing SNMPv3 is not for the faint of heart.Our recommendations are:
  1. Have your community string set read only (as above) so that no one can affect that settings on your infrastructure.
  2. Use your EC2 security group settings to block access to port 161
  3. Don’t have monitoring setup across the open internet. Setup a VPN to monitor hosts/devices outside AWS.