SNMP monitoring of remote Linux server

Hi

My client has several Debian servers (Debian 3.2.65-1 x86_64 GNU/Linux)
that I want to monitor remotely via SNMP

The first server I tried to setup (172.16.27.40) is to be monitored by a local Windows server (172.16.27.30)

I followed the following setup guides:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-an-snmp-daemon-and-client-on-ubuntu-14-04
http://netmon.ca/how-to-configure-snmp-on-debian/
http://thepracticalsysadmin.com/configure-snmp-in-debian/

This is my /etc/snmp/snmpd.conf:
agentAddress  udp:127.0.0.1:161
rocommunity xxxxxxxxxx 172.16.27.30
sysLocation    MYLOCATION
sysContact     MYNAME
sysServices    72
master          agentx
trap2sink     172.16.27.30     xxxxxxxxxx
iquerySecName   172.168.27.40
defaultMonitors          yes
linkUpDownNotifications  yes

Open in new window


and /etc/default/snmpd:
export MIBS=/usr/share/snmp/mibs
SNMPDRUN=yes
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
TRAPDRUN=no
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
SNMPDCOMPAT=yes

Open in new window

This is what I get when I run snmpwalk :
snmpwalk -v2c -cbncmon 127.0.0.1   (also tried with -v1)
Timeout: No Response from 127.0.0.1

I'm not sure what I'm doing wrong
any ideas ?

thanks
yann
Yann ShukorOwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

matrix8086Commented:
The name of community is xxxxxxxxxx (definited by rocomunity). Also, is accepting connections only from 172.16.27.30

Also the snmpwalk has the syntax: snmpwalk -v 1 -c community_name IP - take care of spaces

So, in your case it will be: snmpwalk -v 1 -c xxxxxxxxxx 127.0.0.1

Best regards!
arnoldCommented:
You have to edit the /etc/snmp/snow.conf

The default option is extremely limited, scroll through and you should see a section that you need to uncomment which will then when used will list much more information.

The difficulty in trying to externally monitor resources behind a firewall is that you have a limited way to access.

One option might be to configure the system to send traps when certain issues occur, using something like nagios, zabbix, opennms on the network to perform the monitoring and generate events to you.
Yann ShukorOwnerAuthor Commented:
thanks Matrix

myserver:/etc/default$ snmpwalk -v 1 -c xxxxxxxxx 127.0.0.1
/usr/share/snmp/mibs: No such file or directory
Timeout: No Response from 127.0.0.1
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

arnoldCommented:
Make sure you installed on relavant SNMP packages.

the snmpd.conf you posted is incomplete. There is much more including settings from which management system requests are permitted, etc.
Yann ShukorOwnerAuthor Commented:
matrix8086:
I edited /etc/default/snmpd, removed the MIBS info and restarted snmpd: no difference
export MIBS=

Open in new window

arnold:
Both servers 172.16.27.30 and 172.16.27.40 are both on the same network
I don't believe that any firewalling is involded in this scenario
arnoldCommented:
You still defined MIBS but now it is empty.
The snmpd.conf has many more parameters that have to be declared I.e. Authorized agents to which it will respond.
Being on the same network means it will not be blocked by a firewall unless there is a local firewall setup, but it does not mean that snmpd after receiving a request will actually respond.
Yann ShukorOwnerAuthor Commented:
arnold:

isn't that what this line is for ?
rocommunity xxxxxxxxxx 172.16.27.30

Open in new window

arnoldCommented:
com2sec name_of_group source communityname
This is where you should define both local for localhost/127.0.0.1 and any other source from which you will be querying the SNMP
group Groupname any name_of_group

The snmpd.conf should be long given that is where all the "sensors" are defined or does yours have an include directive to other files?
Yann ShukorOwnerAuthor Commented:
The following indication is present in the default snmpd.conf:

#  It's no longer typically necessary to use the full 'com2sec/group/access' configuration
#  r[ou]user and r[ow]community, together with suitable views, should cover most requirements
arnoldCommented:
try to add rocommunity xxxxxxxxxxxxxxxxx 127.0.0.1
and then restart snmpd and then see whether your
snmpwalk -v 2c -c xxxxxxxxxxxxxxxxxx 127.0.0.1
will list data
currently you should get some data using
snmpwalk -v 2c -c public 127.0.0.1

you can define the same community use for multiple sources.
Yann ShukorOwnerAuthor Commented:
Wow, finally, I got a response using

snmpwalk -v 2c -c xxxxxxx 127.0.0.1

Open in new window


after having reverted back to the default snmpd.conf and adjusting the agent, rocommunity and trap2sink parameters
arnoldCommented:
Great, are you getting a detailed listing or just a sniped location/system information?
Yann ShukorOwnerAuthor Commented:
detailed, thanks Arnold

So now I can query snmp locally, but not from a neighbouring server
therefore there must be, as you initially suggested, a firewall issue
Yann ShukorOwnerAuthor Commented:
This is what my snmpd.conf basically looks like:

agentAddress  udp:127.0.0.1:161
rocommunity xxxxxxxxxxx 127.0.0.1
rocommunity xxxxxxxxxxx 172.16.27.30
sysLocation    MyLocation
sysContact     MyName
sysServices    72
proc  mountd
proc  ntalkd    4
proc  sendmail 10 1
disk       /     10000
disk       /var  5%
includeAllDisks  10%
load   12 10 5
trap2sink     172.16.27.30      xxxxxxxxxxx
iquerySecName   internalUser
rouser          internalUser
defaultMonitors          yes
linkUpDownNotifications  yes
extend    test1   /bin/echo  Hello, world!
extend-sh test2   echo Hello, world! ; echo Hi there ; exit 35
master          agentx

Open in new window

arnoldCommented:
Double check whether you have sfw configured firewall.

You need to open port 161 UDP.


Try adding rocommunity with the LAN ip of the local system to query to make sure it snmpd is bound, lsof -i:161
See if it is bound to 0.0.0.0 or 127.0.0.1

Oh, you have agent address that only bonds snmpd to the localhost change that to 0.0.0.0:161 and restart, than try again from the LAN system.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
Atop the snmpd.conf config file,
Yann ShukorOwnerAuthor Commented:
BINGO !
agent address changed to 0.0.0.0:161
I can now monitor the system from it's neighbour
Well done Arnold, thanks for sticking it out
cheers
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.