Configuring SNMP Monitoring for Fedora Workstation

I’m writing this more to remember this for myself than any other reason. I’ve had to do this a couple times, and every time I seem to forget the important steps. So here it is.

Install the Necessary Packages

This is probably the easy step. Make sure that your Fedora installation is up to date and then install the SNMP packages.

sudo yum install net-snmp

You can also install the utilities, such as snmpwalk, which will help with testing:

sudo yum install net-snmp-utils

That should get you everything you need.

Edit the snmpd.conf file

Longest part of the config now.

I usually default to using SNMP v2 for my personal or internal networks. There’s some security benefits to using SNMP v3, but it’s also more complicated to configure.

The configuration file is located at /etc/snmp/snmpd.conf and has a bunch of details in there. Here’s a cut down and sanitized working version of the snmpd.conf that I’m using on one of my systems:

#Update [COMMUNITY] here with your preferred string
rwcommunity [COMMUNITY] default

disk  / 100

master  on

#Update [USER] here with your system username, preferably not root
agentuser  [USER]

agentAddress udp:161

#Update with location (string) if you want
syslocation Unknown

#Update with name and email if wanted
syscontact Root <root@localhost>

#I don't know what these do and I'm too afraid to ask
view    systemview    included   .
view    systemview    included   .

#Update [COMMUNITY] here with your preferred string
access  [COMMUNITY] ""      any       noauth    exact  systemview none none

dontLogTCPWrappersConnects yes

Restart SNMP And Test Locally

You’ve got SNMP installed. You’ve got the config edited. Now it’s time to get this process running and make sure it works.

Make sure that SNMP is set to start automatically:

sudo chkconfig snmpd on

Start the process:

sudo service snmpd start

Optionally restart the process if it is already running:

sudo service snmp restart

SNMP should now be running on the system locally.

Note that because SNMP uses UDP, you can’t confirm that the service is running by checking that the port is responding. There will be no response from the port unless everything is correct. Best way to do this is to test SNMP using a utility, first testing locally on the box, then opening it to the wider network and testing again.

Check that this is responding with a long list of nonsense to confirm that you’re actually able to access it correctly using the community string:

snmpwalk -v2c -c [community] localhost

If that doesn’t work then SNMP isn’t working. To check the status of the service use the following command:

systemctl status snmpd.service

Allow External Access

Time to punch some holes in the firewall.

By default, Fedora doesn’t allow external connections to SNMP. If you do a packet capture on the interface before adding firewall rules you’ll get an “administratively denied” message on the packets.

SNMP runs on UDP port 161. The latest Fedora releases use firewall-cmd to alter the firewall rules. Note that rules are ephemeral and deleted each reboot unless specified as permanent. This following command will open SNMP to any address that can reach the box:

sudo firewall-cmd --permanent --add-port=161/udp

Restart the SNMP service and try connecting from another device on the network using SNMPWALK and updating “localhost” for the remote IP of the box.

That should work.