Skip to content

Configuring SNMP access

aabc edited this page Sep 13, 2014 · 2 revisions

If you going to configure monitoring on the other box than where module is installed (which is usual), then you will need to manually put IPT-NETFLOW-MIB.my into /usr/share/snmp/mibs/ (system wide configuration) or ~/.snmp/mibs/ (user configuration). It's useful to read man snmp.conf to learn about snmp utils defaults. man snmpd.conf to read details of mentioned config options.

Simplest server config for SNMP v2c

In /etc/snmp/snmpd.conf:

rocommunity public 192.168.0.10
dlmod netflow /usr/lib/snmp/dlmod/snmp_NETFLOW.so

Replace public with your password, and 192.168.0.10 with IP address of your monitoring station (Cacti, etc).

  • Pros: 1) very simple, 2) also full view to Linux MIB.
  • Cons: 1) It's SNMPv1 and SNMPv2c, which is considered to be not so secure by modern standards.

Client config for SNMPv2c

Client config is not required, as you can specify parameters in command line, or in config of your monitoring system, but maybe useful. Add into ~/.snmp/snmp.conf:

defVersion 2c
defCommunity public
mibs +IPT-NETFLOW-MIB

Replace public with your password, and check file permissions to be sure that file is not world readable.

Simplest server config for SNMPv3

In /etc/snmp/snmpd.conf just:

dlmod netflow /usr/lib/snmp/dlmod/snmp_NETFLOW.so

Stop snmpd and run net-snmp-create-v3-user -ro tool to create SNMPv3 user, it will add appropriate configuration lines into /etc/snmp/snmpd.conf (rouser) and /var/lib/net-snmp/snmpd.conf (createUser), restart snmpd.

Client config for SNMPv3

Optionally, add into ~/.snmp/snmp.conf:

defVersion       3
defSecurityLevel authPriv
defSecurityName  yourusername
defPassphrase    yourpassword
mibs +IPT-NETFLOW-MIB

To check your access run: snmpbulkwalk 192.168.0.10 iptNetflowMIB, with IP of netflow box instead of 192.168.0.10, its output should start with something like this:

IPT-NETFLOW-MIB::name.0 = STRING: ipt_NETFLOW
IPT-NETFLOW-MIB::version.0 = STRING: v2.0-31-gfa776ad
...