15

I have configured SNMP Agent in my system with ip address 192.168.1.1 I have configured SNMP Agent in it using the following tutorial

I have modified the lines as follows

In the file /etc/snmp/snmpd.conf

 rocommunity public 127.0.0.1
 rocommunity public 192.168.1.0/24
 rocommunity public 192.168.2.0/24

In the file /etc/default/snmpd

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'

When I try to use the snmpwalk command from the system with ip address 192.168.1.1 it works fine.

Ex: A chunk of the commands output:

iso.3.6.1.2.1.1.1.0 = STRING: "Linux devenv 3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (74328) 0:12:23.28
iso.3.6.1.2.1.1.4.0 = STRING: "Me <me@example.org>"
iso.3.6.1.2.1.1.5.0 = STRING: "devenv"
iso.3.6.1.2.1.1.6.0 = STRING: "Sitting on the Dock of the Bay"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72

But when I try to use snmpwalk through a different system with ip 192.168.2.1 it gives No response from 192.168.1.1. Please Help.

snmpwalk -c public -v1 192.168.1.1 | less

PS I have configured the same steps on the machine with ip address 192.168.2.1. Or is there any other program that will be used.

EDIT 1.

Did netstat here is a screenshot

Snmpd netstat

Tarun
  • 4,187
  • 13
  • 49
  • 73
  • what happens if you use snmpbulkwalk -c public -v1 10.0.1.114 – sosytee Sep 16 '13 at 08:44
  • `snmpbulkwalk: Cannot send V2 PDU on V1 session` – Tarun Sep 16 '13 at 08:51
  • Can 10.0.2.15 reach 10.0.1.114 in other ways? Have you ruled out a simple networking routing issue? – Oli Sep 16 '13 at 11:15
  • yes they can I can easily ssh from 10.0.2.15. Right now I have configured 2 VMs with the ip 192.168.0.1 and 192.168.0.2 and created the same situation and there also is the same problem. I think I need to configure something else to make it listen on network. – Tarun Sep 16 '13 at 11:18

3 Answers3

16

Edit the file /etc/snmp/snmpd.conf. Change the line:

agentAddress  udp:127.0.0.1:161

to:

agentAddress  udp:161

Then restart snmpd:

sudo service snmpd restart

It should listen to all interfaces now:

$ sudo netstat -ulnp | grep 161
udp        0      0 0.0.0.0:161             0.0.0.0:*                           8517/snmpd
Eric Carvalho
  • 53,609
  • 102
  • 137
  • 162
  • 1
    One more thing can I also make it to listen only for particular ip address? That will be a good security measure. Is this possible please let me know. Thanks. – Tarun Sep 16 '13 at 12:32
  • 1
    @Tarun Yes, just change that line to `agentAddress udp:10.0.1.114:161`, or whatever IP address you have in your system. – Eric Carvalho Sep 16 '13 at 12:35
  • 1
    @EricCarvalho no it doesn't work in that manner. "agentAddress udp:161" allows smpt to listen on every interface. You specify the allowed ips with "rocommunity public x.x.x.x" directive – Gonzalo Cao Dec 23 '16 at 10:58
2

My solution

agentAddress udp:161
...
# rocommunity public  default    -V systemonly
rocommunity public 172.25.7.169/32

...and restart snmp

It makes snmp to hear in all interfaces but only answer to 172.25.7.169 (my monitor server)

Gonzalo Cao
  • 133
  • 4
-1

You could do something like this also, all combined here: agentAddress udp:172.16.0.3:161,udp6:[2001:470:0:4000::3]:161,udp6:[2001:470:0:10::3]:161

lucianix
  • 1
  • It would be useful to explain this answer and to format it. These settings should be placed in a specific file, but it isn't clear where. – jtessier72 Mar 30 '23 at 23:48