Setup Net-SNMP v3 on VMware ESX 4.0

Most enterprises have central monitoring system which is used to monitor pretty much every system/network gear in the infrastructure. In this post we will configure secure user based Net-SNMP v3 Agent on VMware ESX 4.0 so these hosts can also be monitored from the same central monitoring system in a secured manner. If you want to install and configured Net-SNMP v3 on RHEL4 systems then check out my other post. You need to perform these steps as root user so login to ESX 4.0 console as root now.

Before making any change let's backup the ESX 4.0 host configuration,

# cp -ap /etc/vmware/esx.conf /etc/vmware/esx.conf.`date +%F-%H%M%S`

To open the port UDP/161 for a specific IP Address,

# esxcfg-firewall --ipruleAdd,161,udp,ACCEPT,"snmpd"

Make sure to replace with the IP Address that will be polling the information using SNMP v3 credentials. If you have more than one IP Address then the command can be repeated with the other IP Address.

To stop the Net-SNMP Agent if already running,

# /etc/init.d/snmpd stop

To move the default file where SNMP v3 user's localized authentication and privacy keys are stored,

# mv /var/net-snmp/snmpd.conf /var/net-snmp/snmpd.conf.`date +%F-%H%M%S`

To move the default Net-SNMP configuration file,

# mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.`date +%F-%H%M%S`

We need to start and stop the Net-SNMP Agent to generate the unique Engine ID and create SNMP v3 user,

# /etc/init.d/snmpd start
# /etc/init.d/snmpd stop

Now let's create a Net-SNMP v3 read-only user with MD5 authentication and AES encryption but make sure to replace the xxxxxxxx with your pass phrases and username to whatever name you want to give to your SNMP v3 user,

# echo "createUser username MD5 xxxxxxxx AES xxxxxxxx" >> /var/net-snmp/snmpd.conf
# echo "rouser username" > /etc/snmp/snmpd.conf

Note: The minimum pass phrase length is 8 characters so make sure to choose two different strong alpha numeric pass phrases one for authentication and other for encryption.

To start the Net-SNMP Agent at boot time,

# chkconfig snmpd on

To start the Net-SNMP Agent now,

# /etc/init.d/snmpd start

We have successfully completed the Net-SNMP v3 setup here on VMware ESX 4.0 but now let's use snmpwalk to test if we are able to poll the information correctly,

# snmpwalk -v 3 -u username -l authPriv -a MD5 -A xxxxxxxx -x AES -X xxxxxxxx localhost sysDesc

    xxxxxxxx are your authentication and encryption pass phrases
    username is your SNMP v3 user name

If your hardware vendor of ESX host if Dell and OMSA is installed on the host then you have an option to poll the hardware events via Net-SNMP v3 and to take advantage of this feature you need to enable the SNMP in OMSA,

# /etc/init.d/dataeng enablesnmp

This should add below line in Net-SNMP configuration file /etc/snmp/snmpd.conf,

smuxpeer .

But if in case you don't see the line in /etc/snmp/snmpd.conf then go ahead and add this line manually,

# echo "smuxpeer ." >> /etc/snmp/snmpd.conf

To restart the OMSA services,

# restart

In most cases is located at /opt/dell/srvadmin/sbin/

Now just restart the Net-SNMP Agent and you are done,

# /etc/init.d/snmpd restart

Any feedback will be highly appreciated.

Suggested Posts,

This post appeared on the by Sumit Goel. Copyright © 2012–2013 – and Sumit Goel. All rights reserved. Not to be reproduced for commercial purposes without written permission.

No comments:

Post a Comment

Be sure to check back again because I do make every effort to reply to your comments here.