tested on debian11
in case there’s a firewall
udp/161 manager --> agent udp/162 agent --> manager
apt install snmpd # snmptrapd mv -i /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.dist grep -vE '^[[:space:]]*(;|#|$)' /etc/snmp/snmpd.conf.dist > /etc/snmp/snmpd.conf.clean grep -vE '^[[:space:]]*(;|#|$)' /etc/snmp/snmpd.conf.dist > /etc/snmp/snmpd.conf vi /etc/snmp/snmpd.conf syslocation some description syscontact Your Name <YOUR@EMAIL>
bind to all interfaces
agentaddress udp:161
keep the views (what you are making available from the agent)
and define a quick and dirty ACL (without com2sec
)
view systemonly included .1.3.6.1.2.1.1 view systemonly included .1.3.6.1.2.1.25.1 rocommunity public snmp-manager -V systemonly
apply
systemctl restart snmpd
apt install snmp snmp-mibs-downloader #apropos snmp dpkg -L snmp-mibs-downloader download-mibs cisco ls -lF /usr/share/snmp/mibs/ cp -pi /etc/snmp/snmp.conf /etc/snmp/snmp.conf.dist vi /etc/snmp/snmp.conf
COMMENT OUT
#mibs :
walk through all the objects
snmpwalk -v1 -c public snmp-agent
grab specific objects
snmpget -v1 -c public snmp-agent DISMAN-EVENT-MIB::sysUpTimeInstance snmpget -v1 -c public snmp-agent HOST-RESOURCES-MIB::hrSystemUptime.0 snmpget -v1 -c public snmp-agent HOST-RESOURCES-MIB::hrSystemInitialLoadParameters.0 # -Os for short version
only the specific snmp-manager host (as defined with static name resolution) should be able to reach the service
not much success with that one (FAIL)
#rocommunity public sec1 #com2sec sec1 10.1.0.0/16 public
translate OIDs
snmptranslate -Of .1.3.6.1.2.1.1.3.0 snmptranslate .1.3.6.1.2.1.1.3.0
show full entry name
snmptranslate -Of -IR ipAddrTable
draft
snmpwalk: No securityName specified -u USER-NAME set security name (e.g. bert) -l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
snmpget -v1 -c public snmp-agent ipAddrTable
as a tree
snmptranslate -Tp -IR ipAddrTable snmptranslate -Tp -IR system
as a table
snmptable -v2c -c public snmp-agent ipAddrTable
grab the temperature on Juniper SRX
snmpget -v2c -c PASSWORD @ip-device .1.3.6.1.4.1.2636.3.1.13.1.7
https://askubuntu.com/questions/346165/how-to-make-snmp-agent-accept-connections-from-other-hosts-in-the-network ==> quick & dirty ACL
https://unix.stackexchange.com/questions/268959/how-to-properly-configure-snmpd
https://enterprise-support.nvidia.com/s/article/howto-enable-snmp-server--snmpd--on-linux
https://fasthandle.net/os/linux/set/etc/etc_snmp_snmpd.conf