Page 1 of 2
can't SNMP walk RHEL7 clients
Posted: Thu Oct 15, 2015 11:56 am
by tnightingale
Trying to setup nagiosxi Linux SNMP monitoring, have nagiosxi server appliance running and upgraded to current.
Now I'm trying to monitor a client ("target" machine). Clients are Red Hat 7.
In Configuration Wizard: Linux SNMP - Step 2, I receive this error:
The wizard detected that this server does not have snmpwalk permission on the target host. This will prevent auto population of services and processes and prevent services from running successfully.
Have been unable to avoid that error trying both SNMP v2c and v3.
On the target client I'm trying to SNMP monitor (again, a RHEL 7 system), I have enabled tcp and upd firewall access (port 161). From the nagiosxi appliance, if I login and use the command line, I can get at least some basic (eg. hostname) information back from the target if I run:
snmpwalk -v2c -c public 10.146.2.111 system
So I'm unsure how to get this working. I have been using Red Hat's RHEL7 System Administrator's Guide on configuring net-snmp on the target machine, so not sure why I can't get the nagiosxi server to walk the target. This document does not apply to Red Hat 7 because RHEL7 uses systemd:
https://assets.nagios.com/downloads/nag ... g_SNMP.pdf
Thanks
Re: can't SNMP walk RHEL7 clients
Posted: Thu Oct 15, 2015 12:49 pm
by tnightingale
I seem to have fixed my problem at least for v2c by doing the following to /etc/snmp/snmpd.conf:
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
##view systemview included .1.3.6.1.2.1.1 # I commented these two lines out
##view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1 # I added this line
Would like this to work for snmp v3...
Re: can't SNMP walk RHEL7 clients
Posted: Thu Oct 15, 2015 5:24 pm
by jdalrymple
Re: can't SNMP walk RHEL7 clients
Posted: Fri Oct 16, 2015 3:23 pm
by tnightingale
It isn't a RHEL 7 recipe. There's no init in RHEL 7.
Re: can't SNMP walk RHEL7 clients
Posted: Fri Oct 16, 2015 3:45 pm
by SteveBeauchemin
Sure it is 7, 6 whatever.
The init for 7 is now different than 6 though
use this
systemctl restart snmpd.service
--
Steve B
Re: can't SNMP walk RHEL7 clients
Posted: Mon Oct 19, 2015 10:23 am
by tnightingale
No, it's not.
Try running it on a RHEL7 system.
/usr/bin/net-snmp-config --> no such file or directory.
And if you try running net-snmp-create-v3-user with the arguments presented in that recipe, it fails. If you try using Red Hat's instructions for setting up v3, for me anyways, that fails too.
Re: can't SNMP walk RHEL7 clients
Posted: Mon Oct 19, 2015 4:34 pm
by tgriep
Did you install the net-snmp-devel rpm?
That has the net-snmp-config utility that is used to create the SNMPv3 account.
Try installing it.
Re: can't SNMP walk RHEL7 clients
Posted: Tue Oct 20, 2015 12:04 pm
by tnightingale
I get the same (negative) result.
BTW, the /usr/bin/net-snmp-config and /usr/bin/net-snmp-config-x86_64 scripts just do the same thing as the net-snmp-create-v3-user script does.
I've read through all the ucd-snmp doc. I can get v2c working, so it's not a firewall issue (say). I disable v2c config, follow the instructions for v3, and no love. Not sure what I'm doing wrong here or if there is an issue with v3 in RHEL7.
Is anyone actually using v3 SNMP on RHEL7 (not RHEL6 or 5)? That would be confirmation it's working...
I haven't tried this on another RHEL7 host, and I will try, just in case there is something strange with my current test host. But it's hard to see what the problem would be since I can get v2c working and since the configuration I've tried matches what all the doc says to do, scripts do, etc..
Re: can't SNMP walk RHEL7 clients
Posted: Tue Oct 20, 2015 3:59 pm
by jdalrymple
tnightingale wrote:No, it's not.Try running it on a RHEL7 system./usr/bin/net-snmp-config --> no such file or directory.And if you try running net-snmp-create-v3-user with the arguments presented in that recipe, it fails. If you try using Red Hat's instructions for setting up v3, for me anyways, that fails too.
No idea what you have going on. It works fine for me. Of course there are some minor differences in firing off snmpd, but that's trivial. Nothing about CentOS7 inherently breaks anything as far as I can tell.
Code: Select all
[jdalrymple@localhost ~]$ sudo yum -y install net-snmp net-snmp-utils
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.netdepot.com
* extras: centos.firehosted.com
* updates: centos.firehosted.com
Resolving Dependencies
--> Running transaction check
---> Package net-snmp.x86_64 1:5.7.2-20.el7_1.1 will be installed
---> Package net-snmp-utils.x86_64 1:5.7.2-20.el7_1.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================
Package Arch Version Repository Size
===========================================================================================================
Installing:
net-snmp x86_64 1:5.7.2-20.el7_1.1 updates 319 k
net-snmp-utils x86_64 1:5.7.2-20.el7_1.1 updates 195 k
Transaction Summary
===========================================================================================================
Install 2 Packages
Total download size: 514 k
Installed size: 1.2 M
Downloading packages:
(1/2): net-snmp-utils-5.7.2-20.el7_1.1.x86_64.rpm | 195 kB 00:00:00
(2/2): net-snmp-5.7.2-20.el7_1.1.x86_64.rpm | 319 kB 00:00:01
-----------------------------------------------------------------------------------------------------------
Total 471 kB/s | 514 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:net-snmp-utils-5.7.2-20.el7_1.1.x86_64 1/2
Installing : 1:net-snmp-5.7.2-20.el7_1.1.x86_64 2/2
Verifying : 1:net-snmp-5.7.2-20.el7_1.1.x86_64 1/2
Verifying : 1:net-snmp-utils-5.7.2-20.el7_1.1.x86_64 2/2
Installed:
net-snmp.x86_64 1:5.7.2-20.el7_1.1 net-snmp-utils.x86_64 1:5.7.2-20.el7_1.1
Complete!
[jdalrymple@localhost ~]$ sudo systemctl enable snmpd
ln -s '/usr/lib/systemd/system/snmpd.service' '/etc/systemd/system/multi-user.target.wants/snmpd.service'
[jdalrymple@localhost ~]$ sudo /usr/bin/net-snmp-config --create-snmpv3-user -a nagiosxi jdalrymple
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser jdalrymple MD5 "nagiosxi" DES
adding the following line to /etc/snmp/snmpd.conf:
rwuser jdalrymple
[jdalrymple@localhost ~]$ sudo systemctl start snmpd
[jdalrymple@localhost ~]$ snmpwalk -v3 -lAuthPriv -amd5 -Anagiosxi -xdes -Xnagiosxi -ujdalrymple 127.0.0.1 | head
SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (42735) 0:07:07.35
SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: localhost
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (6) 0:00:00.06
SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
[jdalrymple@localhost ~]$ cat /etc/centos-release
CentOS Linux release 7.1.1503 (Core)
Re: can't SNMP walk RHEL7 clients
Posted: Tue Oct 20, 2015 5:22 pm
by tnightingale
Okay, using your formula there I got the following working:
snmpwalk from the host itself (i.e. your example)
snmpwalk from the nagioxi appliance (same query, just point to the target instead of localhost).
This is progress. Appears I inadvertently had skipped getting the systemctl setup (was starting and stopping but wasn't "enabled"- though that should not matter, AFAIK).
BUT, nagiosxi Linux SNMP wizard GUI (web interface) is not working. Still get message about not being able to walk the tree.