BLOG POSTS
    MangoHost Blog / How to Install and Configure an SNMP Daemon and Client on Ubuntu 24
How to Install and Configure an SNMP Daemon and Client on Ubuntu 24

How to Install and Configure an SNMP Daemon and Client on Ubuntu 24

SNMP (Simple Network Management Protocol) is a cornerstone technology for monitoring and managing network devices, servers, and infrastructure components at scale. Whether you’re running a single server or managing hundreds of nodes, SNMP provides a standardized way to collect performance metrics, system status, and configuration data remotely. In this guide, you’ll learn how to install and configure both the SNMP daemon (agent) and client tools on Ubuntu 24, set up community strings for security, customize MIBs for specific monitoring needs, and troubleshoot common issues that can trip up even experienced administrators.

How SNMP Works Under the Hood

SNMP operates on a simple client-server model where the SNMP agent (daemon) runs on monitored devices and responds to requests from SNMP managers (clients). The protocol uses three main components:

  • SNMP Agent: Runs as a daemon on the target system, collecting and providing system information
  • SNMP Manager: Client software that queries agents for data and can send configuration commands
  • Management Information Base (MIB): Hierarchical database structure defining available data points

SNMP uses Object Identifiers (OIDs) to reference specific data points in a tree structure. For example, 1.3.6.1.2.1.1.1.0 represents the system description, while 1.3.6.1.2.1.1.3.0 shows system uptime. The protocol supports three main operations: GET (retrieve data), SET (modify values), and TRAP (asynchronous notifications).

SNMP Version Security Features Use Case
SNMPv1 Community strings (plaintext) Basic GET/SET operations Legacy systems, simple monitoring
SNMPv2c Community strings (plaintext) Bulk operations, improved error handling Most common for internal networks
SNMPv3 Authentication and encryption User-based security, privacy Production environments, secure networks

Installing SNMP Components on Ubuntu 24

Ubuntu 24 provides SNMP packages through the standard repositories. You’ll need both the daemon and client tools for a complete setup:

sudo apt update
sudo apt install snmpd snmp snmp-mibs-downloader -y

The installation includes several key components:

  • snmpd – The SNMP daemon that responds to queries
  • snmp – Client tools for testing and querying
  • snmp-mibs-downloader – Downloads additional MIB files for extended monitoring capabilities

After installation, enable the service to start automatically:

sudo systemctl enable snmpd
sudo systemctl start snmpd

Verify the daemon is running and listening on the correct port:

sudo systemctl status snmpd
sudo netstat -ulnp | grep 161

You should see output showing snmpd listening on UDP port 161, which is the standard SNMP port.

Configuring the SNMP Daemon

The main configuration file is located at /etc/snmp/snmpd.conf. Before making changes, always backup the original configuration:

sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup

Here’s a practical configuration that balances security with functionality:

sudo nano /etc/snmp/snmpd.conf

Replace the contents with this configuration:

# System information
sysLocation    "Server Room A, Building 1"
sysContact     "admin@yourcompany.com"
sysServices    72

# Community strings - change these defaults!
rocommunity    monitoring      default
rwcommunity    management      localhost

# Access control
agentAddress   udp:161,udp6:161

# Process monitoring
proc   sshd
proc   apache2
proc   mysql

# Disk monitoring (warning at 80%, critical at 90%)
disk   /     80%
disk   /var  80%
disk   /tmp  80%

# Load monitoring (1min, 5min, 15min averages)
load   12 10 8

# Network interface monitoring
includeAllDisks 10%

# Extend with custom scripts
extend uptime /bin/uptime
extend df /bin/df -h

Key configuration elements explained:

  • rocommunity: Read-only community string for monitoring
  • rwcommunity: Read-write access (restricted to localhost for security)
  • agentAddress: Specifies which interfaces to listen on
  • proc: Monitors specific processes and alerts if they’re not running
  • disk: Monitors disk usage with threshold alerts
  • extend: Allows custom command execution via SNMP

For production environments, consider this more secure configuration using SNMPv3:

# SNMPv3 user configuration
createUser monitoring SHA "your-auth-password" AES "your-privacy-password"
rouser monitoring

# Disable SNMPv1 and v2c for security
agentSecName monitoring
rouser monitoring authPriv

After modifying the configuration, restart the daemon:

sudo systemctl restart snmpd

Testing SNMP Client Operations

Use the SNMP client tools to verify your configuration works correctly. Start with basic system information queries:

# Get system description
snmpget -v2c -c monitoring localhost 1.3.6.1.2.1.1.1.0

# Get system uptime
snmpget -v2c -c monitoring localhost 1.3.6.1.2.1.1.3.0

# Walk the entire system tree
snmpwalk -v2c -c monitoring localhost 1.3.6.1.2.1.1

For testing from remote systems, replace localhost with the target server’s IP address. Here are some useful OIDs for system monitoring:

Metric OID Description
System Description 1.3.6.1.2.1.1.1.0 OS version and hardware info
System Uptime 1.3.6.1.2.1.1.3.0 Time since last reboot
CPU Load (1min) 1.3.6.1.4.1.2021.10.1.3.1 1-minute load average
Memory Total 1.3.6.1.4.1.2021.4.5.0 Total RAM in KB
Memory Available 1.3.6.1.4.1.2021.4.6.0 Available RAM in KB
Disk Usage 1.3.6.1.4.1.2021.9.1.9.1 Disk usage percentage

For SNMPv3 testing, use authentication and privacy:

snmpget -v3 -u monitoring -l authPriv -a SHA -A "your-auth-password" -x AES -X "your-privacy-password" localhost 1.3.6.1.2.1.1.1.0

Real-World Use Cases and Integration

SNMP excels in several practical scenarios that system administrators encounter daily:

Infrastructure Monitoring: Tools like Zabbix, Nagios, and Prometheus can collect metrics via SNMP for comprehensive monitoring dashboards. Here’s a sample script for custom monitoring:

#!/bin/bash
# Custom SNMP monitoring script
HOST="192.168.1.100"
COMMUNITY="monitoring"

# Check disk usage
DISK_USAGE=$(snmpget -v2c -c $COMMUNITY -Oqv $HOST 1.3.6.1.4.1.2021.9.1.9.1)
if [ $DISK_USAGE -gt 90 ]; then
    echo "CRITICAL: Disk usage at ${DISK_USAGE}%"
    exit 2
elif [ $DISK_USAGE -gt 80 ]; then
    echo "WARNING: Disk usage at ${DISK_USAGE}%"
    exit 1
else
    echo "OK: Disk usage at ${DISK_USAGE}%"
    exit 0
fi

Network Device Management: SNMP is standard on switches, routers, and firewalls. You can query interface statistics, configuration details, and performance metrics across diverse hardware vendors.

Application Performance Monitoring: Custom SNMP extensions allow monitoring application-specific metrics. For example, monitoring web server connection pools:

# Add to snmpd.conf
extend apache_connections /usr/local/bin/apache_stats.sh

# Script content (/usr/local/bin/apache_stats.sh)
#!/bin/bash
curl -s http://localhost/server-status?auto | grep "BusyWorkers" | cut -d: -f2

Automated Infrastructure Discovery: SNMP walks can discover and inventory network devices automatically, useful for asset management and network mapping.

Performance Considerations and Optimization

SNMP performance directly impacts both monitored systems and monitoring infrastructure. Here are key optimization strategies:

Query Frequency: Excessive polling can overload systems. Typical intervals:

  • System metrics (CPU, memory): Every 1-5 minutes
  • Network interfaces: Every 30 seconds to 2 minutes
  • Disk usage: Every 5-15 minutes
  • Process monitoring: Every 1-5 minutes

Bulk Operations: Use SNMP bulk requests instead of individual queries when collecting multiple values:

# Efficient bulk query
snmpbulkwalk -v2c -c monitoring localhost 1.3.6.1.2.1.2.2.1.10

# Less efficient individual queries
for i in {1..24}; do
    snmpget -v2c -c monitoring localhost 1.3.6.1.2.1.2.2.1.10.$i
done

Resource Usage Monitoring: SNMP daemon resource consumption on a typical server:

Metric Idle Light Load Heavy Load
Memory Usage 2-4 MB 5-8 MB 10-15 MB
CPU Usage <0.1% 0.5-1% 2-5%
Network I/O Minimal 1-10 Kbps 50-200 Kbps

Security Best Practices and Common Pitfalls

SNMP security requires careful attention, especially in production environments. Here are critical security considerations:

Community String Security: Default community strings like “public” and “private” are security vulnerabilities. Always use custom strings:

# Bad - never use default strings
rocommunity public default

# Good - use complex, unique strings
rocommunity "Mn9#kL2$vB8@wX5!" default

Network Access Control: Restrict SNMP access using firewall rules and access control lists:

# UFW firewall rules
sudo ufw allow from 192.168.1.0/24 to any port 161
sudo ufw deny 161

# In snmpd.conf - IP-based restrictions
rocommunity monitoring 192.168.1.100/32
rocommunity monitoring 10.0.0.0/8

SNMPv3 Implementation: For sensitive environments, SNMPv3 provides robust security:

# Create SNMPv3 user with strong authentication
net-snmp-create-v3-user -ro -A "StrongAuthPass123!" -X "StrongPrivPass456!" -a SHA -x AES monitoring

Common Configuration Mistakes:

  • Leaving write access enabled unnecessarily – only enable rwcommunity when required
  • Exposing SNMP to the internet – always use internal networks or VPN access
  • Not monitoring SNMP access logs for suspicious activity
  • Using SNMPv1 in production – upgrade to v2c minimum, v3 preferred

Troubleshooting Common SNMP Issues

SNMP problems often stem from configuration errors or network connectivity issues. Here’s a systematic troubleshooting approach:

Connection Refused Errors:

# Check if daemon is running
sudo systemctl status snmpd

# Verify listening ports
sudo ss -ulnp | grep 161

# Test local connectivity
snmpget -v2c -c monitoring localhost 1.3.6.1.2.1.1.1.0

No Response or Timeout Issues:

# Check firewall status
sudo ufw status
sudo iptables -L | grep 161

# Verify configuration syntax
snmpd -f -Lo -C -r /etc/snmp/snmpd.conf

# Enable debug logging
sudo snmpd -f -Lo -D all

MIB Loading Problems:

# Download additional MIBs
sudo download-mibs

# Check MIB search paths
net-snmp-config --default-mibdirs

# Load specific MIB
snmptranslate -On SNMPv2-MIB::sysDescr.0

Permission and Access Issues:

# Check file permissions
ls -la /etc/snmp/snmpd.conf
sudo chmod 600 /etc/snmp/snmpd.conf

# Verify user context
sudo -u snmp snmpget -v2c -c monitoring localhost 1.3.6.1.2.1.1.1.0

Log Analysis: SNMP logs provide valuable troubleshooting information:

# View SNMP logs
sudo journalctl -u snmpd -f

# Enable verbose logging in snmpd.conf
logoption f /var/log/snmpd.log
loglevel 7

Advanced Configuration and Custom Extensions

SNMP’s extensibility allows monitoring custom applications and system metrics beyond standard MIBs. Here’s how to implement custom monitoring:

Custom Script Integration:

# Add to snmpd.conf
exec myapp-status /usr/local/bin/check_myapp.sh
exec disk-temperature /usr/local/bin/get_disk_temp.sh

# Example custom script
#!/bin/bash
# /usr/local/bin/check_myapp.sh
APP_PID=$(pgrep myapp)
if [ -n "$APP_PID" ]; then
    echo "1"  # Running
else
    echo "0"  # Not running
fi

AgentX Sub-agents: For complex applications, implement dedicated sub-agents:

# Enable AgentX in snmpd.conf
master agentx
agentXSocket tcp:localhost:705

# Custom Python sub-agent example
from pysnmp.entity import engine, config
from pysnmp.entity.rfc3413 import cmdrsp, context
from pysnmp.carrier.asynsock.dgram import udp

# Create SNMP engine
snmpEngine = engine.SnmpEngine()

# Configure custom OID handlers
config.addV1System(snmpEngine, 'myapp', 'monitoring')

For comprehensive SNMP monitoring and management, consider deploying these solutions on robust infrastructure. VPS hosting provides excellent flexibility for monitoring server deployments, while dedicated servers offer the performance and control needed for large-scale monitoring infrastructure.

SNMP remains a fundamental technology for system and network monitoring, providing standardized access to critical performance data across diverse platforms. With proper configuration, security measures, and troubleshooting knowledge, SNMP becomes an invaluable tool for maintaining infrastructure visibility and operational awareness. The protocol’s longevity and widespread adoption ensure continued relevance in modern monitoring architectures, from simple single-server setups to complex multi-vendor environments.

For additional technical details and protocol specifications, consult the official SNMP RFCs and the Net-SNMP documentation for implementation-specific guidance.

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.

More stories

Proxmox VE 9.0: The Ultimate Virtualization Beast is Here
admin, August 8, 2025
Proxmox VE 9.0: The Ultimate Virtualization Beast is He...
Install and Uninstall Node.js on Ubuntu – Step-by-Step
admin, August 4, 2025
Install and Uninstall Node.js on Ubuntu – Step-by-Step
How to Use Apache HTTP Server as Reverse Proxy Using mod_proxy
admin, August 4, 2025
How to Use Apache HTTP Server as Reverse Proxy Using mo...

Leave a reply

Your email address will not be published. Required fields are marked

Login
Register
Forgot something?