Observium and SNMPv3

network-wiredSome tasks you find yourself doing only once in a while, so they never stick in your memory for too long. Adding a new device to Observium external_link (a great monitoring tool), and that device being off the premises, so it’s actually worth bothering with SNMPv3 (because of the encryption feature, compared to v2) is definitely one of those moments.

Step 1: SNMP installation on the monitored device (it was Debian this time)

Step 2: SNMP daemon configuration

Look for this line, by default the daemon listens on localhost only, so you need to add the interface on which it should listen

Furhter on, you need to uncomment (i.e. allow) the user we’re going to use, called “authOnlyUser” in this case, and also add string “priv” after the username “authOnlyUser”, that will enforce use of encrypted traffic, which is the main advantage here:

Step 3: Add the snmpv3 user

If the daemon is running, you need to stop it before you can add the user

Then you can create the user:

Let’s elaborate on the options further:
-ro – the user has read-only access
-a – authentication, that is the password
-A type of hash (SHA or MD5)
-x – encryption key
-X – encryption type (AES or DES)
authOnlyUser – this is the actual username

Step 4: test the connection

It’s a good idea to allow snmp only from the machine which gathers the data. You can test the connection using snmpwalk:

Step 5: Add the device to Observium

If all went well, it’s time to add the device:

The key and password used above were randomly generated and used only for the sake of better readability.

Tagged with: ,