Observium and SNMPv3

network-wiredSome tasks you find yourself doing only once in a while, so they never stick in your memory for too long. Adding a new device to Observium external_link (a great monitoring tool), and that device being off the premises, so it’s actually worth bothering with SNMPv3 (because of the encryption feature, compared to v2) is definitely one of those moments.

Step 1: SNMP installation on the monitored device (it was Debian this time)

apt-get install snmp snmpd libsnmp-dev

Step 2: SNMP daemon configuration

vim /etc/snmp/snmpd.conf

Look for this line, by default the daemon listens on localhost only, so you need to add the interface on which it should listen

agentAddress  udp:,udp:

Furhter on, you need to uncomment (i.e. allow) the user we’re going to use, called “authOnlyUser” in this case, and also add string “priv” after the username “authOnlyUser”, that will enforce use of encrypted traffic, which is the main advantage here:

#  Full read-only access for SNMPv3
rouser   authOnlyUser   priv

Step 3: Add the snmpv3 user

If the daemon is running, you need to stop it before you can add the user

service snmpd stop

Then you can create the user:

net-snmp-config --create-snmpv3-user -ro -a ZM367Q7gtd2o3bB -A SHA -x roL98LMQI39hpic -X AES authOnlyUser
service snmpd start

Let’s elaborate on the options further:
-ro – the user has read-only access
-a – authentication, that is the password
-A type of hash (SHA or MD5)
-x – encryption key
-X – encryption type (AES or DES)
authOnlyUser – this is the actual username

Step 4: test the connection

It’s a good idea to allow snmp only from the machine which gathers the data. You can test the connection using snmpwalk:

snmpwalk -u authOnlyUser -A ZM367Q7gtd2o3bB -a SHA -l authnoPriv host -v3

Step 5: Add the device to Observium

If all went well, it’s time to add the device:

./add_device.php hostname ap v3 authOnlyUser ZM367Q7gtd2o3bB roL98LMQI39hpic sha aes 161 udp

The key and password used above were randomly generated and used only for the sake of better readability.