{"id":1082,"date":"2014-06-01T21:15:08","date_gmt":"2014-06-01T20:15:08","guid":{"rendered":"https:\/\/www.hutsky.cz\/blog\/?p=1082"},"modified":"2016-03-11T19:25:29","modified_gmt":"2016-03-11T18:25:29","slug":"observium-and-snmpv3","status":"publish","type":"post","link":"https:\/\/www.hutsky.cz\/blog\/2014\/06\/observium-and-snmpv3\/","title":{"rendered":"Observium and SNMPv3"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-1092\" alt=\"network-wired\" src=\"https:\/\/www.hutsky.cz\/blog\/wp-content\/uploads\/network-wired.png\" width=\"100\" height=\"100\" \/>Some tasks you find yourself doing only once in a while, so they never stick in your memory for too long. Adding a new device to <a href=\"http:\/\/www.observium.org\/\">Observium<\/a> <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-11\" alt=\"external_link\" src=\"https:\/\/www.hutsky.cz\/blog\/wp-content\/uploads\/external_link.png\" width=\"10\" height=\"10\" \/> (a great monitoring tool), and that device being off the premises, so it&#8217;s actually worth bothering with SNMPv3 (because of the encryption feature, compared to v2) is definitely one of those moments.<\/p>\n<p>Step 1: SNMP installation on the monitored device (it was Debian this time)<\/p>\n<pre>apt-get install snmp snmpd libsnmp-dev<\/pre>\n<p>Step 2: SNMP daemon configuration<\/p>\n<pre>vim \/etc\/snmp\/snmpd.conf<\/pre>\n<p>Look for this line, by default the daemon listens on localhost only, so you need to add the interface on which it should listen<\/p>\n<pre>agentAddress\u00a0 udp:127.0.0.1:161,udp:192.168.1.105:161<\/pre>\n<p>Furhter on, you need to uncomment (i.e. allow) the user we&#8217;re going to use, called &#8220;authOnlyUser&#8221; in this case, and also add string &#8220;priv&#8221; after the username &#8220;authOnlyUser&#8221;, that will enforce use of encrypted traffic, which is the main advantage here:<\/p>\n<pre>#\u00a0 Full read-only access for SNMPv3\r\nrouser\u00a0\u00a0 authOnlyUser   priv<\/pre>\n<p>Step 3: Add the snmpv3 user<\/p>\n<p>If the daemon is running, you need to stop it before you can add the user<\/p>\n<pre>service snmpd stop<\/pre>\n<p>Then you can create the user:<\/p>\n<pre>net-snmp-config --create-snmpv3-user -ro -a\u00a0ZM367Q7gtd2o3bB -A SHA -x\u00a0roL98LMQI39hpic -X AES authOnlyUser<\/pre>\n<pre>service snmpd start<\/pre>\n<p>Let&#8217;s elaborate on the options further:<br \/>\n-ro &#8211; the user has read-only access<br \/>\n-a &#8211; authentication, that is the password<br \/>\n-A type of hash (SHA or MD5)<br \/>\n-x &#8211; encryption key<br \/>\n-X &#8211; encryption type (AES or DES)<br \/>\nauthOnlyUser &#8211; this is the actual username<\/p>\n<p>Step 4: test the connection<\/p>\n<p>It&#8217;s a good idea to allow snmp only from the machine which gathers the data. You can test the connection using snmpwalk:<\/p>\n<pre>snmpwalk -u authOnlyUser -A ZM367Q7gtd2o3bB -a SHA -l authnoPriv host -v3<\/pre>\n<p>Step 5: Add the device to Observium<\/p>\n<p>If all went well, it&#8217;s time to add the device:<\/p>\n<pre>.\/add_device.php hostname ap v3 authOnlyUser\u00a0ZM367Q7gtd2o3bB\u00a0roL98LMQI39hpic sha aes 161 udp<\/pre>\n<p>The key and password used above were randomly generated and used only for the sake of better readability.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some tasks you find yourself doing only once in a while, so they never stick in your memory for too long. Adding a new device to Observium (a great monitoring tool), and that device being off the premises, so it&#8217;s &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"more-link\" href=\"https:\/\/www.hutsky.cz\/blog\/2014\/06\/observium-and-snmpv3\/\"> <span class=\"screen-reader-text\">Observium and SNMPv3<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[10,38],"class_list":["post-1082","post","type-post","status-publish","format-standard","hentry","category-operatingsystems","tag-debian","tag-networking"],"_links":{"self":[{"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/posts\/1082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/comments?post=1082"}],"version-history":[{"count":18,"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/posts\/1082\/revisions"}],"predecessor-version":[{"id":1402,"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/posts\/1082\/revisions\/1402"}],"wp:attachment":[{"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/media?parent=1082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/categories?post=1082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hutsky.cz\/blog\/wp-json\/wp\/v2\/tags?post=1082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}