Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > SNMP Configuration


SNMP Configuration




Posted by devege, 06-11-2011, 09:06 AM
Hello, I've installed cacti, nagios and observium to try those tools. I've never used SNMP before so I just installed it on my centos server: Now I edited the snmp.conf file and changed the following: Then I started SNMPD: It looks to work, but if I fill out the following in observium, I get the error: I filled in the following SNMP community names resulting in the same error: - mypassword - devege - notConfigGroup What am I doing wrong? I also have an other question: Do I need to change some other thinfs in snmp.conf or other files for security reasons? And am I right that in this example "mypassword" gives the world access to my server (via SNMP)?
Posted by devege, 06-11-2011, 03:15 PM
Nobody has an answer? A small correction: It's the snmpd.conf file off course instead of snmp.conf.
Posted by devege, 06-11-2011, 04:36 PM
How stupid, it was the firewall blocking it off course... Now I've edited the whole /etc/snmp/snmpd.conf file to this: Is this safe, or can hackers use SNMP on my server now?
Posted by wartungsfenster, 06-11-2011, 05:09 PM
not safe restrict the snmp access via your firewall or try making another view like you had already tried.
Posted by devege, 06-11-2011, 09:18 PM
Thanks, I've now blocked port 161 for all IP's except my cacti IP. Is that what you mean? I've added my standard-configurated HP Procurve 2824 switch to cacti, and it works with the standard community name public. How can I change this? I've only given my switch an IP and a new password, so I don't know much of the HP Procurve interface. And I guess it is a read only access? Or is it also insecure?
Posted by wartungsfenster, 06-13-2011, 05:18 PM
Yeah, that should do. On "normal" switches a public snmpwalk doesn't expose all that much info. normally you see interface states, error counters, fan status and thats it on lowend. the middle ones also give out a list of their routing processes or similar. On highend switches you can change settings, too, but not as "public". very bugged ones leak info about the more privileged non-public account when accessed with public, but it's very rare and thats why people normally disable any r/w access via snmp. You can check in your manual how to change some more of the snmp settings (probably it will be via CLI) but the firewall rule gives you some basic safety.
Posted by devege, 06-13-2011, 05:30 PM
Thanks, I'll check the manual. My switch (HP Procurve 2824) gives via the public SNMP on standard settings (I've reset it and only changed the IP and password) the following information: Traffic/bandwith stats per port MAC Addresses Learnt System Uptime ICMP Informational Statistics ICMP Statistics IP Statistics IP Fragmentation Statistics SNMP Statistics SNMP Packet Type Statistics TCP Statistics UDP Statistics Processor Memory Hostname The inventory (Fans etc.) And even a "Map" where you can see its uplink, whick port, and in which port on which switch they come from (the switch of my colo provider, called "Neighbors" in observium). So then it should be at least a middle one.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Strange LVM Behavior - Slow boot (Views: 688)
manlius = rackshack? (Views: 709)
Hivelocity is unavailable (Views: 757)
Ecatel down??? (Views: 777)
"A True Reseller Host?" (Views: 816)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.