EV Observe - Collect Prerequisites - Linux
A Linux distribution is an operating system composed of the Linux kernel and a variety of software and utilities. Monitoring of Linux hosts is performed using the SNMP protocol which checks the status of network peripherals and analyzes issues.
To use service templates for monitoring Linux applications, specific prerequisites must first be met.
- You configure these prerequisites once only.
- This is done in two steps: Install, and then configure the SNMP service on Linux machines based on the type of distribution.
Notes
- There are hundreds of Linux distributions, each with its specific characteristics. The procedures described below are applicable to Debian, Ubuntu (a mainstream solution) and Red Hat Enterprise Linux (a commercial market solution).
Caution
- Perform a backup of the SNMP configuration file prior to modification.
Procedure: How to configure Linux monitoring prerequisites
For Debian and Ubuntu
Configure the SNMP V2 service
Step 1: Install the SNMP V2 service
1. Run the command below to install SNMP.
root@localhost # apt install snmpd snmp libsnmp-dev
Step 2: Configure the SNMP V2 service
1. Run the command below to perform a backup of the /etc/snmp/snmpd.conf configuration file.
root@localhost # cp /etc/snmp/snmpd.conf{,.bak}
2. Configure the configuration file.
- Run the command below to open the file.
root@localhost # vi /etc/snmp/snmpd.conf
- Authorize read access to SNMP data. To do this, add or uncomment the lines below.
Replace the values in yellow with the values of your environment.
#AGENT#
agentAddress udp:127.0.0.1:161,udp:<Listening Interface IP>:161
#ACCESS CONTROL#
rocommunity <Community> localhost
rocommunity <Community> <Box IP>
- Save your modifications.
3. Run the command below to restart the SNMP service.
systemctl restart snmpd
Step 3: Check that the SNMP V2 service is correctly configured
1. Run the command below to test the SNMP service.
root@localhost # snmpwalk -v2c -c <Community> IP
2. Check that data is correctly sent as shown in the results below.
SNMPv2-MIB::sysDescr.0 = STRING: Linux test 5.15.0-46-generic #49-Ubuntu SMP Thu Aug 4 18:03:25 UTC 2022 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
Configure the SNMP V3 service
Step 1: Install the SNMP V3 service
1. Run the command below to install SNMP.
root@localhost # apt install snmpd snmp libsnmp-dev
Step 2: Configure the SNMP V3 service
1. Run the command below to perform a backup of the /etc/snmp/snmpd.conf configuration file.
root@localhost # cp /etc/snmp/snmpd.conf{,.bak}
2. Configure the configuration file.
- Run the command below to open the file.
root@localhost # vi /etc/snmp/snmpd.conf
- Authorize read access to SNMP data. To do this, add or uncomment the lines below.
Replace the values in yellow with the values of your environment.
#AGENT#
agentAddress udp:127.0.0.1:161,udp:<Listening Interface IP>:161
- Save your modifications.
3. Create a dedicated user for SNMP V3.
- Run the command below to stop the SNMP service.
systemctl stop snmpd
- Run the command below to create the dedicated user.
net-snmp-create-v3-user -ro -A MyAuthPass -a SHA -X MyPrivPass -x AES MyUserName
- Run the commands below to enable and restart the SNMP service.
systemctl enable snmpd
systemctl start snmpd
Step 3: Check that the SNMP V3 service is correctly configured
1. Run the command below to test the SNMP service.
root@localhost # snmpwalk -v3 -a SHA -A MyAuthPass -x AES -X MyPrivPass -l authPriv -u MyUserName <IP> | head
2. Check that data is correctly sent as shown in the results below.
SNMPv2-MIB::sysDescr.0 = STRING: Linux 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
For Red Hat Enterprise Linux
Configure Red Hat Enterprise Linux versions 3 and 4
Note:
- The OpenIPMI driver is the supported driver for Linux Red Hat Enterprise versions 3 and 4, and is based on the Net-SNMP version shipped with these distributions.
- IBM Director Core Services requires Net-SNMP 5.2.1, which may be different from the one installed. If this is the case, install Net-SNMP 5.2.1 without uninstalling the existing Net-SNMP version. This allows SNMP and traps to be accessible for IBM Director without compromising the performance of OpenIPMI services.
Step 1: Install Net-SNMP libraries
Note:
- This procedure does not provide details on how to perform a full installation for Net-SNMP. It only describes the installation of the libraries required by IBM Director Core Services for SNMP functionalities.
- To find out more about the installation, see the INSTALL and README files shipped with the installation package.
1. Download the file called net-snmp-5.2.1.tar.gz from the Net-SNMP website.
2. Build and install Net-SNMP libraries.
- Run the command below to extract the source files from the package.
tar -xvzf net-snmp-5.2.1.tar.gz
- Run the command below to modify the source folder.
cd net-snmp-5.2.1
- Run the commands below to build Net-SNMP libraries using the default options.
./configure --with-defaults
make
- Run the command below to install the Net-SNMP libraries in the /usr/local/lib folder only.
make installlibs
Step 2: Enable trap forwarding
1. Edit the configuration file called /etc/init.d/dacimlist.
2. Uncomment the following lines at the end of the SNMP End Consumer section.
LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH
Note: The modifications made to the configuration will be applied once you restart the cimlistener daemon.
3. Save your modifications.
Step 3: Enable SNMP access
1. Edit the configuration file called /etc/init.d/dasnmp.
2. Uncomment the following lines in the section on the Net-SNMP library path.
LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH
3. Save your modifications.
Step 4: Configure the SNMP daemon shipped with Red Hat Enterprise Linux for supporting AgentX agents
See the relevant documentation on the Net-SNMP website
1. Create the /usr/local/share/snmp/snmpd.conf configuration file that will be dedicated to the configuration of trapcommunity and trapsink parameters.
2. Specify the community to be used for trap forwarding by adding a line to the trapcommunity parameter in the configuration file.
example public community
trapcommunity public
3. Specify the IP address where IBM Director will send SNMP traps by adding a line to the trapsink parameter in the configuration file.
example IP address 192.168.1.1
trapsink 192.168.1.1
4. Save your modifications.
5. Run the commands below to stop and restart the cimlistener daemon.
/etc/init.d/dacimlist stop
/etc/init.d/dacimlist start
6. Run the commands below to stop and restart the IBM Director AgentX subagent.
/etc/init.d/dasnmp stop
/etc/init.d/dasnmp start
Configure Red Hat Enterprise Linux version 7
Note:
- The SNMP agent shipped with Red Hat Enterprise Linux 7 must be configured in order to provide network performance data using the SNMP protocol.
- The Net-SNMP software suite is available as a set of RPM packages in the Red Hat Enterprise Linux software distribution.
See the relevant Red Hat Enterprise Linux documentation on Installing Packages - The Net-SNMP Agent Daemon is found in the net-snmp package.
Step 1: Install Net-SNMP
1. Install the package using the Red Hat package manager, Yum. To do this, run the command below as root.
Replace <Package to install> with the packages to be installed.
~]# yum install <Package to install>
example Install the SNMP Agent Daemon, netsnmp library and SNMP clients ==> net-snmp net-snmp-libs net-snmp-utils
~]# yum install net-snmp net-snmp-libs net-snmp-utils
Step 2: Configure the Net-SNMP agent
Note: The Net-SNMP Agent Daemon supports all three versions of the SNMP protocol.
- Versions 1 and 2c provide for simple authentication using a community string. This string is a shared secret between the agent and any client utilities. However, the string is passed in clear text over the network. As such, it is not considered secure.
- Version 3 supports user authentication and message encryption using a variety of protocols. The Net-SNMP agent also supports tunneling over SSH, TLS authentication with X.509 certificates and Kerberos authentication.
Configure the Net-SNMP agent using an SNMP version 2c community
1. Configure the Net-SNMP agent.
- Open the configuration file called /etc/snmp/snmpd.conf.
- Add the line below to specify the SNMP community.
directive community [source [OID]]
Parameter List:
- directive: Indicates the type of access.
- rocommunity: Provides read-only access.
- rwcommunity: Provides read and write access.
- community: Community string.
- source: IP address or subnet.
- OID: SNMP tree to which access must be provided.
example Provide read-only access to the system tree to a client using the community string redhat on the local machine
rocommunity redhat 127.0.0.1 .1.3.6.1.2.1.1
2. Check the configuration of the Net-SNMP agent.
- Run the command below.
~]# snmpwalk -v2c -c
- Check that data is correctly sent as shown in the results below.
redhat localhost system SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (101376) 0:16:53.76 SNMPv2-MIB::sysContact.0 = STRING: UNIX Admin <admin@example.com> SNMPv2-MIB::sysName.0 = STRING: localhost.localdomain SNMPv2-MIB::sysLocation.0 = STRING: Datacenter, Row 4, Rack 3[output truncated]
Configure the Net-SNMP agent using a dedicated SNMP V3 user
1. Stop the snmpd service. To do this, run the command below as root.
systemctl stop snmpd.service
2. Run the command below to create the dedicated user.
net-snmp-create-v3-user
3. Enter the required information for the system prompts in order to configure the dedicated user and provide access.
example Configure and provide read and write access to an SNMP V3 admin user whose pass-phrase is redhatsnmp
- Specify the user name and password.
Enter a SNMPv3 user name to create:
admin
Enter authentication pass-phrase:
redhatsnmp
- Specify the encryption information.
Enter encryption pass-phrase:
[press return to reuse the authentication pass-phrase]
- Specify the user to be created in the /var/lib/net-snmp/snmpd.conf configuration file.
adding the following line to /var/lib/net-snmp/snmpd.conf:
createUser admin MD5 "redhatsnmp" DES
- Specify the access to be provided to the user in the /etc/snmp/snmpd.conf configuration file.
adding the following line to /etc/snmp/snmpd.conf:
rwuser admin
Use the following syntax.
directive user [noauth|auth|priv] [OID]
Parameter List:
- directive: Indicates the type of access.
- rouser: Provides read-only access.
- rwuser: Provides read and write access.
- user: Name of the user.
- Authentication options when requests are sent to the agent:
- auth: Default value. Only authenticated requests are authorized.
- noauth: Non-authenticated requests are authorized.
- priv: Encryption is applied.
- authpriv: Requests must be authenticated and replies encrypted.
- OID: SNMP tree to which access must be provided.
example Provide read and write access to the entire tree to the admin user
rwuser admin authpriv .1
4. Check the configuration of the Net-SNMP agent.
- Create a configuration file called /.snmp/snmp.conf in the personal folder of the dedicated SNMP V3 user.
- Configure the file by specifying the user and authentication parameters to be used when requests are sent to the agent. To do this, add the following rows to the file.
defVersion 3
defSecurityLevel authPriv
defSecurityName admin
defPassphrase redhatsnmp
- Restart the snmpd service. To do this, run the command below as root.
systemctl start snmpd.service
- Run the command below to check the configuration.
~]# snmpwalk -v2c -c redhat localhost system
5. (optional) You can configure the snmpd service so that the Net-SNMP agent will automatically start when booted. To do this, run the command below as root.
systemctl enable snmpd.service