Troubleshooting snmpd.conf
SNMP binds only to 127.0.0.1 (localhost)
After going in the configurations inside snmpd.conf
I tried:

    – using snmpconf (script based config).
    # snmpconf
    – editing snmpd.conf and changing the source field
    #vim /etc/snmp/snmpd.conf


    # sec.name source community
    com2sec paranoid default public
    com2sec readonly 10.10.10.0/24 public


    – #netstat -natup|grep 161

    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1617/portmap
    udp 0 0 127.0.0.1:161 0.0.0.0:* 5463/snmpd
    udp 0 0 0.0.0.0:111 0.0.0.0:* 1617/portma

    -Checking the running processes
    – #ps -aux | grep snmpd

    snmp 5463 0.0 0.7 7592 4072 ? S 14:45 0:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1

#snmpwalk -c test -v 2c localhost system
Worked fine
#snmpwalk -c test -v 2c 10.10.10.1 system
Did not work!
At this point it was clear to me the problem was the service listening only in the localhost 127.0.0.1

    Solution, Edit:

#vim /etc/default/snmpd


# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′
# Remove the 127.0.0.1 (otherwise it will be only in the localhost interface)
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid’

Restart the SNMPD
#/etc/init.d/snmpd restart
By default (at least under Debian) the snmpd binds itself only to the 127.0.0.1 IP.

Tags: , , , , , , ,

3 thoughts on “snmpd.conf

  1. You sir, are a genuis!
    This problem was driving me batty, that change to /etc/default/snmpd fixed it right up.
    Thanks.

  2. i have reinstalled my net-snmp-5.4.2.1 on ubuntu-8.04 hardy( and its
    only ipv6 host, address assigned to it is 2001:468::3/64 on eth0
    interface and eth1 im using for dhcp-internet connection). Sir, i have
    new problem, my snmpd is start now and i am also getting its pid and
    port no.(as 161) but im not getting the result of snmpwalk (both for
    localhost and remotehost). i run the following commands–
    #snmpwalk -v2c -c public localhost system ; on local host
    output-timeout no response from localhost
    #snmpwalk -v2c -c public 192.168.122.3 system ; on remotehost(
    remotehost is having ip 192.168.1.2 and its ipv4 only machine. im
    doing the project ipv4 to ipv6 migration and vice versa. im using 3
    pc’s here ist is ipv6 pc(add-2001:468::3/64) , 2nd pc is ipv4 only
    (add-192.168.1.2) and 3rd one is nat-pt box which maps the ipv4
    address corresponds to the ipv6 here in the case it maps 192.168.122.3
    to the 2001:468::3/64. add. of nat-pt is 192.168.1.1)
    output-timeout no response from 192.168.122.3
    im attaching my /etc/default/snmpd , /etc/snmp/snmpd.conf and
    /usr/local/share/snmp/snmpd.conf( snmpd.conf file is same for
    /etc/snmp and /usr/local/share/snmp directories). please tel me what
    changes should i do in my default and snmpd.conf files so that my
    snmpwalk starts working. Please help me soon.
    Thanks Alot
    ————————————————-
    snmpd.conf
    #
    # – created by the snmpconf configuration program
    #
    ###########################################################################
    # SECTION: Monitor Various Aspects of the Running Host
    #
    # The following check up on various aspects of a host.
    # proc: Check for processes that should be running.
    # proc NAME [MAX=0] [MIN=0]
    #
    # NAME: the name of the process to check for. It must match
    # exactly (ie, http will not find httpd processes).
    # MAX: the maximum number allowed to be running. Defaults to 0.
    # MIN: the minimum number to be running. Defaults to 0.
    #
    # The results are reported in the prTable section of the UCD-SNMP-MIB tree
    # Special Case: When the min and max numbers are both 0, it assumes
    # you want a max of infinity and a min of 1.
    proc mountd
    proc ntalkd 4
    proc sendmail 10 1
    # disk: Check for disk space usage of a partition.
    # The agent can check the amount of available disk space, and make
    # sure it is above a set limit.
    #
    # disk PATH [MIN=100000]
    #
    # PATH: mount path to the disk in question.
    # MIN: Disks with space below this value will have the Mib’s errorFlag set.
    # Can be a raw byte value or a percentage followed by the %
    # symbol. Default value = 100000.
    #
    # The results are reported in the dskTable section of the UCD-SNMP-MIB tree
    disk / 10000
    # load: Check for unreasonable load average values.
    # Watch the load average levels on the machine.
    #
    # load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
    #
    # 1MAX: If the 1 minute load average is above this limit at query
    # time, the errorFlag will be set.
    # 5MAX: Similar, but for 5 min average.
    # 15MAX: Similar, but for 15 min average.
    #
    # The results are reported in the laTable section of the UCD-SNMP-MIB tree
    load 12 14 14
    ###########################################################################
    # SECTION: System Information Setup
    #
    # This section defines some of the information reported in
    # the “system” mib group in the mibII tree.
    # syscontact: The contact information for the administrator
    # Note that setting this value here means that when trying to
    # perform an snmp SET operation to the sysContact.0 variable will make
    # the agent return the “notWritable” error code. IE, including
    # this token in the snmpd.conf file will disable write access to
    # the variable.
    # arguments: contact_string
    #syscontact G. S. Marzot
    syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
    syscontact Root (configure /etc/snmp/snmpd.local.conf)
    #syslocation bhwon.pyroworks.co.kr No.1
    #syscontact Root (configure /etc/snmp/snmp.local.conf)
    ###########################################################################
    # SECTION: Extending the Agent
    #
    # You can extend the snmp agent to have it return information
    # that you yourself define.
    # exec: run a simple command using exec()
    # arguments: [oid] name /path/to/executable arguments
    exec echotest /bin/echo hello world
    ###########################################################################
    # SECTION: Agent Operating Mode
    #
    # This section defines how the agent will operate when it
    # is running.
    # agentaddress: The IP address and port number that the agent will listen on.
    # By default the agent listens to any and all traffic from any
    # interface on the default SNMP port (161). This allows you to
    # specify which address, interface, transport type and port(s) that you
    # want the agent to listen on. Multiple definitions of this token
    # are concatenated together (using ‘:’s).
    # arguments: [transport:]port[@interface/address],…
    agentaddress udp:161,udp6:161
    ###########################################################################
    # SECTION: Access Control Setup
    #
    # This section defines who is allowed to talk to your running
    # snmp agent.
    # rwuser: a SNMPv3 read-write user
    # arguments: user [noauth|auth|priv] [restriction_oid]
    #rwuser initial priv
    # rocommunity: a SNMPv1/SNMPv2c read-only access community name
    # arguments: community [default|hostname|network/bits] [oid]
    #rocommunity public
    rocommunity6 public
    #
    # Unknown directives read in from other files by snmpconf
    #
    #com2sec readonly default public
    com2sec6 readonly default public
    #com2sec local 127.0.0.1 public
    com2sec6 local localhost public
    com2sec6 mynetwork 2001:468::3 public
    group MyRWGroup v1 local
    group MyRWGroup v2c local
    group MyRWGroup usm local
    group MyRWGroup usm initial
    group MyROGroup v1 mynetwork
    group MyROGroup v2c mynetwork
    group MyROGroup usm mynetwork
    group MyRWGroup v1 any
    group MyRWGroup v2c any
    view all included .1 80
    view system included .iso.org.dod.internet.mgmt.mib-2.system
    access MyROGroup “” any noauth exact all none none
    access MyRWGroup “” any noauth exact all all none
    access MyROSystem “” any noauth exact system none none
    createUser initial MD5 auth_pass DES priv_pass
    —————————————————-
    Below is the /etc/default/snmpd
    # This file controls the activity of snmpd and snmptrapd
    # MIB directories. /usr/share/snmp/mibs is the default, but
    # including it here avoids some strange problems.
    export MIBDIRS=/usr/share/snmp/mibs
    # snmpd control (yes means start daemon).
    SNMPDRUN=yes
    # snmpd options (use syslog, close stdin/out/err).
    #SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′
    SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf’
    #SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid udp6:161 udp:161′
    # snmptrapd control (yes means start daemon). As of net-snmp version
    # 5.0, master agentx support must be enabled in snmpd before snmptrapd
    # can be run. See snmpd.conf(5) for how to do this.
    TRAPDRUN=yes
    # snmptrapd options (use syslog).
    TRAPDOPTS=’-Lsd -p /var/run/snmptrapd.pid’
    # create symlink on Debian legacy location to official RFC path
    SNMPDCOMPAT=yes
    —————————————————–
    cat /var/log/snmpd.log
    Warning: no access control information configured.
    It’s unlikely this agent can serve any useful purpose in this state.
    Run “snmpconf -g basic_setup” to help you configure the snmpd.conf file for this agent.
    NET-SNMP version 5.4.2.1
    I was getting some problems in attaching my files so i mentioned those file here only.

  3. Hi,
    I can do
    snmpwalk -v 2c -c localhost
    Works as expected
    but with snmpv3 on localhost
    snmpwalk -v 3 -u -l authNoPriv -a md5 -A localhost
    Gives error : Timeout : no response from localhost
    and with snmpv3 on remote
    snmpwalk -v 3 -u -l authNoPriv -a md5 -A 192.168.x.X
    Works as expected
    Please let me know if am i missing any configuration here
    Details:
    snmpd running ” /usr/bin/snmpd -f -c /etc/snmp/snmpd.conf”
    ~ $ netstat -natu | grep 161
    udp 0 0 0.0.0.0:161 0.0.0.0:*
    ~ $

Leave a Reply

Your email address will not be published. Required fields are marked *