Monitoring Linux problem - SNMP port not reachable

Votes:

0

Your Vote:

Up

Down

I've been following the following instructions to monitor my linux server (dell server - opensuse 11.2)... http://www.paessler.com/support/kb/questions/111

I've installed net-snmp, and I'm following the following instructions as recommended by prtg...

http://www.debianhelp.co.uk/snmp.htm

I changed the snmpd.conf file and I think I've done everything correctly, but when I test with "snmpwalk localhost -c public -v1", I get the following error "timeout: no response from localhost"

Can someone help with this problem?

Thanks

linux networking server-settings snmp snmpd

Created on Jun 7, 2010 3:51:28 PM by  mastr2 (0) 1

Last change on Jul 9, 2010 12:23:42 PM by  Daniel Zobel [Paessler Support] (24,941) 3 3



Best Answer

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 12 or later

Checklist: Setting up SNMP on Linux

Every so often, monitoring devices via SNMP causes issues. We collect the most common problems with SNMP in this article. On Linux systems, some additional points have to be considered. This article sums up the basic steps to set up SNMP on Linux for monitoring with PRTG. However, specific problems often require deeper analysis. If you have followed the checklist below and monitoring still does not work, do not hesitate to contact our support!

Good resources for information about SNMP on Linux systems are Debianhelp and ubuntuusers Wiki (only in German). Please refer to these pages if you need more details on this topic.

1. Set up SNMP

First, you need an SNMP server on your Linux machine. Install the packet snmpd to query network components and the packet snmp to request values (i.e., walk, get, etc.). Use the following commands: sudo apt-get install snmpd sudo apt-get install snmp After installing these packets, you have to accomplish the following configuration steps.

Basic Configuration: SNMP v1 and v2

The configuration file smpd.conf is located in the /etc/snmp directory. Please make a backup of the original file before editing.

You have to set up the SNMP server in order to allow read access from other machines. Open the configuration file with an editor. # sec.name source community com2sec paranoid default public Change the entry paranoid to readonly or readwrite. You can define sources as you want (e.g., 127.0.0.1 to allow access only from the local machine), as well as you can modify the community string. Save the changes to the configuration and restart the SNMP daemon: sudo service snmpd restart

Basic Configuration: SNMP v3

If you want to use SNMP v3, you need the packet openssl additionally. Stop the SNMP daemon and create an SNMP v3 user: sudo service snmpd stop

sudo net-snmp-config --create-snmpv3-user -ro -X DES -A MD5 -a "SNMP_PWD" -x "SNMP_PWD" username

After that, force encryption in the file /usr/share/snmp/snmpd.conf by adding AuthPriv: rouser username AuthPriv

Furthermore, delete the file /etc/snmp/snmpd.conf and create a new one with the following content:

group groupv3 usm username view all included .iso 80 # context sec.model sec.level match read write notif access groupv3 "" any auth exact all all all syslocation Unknown syscontact Root <root@localhost>

Then start the daemon again: sudo service snmpd start

2. Set up Access

By default, only requests on localhost are allowed. In order to allow access for other IPs on the monitored computer, modify the start options in the file /etc/default/snmpd. There is the following line: SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1' You have two options now:

  • In order to allow requests for all network interfaces, delete 127.0.0.1 from the line.
  • To allow requests only for specific devices, add the corresponding IPs after 127.0.0.1 separated by spaces. Then restart snmpd. You can also allow access only for specific computers by modifying /etc/snmp/snmpd.conf accordingly. Just specify the sources there with the IP addresses that should get access.

# com2sec paranoid default public # com2sec readonly default public com2sec readonly xxx.xxx.xxx.xxx/32 public com2sec readonly yyy.yyy.yyy.yyy/32 public

Note: If you have a firewall, you need to open the UDP port 161 to get access from other computers.

3. Test the Configuration with an SNMP Walk

You can test your configuration with an SNMP walk. A walk shows you lists of return values requested from a specific device. Use the following command to show a list of available data on your Linux machine: snmpwalk –v1 –c public localhost With the following command, a list of memory values on a specific device (indicated with <IP>) is returned: snmpwalk v1 –c –private <IP> memory

Note: Do not only use 127.0.0.1 for testing but also external IPs.

4. Test the Configuration with the SNMP Tester

Use the SNMP Tester to run test queries against your Linux device. This tool enables you to debug SNMP activities in order to find problems in your SNMP configuration. For more information, the download, and the manual, please refer to Paessler SNMP Tester.

5. Create Sensors in PRTG

Out of the box, PRTG already provides several SNMP sensors for Linux monitoring. You can monitor, for example, free disk space, load average, memory usage, and I/O on physical disks natively via SNMP.

Of course, you can also use the SNMP Library sensor to adjust monitoring to your needs. PRTG includes already a basic Linux OID library (ucd-snmp-mib).

  1. Create a device for the Linux machine you want to monitor (enter this computer's IP address or DNS name)
  2. On this device, create an SNMP Library sensor or one of the natively available ones.
    1. For SNMP Library sensor: From the appearing list, select the Basic linux library (ucd-snmp-mib) oidlib file.
    2. In the next step of sensor creation, you will see a list of library OIDs which indicate the available sensors. Select the sensors you want to monitor by marking the corresponding checkboxes.
  3. Click on Continue.

PRTG will start to monitor your Linux device immediately.

Created on Aug 16, 2013 3:23:34 PM by  Gerald Schoch [Paessler Support] (6,173) 2 1

Last change on Mar 13, 2014 4:44:16 PM by  Gerald Schoch [Paessler Support] (6,173) 2 1



11 Replies

Votes:

0

Your Vote:

Up

Down

Also I'm getting the following error in the net-snmpd.log...

error on subcontainer 'ia_addr' insert (-1)

Created on Jun 9, 2010 7:12:51 PM by  mastr2 (0) 1

Last change on Jun 10, 2010 12:11:57 PM by  Daniel Zobel [Paessler Support] (24,941) 3 3



Votes:

0

Your Vote:

Up

Down

Hello,

is the SNMP service running on the system at all? Because when we shut down a SNMP service on an Ubuntu - machine we received the same result:

# /etc/init.d/snmpd stop
 * Stopping network management services:
# snmpwalk localhost -c public -v1
Timeout: No Response from localhost

whereas with a running service, the service was correctly listening on port 161:

# /etc/init.d/snmpd start
# netstat -apn|grep snmpd
udp        0      0 0.0.0.0:161            0.0.0.0:*                          21018/snmpd

and also responding with 3424 lines of SNMP counters to the # snmpwalk localhost -c public -v1. Please understand that this we cannot try debugging the issue any deeper in your systems, however, maybe other users experienced something similar.

Best Regards.

Created on Jun 10, 2010 11:58:30 AM by  Torsten Lindner [Paessler Support] (19,480) 3 1



Votes:

0

Your Vote:

Up

Down

seems to be up and running when I type in:

# servcie snmpd status
checking for service snmpd              running

# netstat -apn |grep snmpd
tcp     0     0 127.0.0.1:199            0.0.0.0:*     15364/snmpd
upd    0     0 10.99.108.250:161     0.0.0.0:*     15364/snmpd

#snmpwalk localhost -c public -v1
Timeout: No Response from localhost

Any help with this would be appreciated.

Created on Jun 10, 2010 2:19:55 PM by  mastr2 (0) 1

Last change on Jun 10, 2010 2:43:39 PM by  Torsten Lindner [Paessler Support] (19,480) 3 1



Votes:

0

Your Vote:

Up

Down

Hello,

as SNMP is traditionally UPD, can you please try to do a snmpwalk on 10.99.108.250?

Best regards.

Created on Jun 10, 2010 2:44:17 PM by  Torsten Lindner [Paessler Support] (19,480) 3 1



Votes:

0

Your Vote:

Up

Down

when I do a snmpwalk 10.99.108.250 I get the following...

"snmpwalk: No securityName specified."

Created on Jun 14, 2010 3:14:25 PM by  mastr2 (0) 1



Votes:

0

Your Vote:

Up

Down

Hello,

at first it would be interesting what version of snmpwalk (or what version of the snmp-package on your system) you are using. You could check this by using the following command which is linux distribution independend:

# snmpwalk -V
NET-SNMP version: 5.4.1

"snmpwalk: No securityName specified."

This message seems to appear with older versions of SNMPd-installations. Therefor you would have to adjust the command as follows:

# snmpwalk 10.99.108.250 -c public -v1

If this doesn't succeed try the following command by switching to the SNMP-protocol version 2c:

# snmpwalk 10.99.108.250 -c public -v2c

Best regards.

Created on Jun 15, 2010 8:08:37 AM by  Michael Zeidler [Paessler Support] (112) 3 1



Votes:

0

Your Vote:

Up

Down

Hi thanks for the reply, here is what i get for each command...

  1. snmpwalk -v NET-SNMP version: 5.4.2.1
  1. snmpwalk 10.99.108.250 -c public -v1 Timeout: No Response from 10.99.108.250
  1. snmpwalk 10.99.108.250 -c public -v2c Timeout: No Response from 10.99.108.250

no sure why this happening. would be grateful for any help.

Created on Jun 15, 2010 1:33:21 PM by  mastr2 (0) 1



Votes:

0

Your Vote:

Up

Down

Hello,

I would recommend checking the routing table for the proper entry for the appropriate destination and network device (see "man route"). You could achieve this by using the "route -n" command. If the routing table is right I would afterwards check whether UDP packets are filtered by a possible running firewall blocking those packets by using the "iptables -L" command. As an alternative to check if UDP packets are filtered by a firewall you also could use "nmap -sU -p 161 10.99.108.250" (see "man nmap").

Created on Jun 16, 2010 10:26:35 AM by  Michael Zeidler [Paessler Support] (112) 3 1

Last change on Jun 16, 2010 10:31:09 AM by  Daniel Zobel [Paessler Support] (24,941) 3 3



Votes:

0

Your Vote:

Up

Down

Hi the routing table seems to be correct. In snmpd.conf 10.99.108.0 is being used.

# route -n
Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.99.108.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

169.254.0.0     0.0.0.0         255.255.0.0      U     0      0        0 eth1

127.0.0.0       0.0.0.0          255.0.0.0         U     0      0        0 lo

0.0.0.0         10.99.108.1     0.0.0.0            UG    0      0        0 eth1

There does not seem to be blocking from a firewall.

# iptables -L
Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

# nmap -sU -p 161 10.99.108.250

Starting Nmap 5.00 ( http://nmap.org ) at 2010-06-16 10:11 EDT

Interesting ports on OpenXLX (10.99.108.250):

PORT    STATE         SERVICE

161/udp open|filtered snmp

Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds

In my log files /var/log/net-snmpd.log I'm getting the following errors...

NET-SNMP version 5.4.2.1
error on subcontainer 'ia_addr' insert (-1)
error on subcontainer 'ia_addr' insert (-1)
Connection from UDP: [10.99.108.30]:2884
Connection from UDP: [10.99.108.30]:2891
Connection from UDP: [10.99.108.30]:2900
Connection from UDP: [10.99.108.30]:2908
Connection from UDP: [10.99.108.30]:2930
error on subcontainer 'ia_addr' insert (-1)
Connection from UDP: [10.99.108.30]:2931
Connection from UDP: [10.99.108.30]:2933
Connection from UDP: [10.99.108.30]:2937
Connection from UDP: [10.99.108.30]:2938
Connection from UDP: [10.99.108.30]:2939
Connection from UDP: [10.99.108.30]:2942
error on subcontainer 'ia_addr' insert (-1)
Connection from UDP: [10.99.108.30]:2946
Connection from UDP: [10.99.108.30]:2948
Connection from UDP: [10.99.108.30]:2955
Connection from UDP: [10.99.108.30]:2964
Connection from UDP: [10.99.108.30]:2971
Connection from UDP: [10.99.108.30]:2994
error on subcontainer 'ia_addr' insert (-1)
Connection from UDP: [10.99.108.30]:2995
Connection from UDP: [10.99.108.30]:2997
Connection from UDP: [10.99.108.30]:3001
error on subcontainer 'ia_addr' insert (-1)
Connection from UDP: [10.99.108.250]:35993
Connection from UDP: [10.99.108.250]:45494
error on subcontainer 'ia_addr' insert (-1)
error on subcontainer 'ia_addr' insert (-1)
Connection from UDP: [10.99.108.250]:51412
[init_smux] bind failed: Address already in use
getaddrinfo("10.99.108.250", NULL, ...): Address family for hostname not supported

Created on Jun 16, 2010 2:29:04 PM by  mastr2 (0) 1

Last change on Jun 16, 2010 3:21:48 PM by  Daniel Zobel [Paessler Support] (24,941) 3 3



Votes:

0

Your Vote:

Up

Down

Haven't heard anything from my postings. Does anyone have any other suggestions?

Thanks

Created on Jun 21, 2010 6:29:13 PM by  mastr2 (0) 1



Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 12 or later

Checklist: Setting up SNMP on Linux

Every so often, monitoring devices via SNMP causes issues. We collect the most common problems with SNMP in this article. On Linux systems, some additional points have to be considered. This article sums up the basic steps to set up SNMP on Linux for monitoring with PRTG. However, specific problems often require deeper analysis. If you have followed the checklist below and monitoring still does not work, do not hesitate to contact our support!

Good resources for information about SNMP on Linux systems are Debianhelp and ubuntuusers Wiki (only in German). Please refer to these pages if you need more details on this topic.

1. Set up SNMP

First, you need an SNMP server on your Linux machine. Install the packet snmpd to query network components and the packet snmp to request values (i.e., walk, get, etc.). Use the following commands: sudo apt-get install snmpd sudo apt-get install snmp After installing these packets, you have to accomplish the following configuration steps.

Basic Configuration: SNMP v1 and v2

The configuration file smpd.conf is located in the /etc/snmp directory. Please make a backup of the original file before editing.

You have to set up the SNMP server in order to allow read access from other machines. Open the configuration file with an editor. # sec.name source community com2sec paranoid default public Change the entry paranoid to readonly or readwrite. You can define sources as you want (e.g., 127.0.0.1 to allow access only from the local machine), as well as you can modify the community string. Save the changes to the configuration and restart the SNMP daemon: sudo service snmpd restart

Basic Configuration: SNMP v3

If you want to use SNMP v3, you need the packet openssl additionally. Stop the SNMP daemon and create an SNMP v3 user: sudo service snmpd stop

sudo net-snmp-config --create-snmpv3-user -ro -X DES -A MD5 -a "SNMP_PWD" -x "SNMP_PWD" username

After that, force encryption in the file /usr/share/snmp/snmpd.conf by adding AuthPriv: rouser username AuthPriv

Furthermore, delete the file /etc/snmp/snmpd.conf and create a new one with the following content:

group groupv3 usm username view all included .iso 80 # context sec.model sec.level match read write notif access groupv3 "" any auth exact all all all syslocation Unknown syscontact Root <root@localhost>

Then start the daemon again: sudo service snmpd start

2. Set up Access

By default, only requests on localhost are allowed. In order to allow access for other IPs on the monitored computer, modify the start options in the file /etc/default/snmpd. There is the following line: SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1' You have two options now:

  • In order to allow requests for all network interfaces, delete 127.0.0.1 from the line.
  • To allow requests only for specific devices, add the corresponding IPs after 127.0.0.1 separated by spaces. Then restart snmpd. You can also allow access only for specific computers by modifying /etc/snmp/snmpd.conf accordingly. Just specify the sources there with the IP addresses that should get access.

# com2sec paranoid default public # com2sec readonly default public com2sec readonly xxx.xxx.xxx.xxx/32 public com2sec readonly yyy.yyy.yyy.yyy/32 public

Note: If you have a firewall, you need to open the UDP port 161 to get access from other computers.

3. Test the Configuration with an SNMP Walk

You can test your configuration with an SNMP walk. A walk shows you lists of return values requested from a specific device. Use the following command to show a list of available data on your Linux machine: snmpwalk –v1 –c public localhost With the following command, a list of memory values on a specific device (indicated with <IP>) is returned: snmpwalk v1 –c –private <IP> memory

Note: Do not only use 127.0.0.1 for testing but also external IPs.

4. Test the Configuration with the SNMP Tester

Use the SNMP Tester to run test queries against your Linux device. This tool enables you to debug SNMP activities in order to find problems in your SNMP configuration. For more information, the download, and the manual, please refer to Paessler SNMP Tester.

5. Create Sensors in PRTG

Out of the box, PRTG already provides several SNMP sensors for Linux monitoring. You can monitor, for example, free disk space, load average, memory usage, and I/O on physical disks natively via SNMP.

Of course, you can also use the SNMP Library sensor to adjust monitoring to your needs. PRTG includes already a basic Linux OID library (ucd-snmp-mib).

  1. Create a device for the Linux machine you want to monitor (enter this computer's IP address or DNS name)
  2. On this device, create an SNMP Library sensor or one of the natively available ones.
    1. For SNMP Library sensor: From the appearing list, select the Basic linux library (ucd-snmp-mib) oidlib file.
    2. In the next step of sensor creation, you will see a list of library OIDs which indicate the available sensors. Select the sensors you want to monitor by marking the corresponding checkboxes.
  3. Click on Continue.

PRTG will start to monitor your Linux device immediately.

Created on Aug 16, 2013 3:23:34 PM by  Gerald Schoch [Paessler Support] (6,173) 2 1

Last change on Mar 13, 2014 4:44:16 PM by  Gerald Schoch [Paessler Support] (6,173) 2 1



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

PRTG
Network Monitor
Intuitive to Use.
Easy to manage.

150.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Visit
www.paessler.com

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

Top Tags


View all Tags