This guide demonstrates how to compile, install, and configure Net-SNMP on CentOS to enable server monitoring with services like 360 Monitoring. The steps are similar for other Linux distributions.
Compilation and Installation
Use the root account or an account with sudo privileges for installation to avoid permission issues.
1. Download the Source Code
Download a recent version of Net-SNMP. This example uses version 5.7.2 (check the Net-SNMP website for the latest stable release).
wget http://download.cloud.360.cn/yjk/net-snmp.tar.gzIf wget fails, download the file locally and upload it to your server.
2. Extract the Source Code
tar xzvf net-snmp.tar.gz3. Configure Compilation Options
cd net-snmp-5.7.2
./configure --prefix=/usr/local/snmp --with-mib-modules=ucd-snmp/diskio --enable-mfd-rewritesConfiguration parameters explained:
--prefix=/usr/local/snmp: Sets the installation directory.--with-mib-modules=ucd-snmp/diskio: Enables disk I/O monitoring support.--enable-mfd-rewrites: Allows new MFD rewrite modules for 64-bit counters, ensuring accurate network traffic data collection.
Note: During ./configure, you will be prompted to select SNMP protocol versions (1, 2c, 3). Version 1 is not recommended for security reasons. You can usually press Enter to accept the default options (including 2c and 3).
4. Compile and Install
make && make installAfter installation, the SNMP daemon is located at /usr/local/snmp/sbin/snmpd. Configuration is required before starting the service.
Authentication Configuration
Exposing SNMP on the network is a security risk. Configure authentication to restrict access. 360 Monitoring supports SNMP v2c and v3 protocols; v3 is recommended for enhanced security.
SNMP v2c Configuration
v2c uses a community string (similar to a password) for authentication. Edit the configuration file (create it if it doesn't exist):
vim /usr/local/snmp/share/snmp/snmpd.confAdd the following line:
rocommunity your_community_string defaultParameter explanation:
rocommunity: Grants read-only access.your_community_string: Replace with a custom, complex string. Do not use the defaultpublic.default: Allows access from any IP. For better security, replace with the specific IP addresses of your monitoring servers. Example:rocommunity your_community_string 101.199.100.150 rocommunity your_community_string 220.181.150.98 # ... Add more monitoring node IPs as needed
After configuration, restart the snmpd service for changes to take effect.
SNMP v3 Configuration
v3 provides encrypted transmission for greater security. Edit the main configuration file:
vim /usr/local/snmp/share/snmp/snmpd.confAdd a read-only user:
rouser your_username authNext, create the user. Edit (or create) the user configuration file:
vim /var/net-snmp/snmpd.confAdd the following line (ensure the snmpd service is not running):
createUser your_username MD5 your_passwordNotes:
- Customize
your_usernameandyour_password. - The password must be at least 8 characters long.
- This configuration is automatically removed (converted to encrypted storage) after the first snmpd start and does not need to be re-added for subsequent restarts.
Start the SNMP Service
Start the service using the absolute path:
/usr/local/snmp/sbin/snmpdTo stop the service, use:
killall -9 snmpdIt is recommended to configure a system service (systemd or init) for automatic startup on boot, which is not covered in detail here.
(Optional) Enhance Security with a Firewall
If you are familiar with iptables, you can further restrict access sources. SNMP uses UDP port 161 by default. Example rules (assuming the external network interface is eth0; replace IPs with actual monitoring node IPs):
iptables -A INPUT -i eth0 -p udp -s 101.199.100.150 --dport 161 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s 220.181.150.98 --dport 161 -j ACCEPT
# ... Add other allowed IPsFinally, set the default policy to DROP all other traffic to port 161. Be cautious, as incorrect firewall rules can make the service unavailable.
After completing these steps, you can add your server in 360 Monitoring, select the corresponding SNMP version (v2c or v3), and enter the configured community string or username/password to enable monitoring.