Rolling out a Simple Network Monitoring Protocol (SNMP) user can be labor intensive task. If you have one hundred Linux machines or network devices, it would be incredibly inefficient to have to SSH into every device and copy/paste commands over and over, then manually enter each device into your network management station. Luckily, there are better ways to accomplish this. I deployed a fresh LibreNMS virtual machine, and now it was time to add some devices to monitor.
Netmiko and Ansible are my go-to tools for automation right now. Ansible makes it easy to quickly push configuration to Linux machines. Ansible does not require you to install anything on the machines you need to control, instead, you just need to be able to establish a SSH connection from your control machine to the host that is to be controlled. Netmiko works in a similar fashion, but the framework is geared entirely towards network devices.
I am not a software developer and I don’t intend to become one. I am just using these tools to complete a task and save time. I am aware that there may be better ways code certain things, but for the moment being, I need to be careful of scope creep.
Using the built-in modules, the Ansible script completes the following actions on RHEL/CentOS machines:
- Installs Net-SNMP from the YUM repository.
- Creates SNMPv3 user.
- Opens SNMP ports on the firewall.
- Starts and enables Net-SNMP to start on system boot.
- Restarts the firewall to let changes take effect.
The script can found on my Github page: https://github.com/avloboda/Linux_toolkit/tree/master/deploy_snmp_ansible
Using the Netmiko library, the Python script completes the following actions on Cisco IOS devices:
- Creates SNMPv3 group named “SecSNMP” that uses the priv security model.
- Creates SNMPv3 user named “Librenms” and assigns the user to the SecSNMP group. Establishes the users credentials and encryption methods.
- Configures the device to send SNMPv3 traps to a specified host.
The script can be found on my Github page: https://github.com/avloboda/IOS_toolkit/tree/master/deploy_snmp
At this point, our SNMP agents are configured with the proper credentials and are ready to be polled by a network management station. In my case, that is LibreNMS, which actually comes with a script that will automatically add your devices to its database. The auto discovery script just requires you to edit the credentials and the network address/prefix information in the config.php file that is located in the LibreNMS installation folder. Then, you would run the snmp-scan.py script, which is located in the same folder. This script will scan for SNMP devices in the network you specified and add them to the LibreNMS database.
By now, LibreNMS is polling and basic monitoring is set up!