Configure SNMP MIBs for Vendor Monitoring v2c/v3

Learn to install and configure custom vendor MIB files for specialized network device monitoring using both SNMP v2c and v3 protocols with authentication and encryption.

Prerequisites

Root or sudo access
Network connectivity to monitored devices
Vendor MIB files from device manufacturers

What this solves

Standard SNMP monitoring only covers generic metrics like interface statistics and system information. Vendor-specific MIBs unlock detailed monitoring of specialized hardware features like power supply status, temperature sensors, RAID arrays, and custom application metrics. This tutorial shows you how to install vendor MIB files and configure both SNMP v2c and v3 monitoring with proper authentication and encryption.

Step-by-step installation

Install SNMP daemon and utilities

Install the SNMP daemon, client utilities, and MIB browser tools needed for vendor-specific monitoring.

sudo apt update
sudo apt install -y snmp snmpd snmp-mibs-downloader libsnmp-dev
sudo download-mibs

sudo dnf install -y net-snmp net-snmp-utils net-snmp-devel
sudo dnf install -y epel-release
sudo dnf install -y net-snmp-perl

Configure MIB search paths

Set up the directory structure and configure where SNMP tools look for MIB files.

sudo mkdir -p /usr/share/snmp/mibs/vendor
sudo mkdir -p /etc/snmp/mibs

# Configure MIB search paths
mibs +ALL
mibdirs /usr/share/snmp/mibs:/usr/share/snmp/mibs/vendor:/etc/snmp/mibs

Disable MIB warnings for unknown objects
dontLogTCPWrappersConnects yes
logTimestamp yes

Download and install vendor MIB files

Download MIB files from your vendor's support site and install them properly. This example shows Cisco and Dell MIBs.

# Create vendor-specific directories
sudo mkdir -p /usr/share/snmp/mibs/vendor/cisco
sudo mkdir -p /usr/share/snmp/mibs/vendor/dell
sudo mkdir -p /usr/share/snmp/mibs/vendor/hp

# Download example Cisco MIBs (replace URLs with actual vendor links)
cd /tmp
wget https://www.cisco.com/c/dam/en/us/td/docs/ios-xml/ios/snmp/mibs/all-mibs.zip
unzip all-mibs.zip
sudo cp *.my /usr/share/snmp/mibs/vendor/cisco/

Set proper permissions
sudo chown root:root /usr/share/snmp/mibs/vendor/cisco/*
sudo chmod 644 /usr/share/snmp/mibs/vendor/cisco/*

Configure SNMP v2c community strings

Set up community-based authentication for SNMP v2c monitoring with read-only and read-write access.

# SNMP v2c community configuration
Read-only community for monitoring
rocommunity monitoring_readonly default
rocommunity6 monitoring_readonly default

Read-write community for configuration (use sparingly)
rwcommunity config_readwrite localhost

System information
sysLocation "Data Center A, Rack 23"
sysContact "network-admin@example.com"
sysName "network-switch-01"

Agent address and port
agentAddress udp:161,udp6:[::1]:161

Disable default public community
rocommunity public default

Disk and load monitoring
disk / 10000
load 12 14 14

Process monitoring
proc sshd
proc snmpd

Configure SNMP v3 users and authentication

Create SNMP v3 users with authentication and privacy encryption for secure monitoring.

# Stop snmpd to modify v3 configuration
sudo systemctl stop snmpd

# Add SNMP v3 configuration to existing file

SNMP v3 User configuration
Auth protocol: MD5 or SHA
Privacy protocol: DES or AES

Read-only user with authentication only
createUser monitor_user MD5 "StrongAuthPassword123!"
rouser monitor_user

Read-write user with authentication and privacy
createUser admin_user SHA "StrongAuthPassword456!" AES "StrongPrivPassword789!"
rwuser admin_user

Read-only user with both auth and privacy
createUser secure_monitor SHA "MonitorAuthPass321!" AES "MonitorPrivPass654!"
rouser secure_monitor

Security model configuration
com2sec notConfigUser default public
com2sec configUser localhost config_readwrite
com2sec readUser default monitoring_readonly

group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
group configGroup v2c configUser
group readGroup v2c readUser

view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1

access notConfigGroup "" any noauth exact systemonly none none
access configGroup "" any noauth exact all all none
access readGroup "" any noauth exact all none none

Configure vendor-specific OID monitoring templates

Create monitoring templates for common vendor-specific metrics using their custom MIBs.

# Cisco device monitoring OIDs
CPU utilization (5-minute average)
ciscoMemoryPoolUsed .1.3.6.1.4.1.9.9.48.1.1.1.5
ciscoCPUTotal5min .1.3.6.1.4.1.9.9.109.1.1.1.1.8

Interface specific metrics
ciscoInterfaceAlias .1.3.6.1.4.1.9.9.46.1.3.1.1.18
ciscoInterfaceDescription .1.3.6.1.4.1.9.9.46.1.6.1.1.14

Dell PowerEdge server monitoring
Temperature sensors
dellTemperatureProbeReading .1.3.6.1.4.1.674.10892.1.700.20.1.6
dellTemperatureProbeStatus .1.3.6.1.4.1.674.10892.1.700.20.1.5

Power supply status
dellPowerSupplyStatus .1.3.6.1.4.1.674.10892.1.600.12.1.5
dellPowerSupplyType .1.3.6.1.4.1.674.10892.1.600.12.1.7

Fan status
dellFanStatus .1.3.6.1.4.1.674.10892.1.700.12.1.5
dellFanSpeed .1.3.6.1.4.1.674.10892.1.700.12.1.6

RAID controller status
dellVirtualDiskStatus .1.3.6.1.4.1.674.10892.1.1100.20.1.4
dellPhysicalDiskStatus .1.3.6.1.4.1.674.10892.1.1100.25.1.4

Create monitoring scripts for custom metrics

Develop scripts to query vendor-specific OIDs and format the output for monitoring systems.

#!/bin/bash

SNMP vendor monitoring script
Usage: ./snmp-vendor-monitor.sh   

TARGET_IP="$1"
COMMUNITY="$2"
VERSION="$3"

if [ $# -ne 3 ]; then
    echo "Usage: $0   "
    echo "Version: 2c or 3"
    exit 1
fi

check_cisco_metrics() {
    echo "=== Cisco Device Metrics ==="
    
    # CPU utilization
    CPU=$(snmpget -v${VERSION} -c${COMMUNITY} ${TARGET_IP} .1.3.6.1.4.1.9.9.109.1.1.1.1.8.1 2>/dev/null | cut -d' ' -f4)
    echo "CPU 5min avg: ${CPU}%"
    
    # Memory utilization
    MEM_USED=$(snmpget -v${VERSION} -c${COMMUNITY} ${TARGET_IP} .1.3.6.1.4.1.9.9.48.1.1.1.5.1 2>/dev/null | cut -d' ' -f4)
    MEM_TOTAL=$(snmpget -v${VERSION} -c${COMMUNITY} ${TARGET_IP} .1.3.6.1.4.1.9.9.48.1.1.1.6.1 2>/dev/null | cut -d' ' -f4)
    if [ -n "$MEM_USED" ] && [ -n "$MEM_TOTAL" ]; then
        MEM_PERCENT=$((MEM_USED * 100 / MEM_TOTAL))
        echo "Memory usage: ${MEM_PERCENT}% (${MEM_USED}/${MEM_TOTAL})"
    fi
}

check_dell_metrics() {
    echo "=== Dell PowerEdge Metrics ==="
    
    # Temperature sensors
    snmpwalk -v${VERSION} -c${COMMUNITY} ${TARGET_IP} .1.3.6.1.4.1.674.10892.1.700.20.1.6 2>/dev/null | while read line; do
        TEMP=$(echo $line | cut -d' ' -f4)
        SENSOR=$(echo $line | cut -d'.' -f2)
        echo "Temperature sensor ${SENSOR}: ${TEMP}°C"
    done
    
    # Power supply status
    snmpwalk -v${VERSION} -c${COMMUNITY} ${TARGET_IP} .1.3.6.1.4.1.674.10892.1.600.12.1.5 2>/dev/null | while read line; do
        STATUS=$(echo $line | cut -d' ' -f4)
        PSU=$(echo $line | cut -d'.' -f2)
        case $STATUS in
            1) STATUS_TEXT="Other" ;;
            2) STATUS_TEXT="Unknown" ;;
            3) STATUS_TEXT="OK" ;;
            4) STATUS_TEXT="Non-critical" ;;
            5) STATUS_TEXT="Critical" ;;
            6) STATUS_TEXT="Non-recoverable" ;;
            *) STATUS_TEXT="Unknown($STATUS)" ;;
        esac
        echo "Power Supply ${PSU}: ${STATUS_TEXT}"
    done
}

Determine device type and check appropriate metrics
SYS_OID=$(snmpget -v${VERSION} -c${COMMUNITY} ${TARGET_IP} .1.3.6.1.2.1.1.2.0 2>/dev/null | cut -d' ' -f4)

case $SYS_OID in
    .1.3.6.1.4.1.9.) check_cisco_metrics ;;
    .1.3.6.1.4.1.674.) check_dell_metrics ;;
    *) echo "Unknown or unsupported device type: $SYS_OID" ;;
esac

sudo chmod +x /usr/local/bin/snmp-vendor-monitor.sh

Configure SNMP v3 authentication script

Create a script for SNMP v3 monitoring with authentication and privacy.

#!/bin/bash

SNMP v3 monitoring script with authentication and privacy
Usage: ./snmp-v3-monitor.sh    

TARGET_IP="$1"
USERNAME="$2"
AUTH_PASS="$3"
PRIV_PASS="$4"

if [ $# -ne 4 ]; then
    echo "Usage: $0    "
    exit 1
fi

SNMP v3 with SHA authentication and AES privacy
SNMP_OPTS="-v3 -l authPriv -u ${USERNAME} -a SHA -A ${AUTH_PASS} -x AES -X ${PRIV_PASS}"

echo "=== SNMP v3 Device Monitor ==="
echo "Target: $TARGET_IP"
echo "User: $USERNAME"
echo ""

System information
echo "System Information:"
SYS_NAME=$(snmpget $SNMP_OPTS ${TARGET_IP} .1.3.6.1.2.1.1.5.0 2>/dev/null | cut -d'"' -f2)
SYS_DESCR=$(snmpget $SNMP_OPTS ${TARGET_IP} .1.3.6.1.2.1.1.1.0 2>/dev/null | cut -d'"' -f2)
UPTIME=$(snmpget $SNMP_OPTS ${TARGET_IP} .1.3.6.1.2.1.1.3.0 2>/dev/null | cut -d')' -f1 | cut -d'(' -f2)

echo "  Name: $SYS_NAME"
echo "  Description: $SYS_DESCR"
echo "  Uptime: $UPTIME"
echo ""

Interface statistics
echo "Interface Statistics:"
snmpwalk $SNMP_OPTS ${TARGET_IP} .1.3.6.1.2.1.2.2.1.2 2>/dev/null | head -5 | while read line; do
    INTERFACE=$(echo $line | cut -d'"' -f2)
    INDEX=$(echo $line | cut -d'.' -f2 | cut -d' ' -f1)
    
    # Get interface statistics
    IN_BYTES=$(snmpget $SNMP_OPTS ${TARGET_IP} .1.3.6.1.2.1.2.2.1.10.${INDEX} 2>/dev/null | awk '{print $NF}')
    OUT_BYTES=$(snmpget $SNMP_OPTS ${TARGET_IP} .1.3.6.1.2.1.2.2.1.16.${INDEX} 2>/dev/null | awk '{print $NF}')
    
    echo "  ${INTERFACE}: IN=${IN_BYTES} bytes, OUT=${OUT_BYTES} bytes"
done

sudo chmod +x /usr/local/bin/snmp-v3-monitor.sh

Start and enable SNMP daemon

Enable the SNMP daemon to start automatically and begin accepting monitoring requests.

sudo systemctl enable --now snmpd
sudo systemctl status snmpd

Configure firewall rules

Open the SNMP port for monitoring while restricting access to trusted networks only.

# Allow SNMP from monitoring network only
sudo ufw allow from 192.168.1.0/24 to any port 161
sudo ufw allow from 203.0.113.0/24 to any port 161
sudo ufw reload

# Allow SNMP from monitoring network only
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="udp" port="161" accept'
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="203.0.113.0/24" port protocol="udp" port="161" accept'
sudo firewall-cmd --reload

Security Note: Never open SNMP port 161 to the entire internet. Always restrict access to trusted monitoring networks and use SNMP v3 with encryption for sensitive environments.

Verify your setup

Test both SNMP v2c and v3 configurations to ensure vendor-specific monitoring is working correctly.

# Test SNMP v2c community access
snmpget -v2c -c monitoring_readonly localhost .1.3.6.1.2.1.1.1.0
snmpwalk -v2c -c monitoring_readonly localhost .1.3.6.1.2.1.1

# Test SNMP v3 authentication
snmpget -v3 -l authNoPriv -u monitor_user -a MD5 -A "StrongAuthPassword123!" localhost .1.3.6.1.2.1.1.1.0

# Test SNMP v3 with privacy encryption
snmpget -v3 -l authPriv -u secure_monitor -a SHA -A "MonitorAuthPass321!" -x AES -X "MonitorPrivPass654!" localhost .1.3.6.1.2.1.1.1.0

# Test vendor-specific monitoring scripts
/usr/local/bin/snmp-vendor-monitor.sh localhost monitoring_readonly 2c
/usr/local/bin/snmp-v3-monitor.sh localhost secure_monitor "MonitorAuthPass321!" "MonitorPrivPass654!"

# Check MIB loading and vendor OID resolution
snmptranslate -Td .1.3.6.1.4.1.9.9.109.1.1.1.1.8
snmpwalk -v2c -c monitoring_readonly localhost .1.3.6.1.4.1.9 | head -5

Integration with monitoring systems

Prometheus SNMP Exporter configuration

Configure the SNMP exporter to use your custom MIBs and vendor-specific OIDs. You can reference our Prometheus monitoring setup guide for the complete monitoring stack.

# SNMP Exporter configuration for vendor devices
global:
  scrape_timeout: 10s

modules:
  cisco_device:
    walk:
      - 1.3.6.1.2.1.1  # System information
      - 1.3.6.1.4.1.9.9.109.1.1.1.1.8  # CPU utilization
      - 1.3.6.1.4.1.9.9.48.1.1.1  # Memory pools
      - 1.3.6.1.2.1.2.2.1  # Interface statistics
    version: 3
    auth:
      username: secure_monitor
      password: MonitorAuthPass321!
      auth_protocol: SHA
      priv_protocol: AES
      priv_password: MonitorPrivPass654!
      security_level: authPriv
  
  dell_server:
    walk:
      - 1.3.6.1.2.1.1  # System information
      - 1.3.6.1.4.1.674.10892.1.700.20.1  # Temperature sensors
      - 1.3.6.1.4.1.674.10892.1.600.12.1  # Power supplies
      - 1.3.6.1.4.1.674.10892.1.700.12.1  # Fans
      - 1.3.6.1.4.1.674.10892.1.1100.20.1  # Virtual disks
    version: 2c
    community: monitoring_readonly

Create monitoring alerts

Set up alerting rules for vendor-specific metrics. This integrates well with Prometheus AlertManager for comprehensive notification handling.

groups:
  - name: cisco_alerts
    rules:
      - alert: CiscoCPUHigh
        expr: snmp_cisco_cpu_5min > 80
        for: 5m
        labels:
          severity: warning
          device_type: cisco
        annotations:
          summary: "Cisco device CPU utilization high"
          description: "CPU utilization is {{ $value }}% on device {{ $labels.instance }}"
      
      - alert: CiscoMemoryHigh
        expr: (snmp_cisco_memory_used / snmp_cisco_memory_total) * 100 > 85
        for: 5m
        labels:
          severity: critical
          device_type: cisco
        annotations:
          summary: "Cisco device memory utilization critical"
          description: "Memory utilization is {{ $value }}% on device {{ $labels.instance }}"
  
  - name: dell_alerts
    rules:
      - alert: DellTemperatureHigh
        expr: snmp_dell_temperature > 70
        for: 3m
        labels:
          severity: warning
          device_type: dell
        annotations:
          summary: "Dell server temperature high"
          description: "Temperature sensor reading {{ $value }}°C on server {{ $labels.instance }}"
      
      - alert: DellPowerSupplyFailure
        expr: snmp_dell_power_supply_status != 3
        for: 0m
        labels:
          severity: critical
          device_type: dell
        annotations:
          summary: "Dell server power supply failure"
          description: "Power supply status is {{ $value }} (not OK) on server {{ $labels.instance }}"

Common issues

Symptom	Cause	Fix
MIB file not found errors	Incorrect MIB path configuration	Check `mibdirs` setting in `/etc/snmp/snmp.conf` and verify file permissions
SNMP v3 authentication failures	Password length or special characters	Ensure passwords are at least 8 characters, escape special chars in shell scripts
OID returns "No Such Object"	Device doesn't support that MIB	Use `snmpwalk -v2c -c community device .1.3.6.1.4.1.vendor` to discover supported OIDs
Timeout errors from devices	Network connectivity or community strings	Test with `snmpget` and verify firewall rules on both client and device
Permission denied on MIB files	Incorrect file ownership	Use `sudo chown root:root /usr/share/snmp/mibs/vendor/*` and `sudo chmod 644`
SNMP daemon won't start	Configuration syntax errors	Check `sudo snmpd -f -Lo` for configuration validation errors

Next steps

Configure Prometheus alerting with AlertManager for automated notifications on vendor-specific metrics
Set up Prometheus monitoring stack to integrate SNMP metrics with your existing infrastructure
Create advanced Grafana dashboards for visualizing vendor-specific hardware metrics
Implement automated SNMP device discovery for large network environments
Set up SNMP trap monitoring for proactive alerting on hardware failures

Running this in production?

Need enterprise-grade monitoring? Setting up custom SNMP monitoring is straightforward. Keeping hundreds of devices monitored, MIBs updated, and alerts tuned across environments is the harder part. See how we run infrastructure like this for European teams.

Automated install script

Run this to automate the entire setup

install.sh

#!/usr/bin/env bash
set -euo pipefail

# Colors for output
readonly RED='\033[0;31m'
readonly GREEN='\033[0;32m'
readonly YELLOW='\033[1;33m'
readonly NC='\033[0m'

# Global variables
SNMP_CONFIG_DIR=""
VENDOR_MIB_DIR="/usr/share/snmp/mibs/vendor"
COMMUNITY_RO="${SNMP_COMMUNITY_RO:-monitoring_readonly}"
COMMUNITY_RW="${SNMP_COMMUNITY_RW:-config_readwrite}"
SYSTEM_LOCATION="${SNMP_LOCATION:-Data Center}"
SYSTEM_CONTACT="${SNMP_CONTACT:-admin@example.com}"
PKG_MGR=""
PKG_INSTALL=""

# Function to print colored output
log() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

# Usage information
usage() {
    echo "Usage: $0 [OPTIONS]"
    echo ""
    echo "Options:"
    echo "  -c COMMUNITY    Read-only community string (default: monitoring_readonly)"
    echo "  -w RW_COMMUNITY Read-write community string (default: config_readwrite)"
    echo "  -l LOCATION     System location (default: Data Center)"
    echo "  -e EMAIL        System contact email (default: admin@example.com)"
    echo "  -h              Show this help message"
    echo ""
    echo "Environment variables:"
    echo "  SNMP_COMMUNITY_RO   Read-only community string"
    echo "  SNMP_COMMUNITY_RW   Read-write community string"
    echo "  SNMP_LOCATION       System location"
    echo "  SNMP_CONTACT        System contact email"
}

# Parse command line arguments
while getopts "c:w:l:e:h" opt; do
    case $opt in
        c) COMMUNITY_RO="$OPTARG" ;;
        w) COMMUNITY_RW="$OPTARG" ;;
        l) SYSTEM_LOCATION="$OPTARG" ;;
        e) SYSTEM_CONTACT="$OPTARG" ;;
        h) usage; exit 0 ;;
        *) usage; exit 1 ;;
    esac
done

# Cleanup function for error handling
cleanup() {
    if [ $? -ne 0 ]; then
        error "Installation failed. Restoring original configuration..."
        if [ -f "/etc/snmp/snmpd.conf.backup" ]; then
            sudo cp /etc/snmp/snmpd.conf.backup /etc/snmp/snmpd.conf
        fi
        if systemctl is-enabled snmpd >/dev/null 2>&1; then
            sudo systemctl restart snmpd
        fi
    fi
}

trap cleanup ERR

# Check if running as root or with sudo
check_privileges() {
    if [ "$EUID" -ne 0 ] && ! sudo -n true 2>/dev/null; then
        error "This script requires root privileges or sudo access"
        exit 1
    fi
}

# Detect distribution and set package manager
detect_distro() {
    if [ -f /etc/os-release ]; then
        . /etc/os-release
        case "$ID" in
            ubuntu|debian)
                PKG_MGR="apt"
                PKG_INSTALL="apt install -y"
                SNMP_CONFIG_DIR="/etc/snmp"
                ;;
            almalinux|rocky|centos|rhel|ol|fedora)
                PKG_MGR="dnf"
                PKG_INSTALL="dnf install -y"
                SNMP_CONFIG_DIR="/etc/snmp"
                ;;
            amzn)
                PKG_MGR="yum"
                PKG_INSTALL="yum install -y"
                SNMP_CONFIG_DIR="/etc/snmp"
                ;;
            *)
                error "Unsupported distribution: $ID"
                exit 1
                ;;
        esac
    else
        error "Cannot detect distribution. /etc/os-release not found."
        exit 1
    fi
}

# Install SNMP packages
install_snmp_packages() {
    log "Installing SNMP packages..."
    
    if [ "$PKG_MGR" = "apt" ]; then
        sudo apt update
        sudo $PKG_INSTALL snmp snmpd snmp-mibs-downloader libsnmp-dev
        sudo download-mibs >/dev/null 2>&1 || warn "Failed to download standard MIBs"
    else
        sudo $PKG_INSTALL net-snmp net-snmp-utils net-snmp-devel
        if ! rpm -q epel-release >/dev/null 2>&1; then
            sudo $PKG_INSTALL epel-release
        fi
        sudo $PKG_INSTALL net-snmp-perl
    fi
}

# Create directory structure
setup_directories() {
    log "Setting up MIB directory structure..."
    
    sudo mkdir -p "$VENDOR_MIB_DIR"/{cisco,dell,hp}
    sudo mkdir -p "$SNMP_CONFIG_DIR/mibs"
    
    sudo chown -R root:root "$VENDOR_MIB_DIR"
    sudo chmod 755 "$VENDOR_MIB_DIR"
    sudo chmod 755 "$VENDOR_MIB_DIR"/*
}

# Configure SNMP daemon
configure_snmpd() {
    log "Configuring SNMP daemon..."
    
    # Backup original configuration
    if [ -f "$SNMP_CONFIG_DIR/snmpd.conf" ]; then
        sudo cp "$SNMP_CONFIG_DIR/snmpd.conf" "$SNMP_CONFIG_DIR/snmpd.conf.backup"
    fi
    
    # Create new configuration
    sudo tee "$SNMP_CONFIG_DIR/snmpd.conf" > /dev/null <<EOF
# MIB Configuration
mibs +ALL
mibdirs /usr/share/snmp/mibs:$VENDOR_MIB_DIR:/etc/snmp/mibs

# System Information
sysLocation "$SYSTEM_LOCATION"
sysContact "$SYSTEM_CONTACT"
sysServices 72

# Agent Configuration
agentAddress udp:161,udp6:[::1]:161

# SNMP v2c Communities
rocommunity $COMMUNITY_RO default
rwcommunity $COMMUNITY_RW localhost

# Monitoring Configuration
disk / 10000
load 12 14 14
proc sshd
proc snmpd

# Security
dontLogTCPWrappersConnects yes
logTimestamp yes

# Views
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view all included .1 80

# Access Control
com2sec notConfigUser default public
com2sec configUser localhost $COMMUNITY_RW
com2sec readUser default $COMMUNITY_RO

group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
group configGroup v2c configUser
group readGroup v2c readUser

access notConfigGroup "" any noauth exact systemonly none none
access configGroup "" any noauth exact all all none
access readGroup "" any noauth exact all none none
EOF
    
    sudo chown root:root "$SNMP_CONFIG_DIR/snmpd.conf"
    sudo chmod 644 "$SNMP_CONFIG_DIR/snmpd.conf"
}

# Configure SNMP v3 users
configure_snmpv3() {
    log "Configuring SNMP v3 users..."
    
    sudo systemctl stop snmpd 2>/dev/null || true
    
    # Add v3 users to configuration
    sudo tee -a "$SNMP_CONFIG_DIR/snmpd.conf" > /dev/null <<EOF

# SNMP v3 Configuration
createUser monitor_user MD5 "StrongAuthPassword123!"
createUser admin_user SHA "StrongAuthPassword456!" AES "StrongPrivPassword789!"
createUser secure_monitor SHA "MonitorAuthPass321!" AES "MonitorPrivPass654!"

rouser monitor_user
rwuser admin_user
rouser secure_monitor
EOF
}

# Configure firewall
configure_firewall() {
    log "Configuring firewall for SNMP..."
    
    if command -v ufw >/dev/null 2>&1 && ufw status | grep -q "Status: active"; then
        sudo ufw allow 161/udp comment "SNMP"
    elif command -v firewall-cmd >/dev/null 2>&1 && systemctl is-active firewalld >/dev/null 2>&1; then
        sudo firewall-cmd --permanent --add-port=161/udp
        sudo firewall-cmd --reload
    fi
}

# Start and enable services
start_services() {
    log "Starting and enabling SNMP services..."
    
    sudo systemctl enable snmpd
    sudo systemctl start snmpd
}

# Verify installation
verify_installation() {
    log "Verifying SNMP configuration..."
    
    # Test SNMP daemon is running
    if ! systemctl is-active snmpd >/dev/null 2>&1; then
        error "SNMP daemon is not running"
        return 1
    fi
    
    # Test SNMP query
    if ! snmpget -v2c -c "$COMMUNITY_RO" localhost 1.3.6.1.2.1.1.1.0 >/dev/null 2>&1; then
        warn "SNMP query test failed - check community string"
    fi
    
    # Check MIB directories
    if [ ! -d "$VENDOR_MIB_DIR" ]; then
        error "Vendor MIB directory not created"
        return 1
    fi
    
    log "SNMP configuration completed successfully"
    log "Read-only community: $COMMUNITY_RO"
    log "Read-write community: $COMMUNITY_RW"
    log "Vendor MIB directory: $VENDOR_MIB_DIR"
}

# Main installation function
main() {
    echo "[1/9] Checking prerequisites..."
    check_privileges
    
    echo "[2/9] Detecting distribution..."
    detect_distro
    log "Detected: $ID"
    
    echo "[3/9] Installing SNMP packages..."
    install_snmp_packages
    
    echo "[4/9] Setting up directories..."
    setup_directories
    
    echo "[5/9] Configuring SNMP daemon..."
    configure_snmpd
    
    echo "[6/9] Configuring SNMP v3..."
    configure_snmpv3
    
    echo "[7/9] Configuring firewall..."
    configure_firewall
    
    echo "[8/9] Starting services..."
    start_services
    
    echo "[9/9] Verifying installation..."
    verify_installation
    
    log "SNMP custom MIB configuration complete!"
    log "Place vendor MIB files in: $VENDOR_MIB_DIR/<vendor>/"
    log "Restart snmpd after adding new MIBs: sudo systemctl restart snmpd"
}

main "$@"

Review the script before running. Execute with: bash install.sh

#SNMP #MIB #network monitoring #vendor specific #SNMP v3

Configure custom SNMP MIBs for vendor-specific monitoring with SNMP v2c and v3

Prerequisites

What this solves

Step-by-step installation

Install SNMP daemon and utilities

Configure MIB search paths

Disable MIB warnings for unknown objects

Download and install vendor MIB files

Set proper permissions

Configure SNMP v2c community strings

Read-only community for monitoring

Read-write community for configuration (use sparingly)

System information

Agent address and port

Disable default public community

rocommunity public default

Disk and load monitoring

Process monitoring

Configure SNMP v3 users and authentication

SNMP v3 User configuration

Auth protocol: MD5 or SHA

Privacy protocol: DES or AES

Read-only user with authentication only

Read-write user with authentication and privacy

Read-only user with both auth and privacy

Security model configuration

Configure vendor-specific OID monitoring templates

CPU utilization (5-minute average)

Interface specific metrics

Dell PowerEdge server monitoring

Temperature sensors

Power supply status

Fan status

RAID controller status

Create monitoring scripts for custom metrics

SNMP vendor monitoring script

Usage: ./snmp-vendor-monitor.sh

Determine device type and check appropriate metrics

Configure SNMP v3 authentication script

SNMP v3 monitoring script with authentication and privacy

Usage: ./snmp-v3-monitor.sh

SNMP v3 with SHA authentication and AES privacy

System information

Interface statistics

Start and enable SNMP daemon

Configure firewall rules

Verify your setup

Integration with monitoring systems

Prometheus SNMP Exporter configuration

Create monitoring alerts

Common issues

Next steps

Running this in production?

Related tutorials

Setup Node.js error tracking with Sentry for production monitoring and debugging

Implement Node.js application monitoring with Prometheus metrics and Grafana dashboards

Configure NTP monitoring with Grafana dashboards and Prometheus alerting

Don't want to manage this yourself?