Learn how to install and configure SNMP daemon for network interface monitoring, implement basic traffic analysis with automated alerting, and create monitoring scripts with cron jobs for continuous network performance tracking.
Prerequisites
- Root or sudo access
- Basic Linux command line knowledge
- Network interface configured
- Email server for alerts (optional)
What this solves
SNMP (Simple Network Management Protocol) monitoring allows you to track network interface statistics, bandwidth usage, and traffic patterns on your Linux servers. This tutorial sets up SNMP daemon with secure community strings, implements basic traffic analysis tools, and creates automated monitoring scripts with alerting capabilities.
Step-by-step installation
Update system packages
Start by updating your package manager to ensure you get the latest SNMP packages.
sudo apt update && sudo apt upgrade -yInstall SNMP daemon and utilities
Install the SNMP daemon (snmpd) and client utilities for monitoring and testing.
sudo apt install -y snmp snmp-mibs-downloader snmpdConfigure SNMP daemon
Create a secure SNMP configuration with community strings and access controls. Replace the default configuration with production-ready settings.
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup# SNMP v2c configuration
Listen on all interfaces
agentAddress udp:161,udp6:[::1]:161
System information
sysLocation Server Room A
sysContact admin@example.com
sysServices 72
Community strings (change these in production)
rocommunity public localhost
rocommunity monitoring 192.168.1.0/24
rwcommunity private localhost
Security settings
dontLogTCPWrappersConnects yes
Process monitoring
proc sshd
proc snmpd
Disk monitoring (80% threshold)
disk / 10000
Load monitoring (1, 5, 15 minute averages)
load 12 14 14
Interface monitoring - enable all interfaces
includeAllDisks 10%
Extend functionality for custom scripts
extend interface-stats /usr/local/bin/interface-stats.sh
extend bandwidth-check /usr/local/bin/bandwidth-check.shConfigure MIB access
Enable MIB (Management Information Base) files for human-readable OID names.
sudo sed -i 's/mibs :/# mibs :/' /etc/snmp/snmp.confSet correct permissions and ownership
Secure the SNMP configuration files with proper ownership and permissions.
sudo chown root:root /etc/snmp/snmpd.conf
sudo chmod 640 /etc/snmp/snmpd.conf
sudo chown snmp:snmp /var/lib/snmp/
sudo chmod 755 /var/lib/snmp/Never use chmod 777. SNMP configuration files contain sensitive community strings. Use minimal permissions (640) to protect authentication credentials.
Configure firewall rules
Open SNMP port 161 for monitoring access from specific networks.
sudo ufw allow from 192.168.1.0/24 to any port 161
sudo ufw reloadEnable and start SNMP daemon
Enable SNMP daemon to start automatically on boot and start the service.
sudo systemctl enable snmpd
sudo systemctl start snmpd
sudo systemctl status snmpdCreate network interface monitoring script
Create a custom script to monitor network interface statistics and traffic patterns.
sudo mkdir -p /usr/local/bin
sudo chmod 755 /usr/local/bin#!/bin/bash
Network interface statistics monitoring script
Usage: ./interface-stats.sh [interface]
INTERFACE=${1:-eth0}
COMMUNITY="public"
HOST="localhost"
Get interface statistics via SNMP
echo "=== Interface Statistics for $INTERFACE ==="
echo "Interface Name: $(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.2.2 2>/dev/null | cut -d: -f4 | tr -d ' ')"
echo "Interface Status: $(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.8.2 2>/dev/null | cut -d: -f4 | tr -d ' ')"
echo "Interface Speed: $(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.5.2 2>/dev/null | cut -d: -f4 | tr -d ' ') bps"
Traffic counters
IN_OCTETS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.10.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
OUT_OCTETS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.16.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
echo "Bytes In: $IN_OCTETS"
echo "Bytes Out: $OUT_OCTETS"
Packet counters
IN_PACKETS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.11.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
OUT_PACKETS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.17.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
echo "Packets In: $IN_PACKETS"
echo "Packets Out: $OUT_PACKETS"
Error counters
IN_ERRORS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.14.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
OUT_ERRORS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.20.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
echo "Errors In: $IN_ERRORS"
echo "Errors Out: $OUT_ERRORS"sudo chmod 755 /usr/local/bin/interface-stats.shCreate bandwidth monitoring script
Create a script to calculate bandwidth utilization and generate alerts for high usage.
#!/bin/bash
Bandwidth monitoring and alerting script
Monitors interface utilization and sends alerts
INTERFACE="2" # Interface index (2 = eth0 typically)
COMMUNITY="public"
HOST="localhost"
THRESHOLD=80 # Alert threshold in percentage
LOG_FILE="/var/log/bandwidth-monitor.log"
EMAIL="admin@example.com"
Create log file if it doesn't exist
sudo touch $LOG_FILE
sudo chown snmp:snmp $LOG_FILE
Function to log with timestamp
log_message() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE
}
Get interface speed (in bps)
SPEED=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.5.$INTERFACE 2>/dev/null | cut -d: -f4 | tr -d ' ')
if [ -z "$SPEED" ] || [ "$SPEED" = "0" ]; then
SPEED=1000000000 # Default to 1Gbps if unable to detect
fi
Get current traffic counters
IN_OCTETS1=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.10.$INTERFACE 2>/dev/null | cut -d: -f4 | tr -d ' ')
OUT_OCTETS1=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.16.$INTERFACE 2>/dev/null | cut -d: -f4 | tr -d ' ')
Wait 10 seconds
sleep 10
Get traffic counters again
IN_OCTETS2=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.10.$INTERFACE 2>/dev/null | cut -d: -f4 | tr -d ' ')
OUT_OCTETS2=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.16.$INTERFACE 2>/dev/null | cut -d: -f4 | tr -d ' ')
Calculate bandwidth utilization
IN_RATE=$(( (IN_OCTETS2 - IN_OCTETS1) * 8 / 10 )) # bits per second
OUT_RATE=$(( (OUT_OCTETS2 - OUT_OCTETS1) * 8 / 10 ))
IN_PERCENT=$(( IN_RATE * 100 / SPEED ))
OUT_PERCENT=$(( OUT_RATE * 100 / SPEED ))
Log current utilization
log_message "Bandwidth Utilization - In: ${IN_PERCENT}%, Out: ${OUT_PERCENT}%"
Check thresholds and alert
if [ $IN_PERCENT -gt $THRESHOLD ] || [ $OUT_PERCENT -gt $THRESHOLD ]; then
ALERT_MSG="HIGH BANDWIDTH USAGE ALERT - In: ${IN_PERCENT}%, Out: ${OUT_PERCENT}% on interface $INTERFACE"
log_message "$ALERT_MSG"
echo "$ALERT_MSG" | mail -s "Bandwidth Alert - $(hostname)" $EMAIL 2>/dev/null || true
fi
Output for SNMP extend
echo "In: ${IN_PERCENT}% Out: ${OUT_PERCENT}%"sudo chmod 755 /usr/local/bin/bandwidth-check.shSet up automated monitoring with cron
Create cron jobs to run monitoring scripts at regular intervals and generate periodic reports.
sudo crontab -e# Run bandwidth check every 5 minutes
/5 * /usr/local/bin/bandwidth-check.sh >> /var/log/cron-bandwidth.log 2>&1
Generate daily interface statistics report
0 6 * /usr/local/bin/interface-stats.sh eth0 >> /var/log/daily-interface-stats.log 2>&1
Weekly log rotation for monitoring logs
0 0 0 find /var/log/ -name "bandwidth" -type f -mtime +7 -deleteInstall mail utility for alerts
Install mailutils to enable email notifications from monitoring scripts.
sudo apt install -y mailutilsMonitor network interfaces with SNMP commands
Test SNMP connectivity
Verify that SNMP daemon is responding to queries and returning system information.
snmpget -v2c -c public localhost 1.3.6.1.2.1.1.1.0
snmpget -v2c -c public localhost 1.3.6.1.2.1.1.3.0List all network interfaces
Use snmpwalk to enumerate all network interfaces available on the system.
snmpwalk -v2c -c public localhost 1.3.6.1.2.1.2.2.1.2Monitor interface traffic statistics
Query specific interface counters for traffic analysis and performance monitoring.
# Get interface statistics for eth0 (interface index 2)
echo "Interface Name:"
snmpget -v2c -c public localhost 1.3.6.1.2.1.2.2.1.2.2
echo "Interface Status (1=up, 2=down):"
snmpget -v2c -c public localhost 1.3.6.1.2.1.2.2.1.8.2
echo "Bytes In:"
snmpget -v2c -c public localhost 1.3.6.1.2.1.2.2.1.10.2
echo "Bytes Out:"
snmpget -v2c -c public localhost 1.3.6.1.2.1.2.2.1.16.2
echo "Interface Speed:"
snmpget -v2c -c public localhost 1.3.6.1.2.1.2.2.1.5.2Monitor system resources
Query system load, memory usage, and disk space through SNMP.
# System load averages
echo "Load Averages:"
snmpwalk -v2c -c public localhost 1.3.6.1.4.1.2021.10.1.3
Memory usage
echo "Memory Usage:"
snmpget -v2c -c public localhost 1.3.6.1.4.1.2021.4.5.0 # Total RAM
snmpget -v2c -c public localhost 1.3.6.1.4.1.2021.4.6.0 # Available RAM
Disk usage
echo "Disk Usage:"
snmpwalk -v2c -c public localhost 1.3.6.1.4.1.2021.9.1.9Verify your setup
# Check SNMP daemon status
sudo systemctl status snmpd
Test SNMP queries
snmpget -v2c -c public localhost 1.3.6.1.2.1.1.1.0
Run interface monitoring script
/usr/local/bin/interface-stats.sh
Test bandwidth monitoring
/usr/local/bin/bandwidth-check.sh
Check monitoring logs
sudo tail -f /var/log/bandwidth-monitor.log
Verify cron jobs are scheduled
sudo crontab -l
Check firewall rules
sudo ufw status numbered # Ubuntu/Debian
sudo firewall-cmd --list-all # AlmaLinux/Rocky/FedoraCommon issues
| Symptom | Cause | Fix |
|---|---|---|
| SNMP queries timeout | Firewall blocking port 161 | sudo ufw allow 161/udp or check firewall-cmd rules |
| Permission denied on MIB files | Incorrect snmp user permissions | sudo chown -R snmp:snmp /usr/share/snmp/mibs |
| Community string rejected | Wrong community configuration | Check /etc/snmp/snmpd.conf community settings |
| Interface index not found | Interface number changed | Run snmpwalk -v2c -c public localhost 1.3.6.1.2.1.2.2.1.2 to list interfaces |
| Scripts not executable | Missing execute permissions | sudo chmod 755 /usr/local/bin/*.sh |
| Mail alerts not working | Mail system not configured | Install and configure postfix or sendmail |
| High CPU usage from snmpd | Too frequent polling | Increase cron intervals and optimize OID queries |
Next steps
Automated install script
Run this to automate the entire setup
install.sh
#!/usr/bin/env bash
set -euo pipefail
# SNMP Network Interface Monitoring Setup Script
# Configures SNMP daemon with secure settings and monitoring tools
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Variables
MONITORING_NETWORK="${1:-192.168.1.0/24}"
ADMIN_EMAIL="${2:-admin@example.com}"
COMMUNITY_RO="${3:-monitoring}"
# Cleanup function
cleanup() {
echo -e "${RED}[ERROR] Installation failed. Rolling back changes...${NC}"
if [[ -f /etc/snmp/snmpd.conf.backup ]]; then
mv /etc/snmp/snmpd.conf.backup /etc/snmp/snmpd.conf 2>/dev/null || true
fi
systemctl stop snmpd 2>/dev/null || true
systemctl disable snmpd 2>/dev/null || true
}
trap cleanup ERR
usage() {
echo "Usage: $0 [monitoring_network] [admin_email] [ro_community]"
echo "Example: $0 192.168.1.0/24 admin@company.com monitoring"
exit 1
}
# Check if running as root
if [[ $EUID -ne 0 ]]; then
echo -e "${RED}This script must be run as root${NC}"
exit 1
fi
# Auto-detect distribution
if [[ -f /etc/os-release ]]; then
. /etc/os-release
case "$ID" in
ubuntu|debian)
PKG_MGR="apt"
PKG_INSTALL="apt install -y"
PKG_UPDATE="apt update && apt upgrade -y"
FIREWALL_CMD="ufw"
SNMP_PACKAGES="snmp snmp-mibs-downloader snmpd"
SNMP_CONF_CMD="sed -i 's/mibs :/# mibs :/' /etc/snmp/snmp.conf"
;;
almalinux|rocky|centos|rhel|ol)
PKG_MGR="dnf"
PKG_INSTALL="dnf install -y"
PKG_UPDATE="dnf update -y"
FIREWALL_CMD="firewall-cmd"
SNMP_PACKAGES="net-snmp net-snmp-utils net-snmp-devel"
SNMP_CONF_CMD="echo '# MIBs enabled' > /etc/snmp/snmp.conf"
;;
fedora)
PKG_MGR="dnf"
PKG_INSTALL="dnf install -y"
PKG_UPDATE="dnf update -y"
FIREWALL_CMD="firewall-cmd"
SNMP_PACKAGES="net-snmp net-snmp-utils net-snmp-devel"
SNMP_CONF_CMD="echo '# MIBs enabled' > /etc/snmp/snmp.conf"
;;
amzn)
PKG_MGR="yum"
PKG_INSTALL="yum install -y"
PKG_UPDATE="yum update -y"
FIREWALL_CMD="firewall-cmd"
SNMP_PACKAGES="net-snmp net-snmp-utils net-snmp-devel"
SNMP_CONF_CMD="echo '# MIBs enabled' > /etc/snmp/snmp.conf"
;;
*)
echo -e "${RED}Unsupported distribution: $ID${NC}"
exit 1
;;
esac
else
echo -e "${RED}Cannot detect distribution. /etc/os-release not found.${NC}"
exit 1
fi
echo -e "${GREEN}Starting SNMP Network Interface Monitoring Setup${NC}"
echo "Distribution: $PRETTY_NAME"
echo "Monitoring Network: $MONITORING_NETWORK"
echo "Admin Email: $ADMIN_EMAIL"
echo ""
# Step 1: Update system packages
echo -e "${YELLOW}[1/8] Updating system packages...${NC}"
$PKG_UPDATE > /dev/null 2>&1
# Step 2: Install SNMP packages
echo -e "${YELLOW}[2/8] Installing SNMP daemon and utilities...${NC}"
$PKG_INSTALL $SNMP_PACKAGES > /dev/null 2>&1
# Step 3: Backup original configuration
echo -e "${YELLOW}[3/8] Creating configuration backup...${NC}"
if [[ -f /etc/snmp/snmpd.conf ]]; then
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup
fi
# Step 4: Configure SNMP daemon
echo -e "${YELLOW}[4/8] Configuring SNMP daemon...${NC}"
cat > /etc/snmp/snmpd.conf << EOF
# SNMP v2c configuration
agentAddress udp:161,udp6:[::1]:161
# System information
sysLocation Server Room A
sysContact $ADMIN_EMAIL
sysServices 72
# Community strings
rocommunity public localhost
rocommunity $COMMUNITY_RO $MONITORING_NETWORK
rwcommunity private localhost
# Security settings
dontLogTCPWrappersConnects yes
# Process monitoring
proc sshd
proc snmpd
# Disk monitoring (80% threshold)
disk / 10000
# Load monitoring (1, 5, 15 minute averages)
load 12 14 14
# Interface monitoring
includeAllDisks 10%
# Extended functionality
extend interface-stats /usr/local/bin/interface-stats.sh
extend bandwidth-check /usr/local/bin/bandwidth-check.sh
EOF
# Step 5: Configure MIB access
echo -e "${YELLOW}[5/8] Configuring MIB access...${NC}"
eval $SNMP_CONF_CMD
# Step 6: Set proper permissions
echo -e "${YELLOW}[6/8] Setting file permissions...${NC}"
chown root:root /etc/snmp/snmpd.conf
chmod 640 /etc/snmp/snmpd.conf
mkdir -p /var/lib/snmp
chown snmp:snmp /var/lib/snmp 2>/dev/null || chown root:root /var/lib/snmp
chmod 755 /var/lib/snmp
# Step 7: Create monitoring scripts
echo -e "${YELLOW}[7/8] Creating monitoring scripts...${NC}"
mkdir -p /usr/local/bin
# Interface stats script
cat > /usr/local/bin/interface-stats.sh << 'EOF'
#!/bin/bash
# Network interface statistics monitoring script
INTERFACE=${1:-eth0}
COMMUNITY="public"
HOST="localhost"
echo "=== Interface Statistics for $INTERFACE ==="
echo "Interface Name: $(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.2.2 2>/dev/null | cut -d: -f4 | tr -d ' ')"
echo "Interface Status: $(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.8.2 2>/dev/null | cut -d: -f4 | tr -d ' ')"
echo "Interface Speed: $(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.5.2 2>/dev/null | cut -d: -f4 | tr -d ' ') bps"
# Traffic counters
IN_OCTETS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.10.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
OUT_OCTETS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.16.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
echo "Bytes In: $IN_OCTETS"
echo "Bytes Out: $OUT_OCTETS"
EOF
# Bandwidth check script
cat > /usr/local/bin/bandwidth-check.sh << 'EOF'
#!/bin/bash
# Basic bandwidth monitoring script
INTERFACE=${1:-eth0}
THRESHOLD_MB=${2:-100}
COMMUNITY="public"
HOST="localhost"
# Get current counters
IN_OCTETS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.10.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
OUT_OCTETS=$(snmpget -v2c -c $COMMUNITY $HOST 1.3.6.1.2.1.2.2.1.16.2 2>/dev/null | cut -d: -f4 | tr -d ' ')
if [[ -n "$IN_OCTETS" && -n "$OUT_OCTETS" ]]; then
TOTAL_MB=$((($IN_OCTETS + $OUT_OCTETS) / 1048576))
echo "Current bandwidth usage: ${TOTAL_MB}MB"
if [[ $TOTAL_MB -gt $THRESHOLD_MB ]]; then
echo "WARNING: Bandwidth usage exceeds threshold of ${THRESHOLD_MB}MB"
exit 1
fi
else
echo "ERROR: Could not retrieve SNMP data"
exit 1
fi
EOF
chmod 755 /usr/local/bin/interface-stats.sh
chmod 755 /usr/local/bin/bandwidth-check.sh
# Configure firewall
echo -e "${YELLOW}[8/8] Configuring firewall and starting services...${NC}"
case "$FIREWALL_CMD" in
ufw)
if command -v ufw > /dev/null 2>&1; then
ufw allow from $MONITORING_NETWORK to any port 161 > /dev/null 2>&1 || true
ufw --force reload > /dev/null 2>&1 || true
fi
;;
firewall-cmd)
if command -v firewall-cmd > /dev/null 2>&1; then
firewall-cmd --permanent --add-rich-rule="rule family=\"ipv4\" source address=\"$MONITORING_NETWORK\" port protocol=\"udp\" port=\"161\" accept" > /dev/null 2>&1 || true
firewall-cmd --reload > /dev/null 2>&1 || true
fi
;;
esac
# Enable and start SNMP daemon
systemctl enable snmpd
systemctl start snmpd
# Verify installation
echo -e "${GREEN}Installation completed successfully!${NC}"
echo ""
echo "Verification:"
if systemctl is-active --quiet snmpd; then
echo -e "✓ ${GREEN}SNMP daemon is running${NC}"
else
echo -e "✗ ${RED}SNMP daemon is not running${NC}"
fi
if snmpget -v2c -c public localhost 1.3.6.1.2.1.1.1.0 > /dev/null 2>&1; then
echo -e "✓ ${GREEN}SNMP queries working${NC}"
else
echo -e "✗ ${RED}SNMP queries not working${NC}"
fi
echo ""
echo "Configuration summary:"
echo "- Read-only community: $COMMUNITY_RO"
echo "- Monitoring network: $MONITORING_NETWORK"
echo "- Scripts location: /usr/local/bin/"
echo ""
echo "Test with: snmpwalk -v2c -c $COMMUNITY_RO localhost 1.3.6.1.2.1.2.2.1.2"Review the script before running. Execute with: bash install.sh
#snmp
#network monitoring
#bandwidth monitoring
#traffic analysis
#network interfaces