Today I went through the process of scripting the configuration of SNMP configurations for multiple OS/devices. The reason for this is that there has never been a formality or standardisation of this and sometimes we tend to forget this and or that. So, in case you would also like to script it, here is what we use.
The defaults:
sysLocation:
For this, you could either use “3rd floor, of some office” or, if you are a global company, with monitoring system that makes use of the GoogleMaps API (e.g. Observium) and would like to show various location globally – use a google API name – e.g. London, UK or Cape Town, South Africa etc.
sysContact:
This could be a name or an email address or telephone number
Community:
Something that is configured on your server and on your device/workstation/server that allows communications. There is also a permission set that will get applied to this.
target:
This is the place you are sending information to
port:
This is by default, 161/UDP, unless you change it.
Setting SNMP for ESXi Hosts:
Single Host (Locally on the host):
Log in to the esxi host you want to configure and run the following:
Tested on esxi 5.1, 5.5 and 6.0
esxcli system snmp set -c community -C "syscontact" -L "syslocation" -t "target@161/community" /etc/init.d/snmpd restart
Single Host (powerCLI):
Login via vSphere PowerCLI and run the below
#Set SNMP variables $community = "community" $syslocation = "syslocation" $syscontact = "syscontact" $systarget = "target_ip_or_fqdn@161/community" $root_password = "root password" $esxHost = "ip_or_fqdn_of_esxi_host" #Begin Script Connect-VIServer $esxHost -User root -Password $root_password $esxcli = Get-EsxCli -VMhost $esxHost $esxcli.system.snmp.set($null,$community,"true",$null,$null,$null,$null,$null,$null,$null,$null,$null,$syscontact,$syslocation,$systarget) $esxcli.system.snmp.get() $snmpd = Get-VMHostService -Vmhost $esxHost | where {$_.Key -eq "snmpd"} Restart-VMHostService $snmpd -confirm:$false Disconnect-VIServer $esxHost -Confirm:$false
Multiple Hosts (powerCLI):
Login via vSphere PowerCLI and run the below. Be sure to change “hostname1.example.com”,”hostname2.example.com” to your own host names. As this is an array, the format is: “”,””,”” until you have added all your hostnames.
#Set SNMP variables $community = "community" $syslocation = "syslocation" $syscontact = "syscontact" $systarget = "target_ip_or_fqdn@161/community" $root_password = "root password" #Servers to configure $esxHosts = "hostname.example.com","hostname2.example.com" #"keep","adding","more","to","the","array" #Begin Script - Log on to each host and configure Foreach ($esxHost in $esxHosts) { Connect-VIServer $esxHost -user root -password $root_password $esxcli = Get-EsxCli -VMhost $esxhost $esxcli.system.snmp.set($null,$community,"true",$null,$null,$null,$null,$null,$null,$null,$null,$null,$syscontact,$syslocation,$systarget) $esxcli.system.snmp.get() $snmpd = Get-VMHostService -Vmhost $esxHost | where {$_.Key -eq "snmpd"} Restart-VMHostService $snmpd -confirm:$false } Disconnect-VIServer * -Confirm:$false
Windows Devices:
Tested on Server 2008, 2008R2, 2012, 2012R2. You also need to make sure you have installed the SNMP service via the server manager.
#Set SNMP variables $community = "community" $syslocation = "syslocation" $syscontact = "syscontact" $systarget = "target_ip_or_fqdn@161/community" $sysServices = "79" #enables Physical Service, Applications Service, Datalink and subnetwork Service, Internet Service, End to End Service #Choose from the following permissions for the community. Be sure to change the corresponding $variable on the last line of this script. $readonly = "4" #$none = "1" #$notify = "2" #$readwrite = "8" #$readcreate = "16" #Begin Script #If you would like to remove all previous communities, uncomment the next line, otherwise, the line following that will simply add to the list of communities. #reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities" reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities" /v $community /t REG_DWORD /d $readonly /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" /v sysLocation /t REG_SZ /d $sysLocation /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" /v sysContact /t REG_SZ /d $sysContact /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers" /v 1 /t REG_SZ /d $target /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" /v sysServices /t REG_DWORD /d $sysServices /f net stop snmp net start snmp
Cisco Devices
Cisco 3750 / 3850
snmp-server community community RO SNMP snmp-server trap-source VlanID snmp-server contact syscontact snmp-server location syslocation ip access-list standard SNMP permit IP_ADDRESS deny any log
Cisco Nexus
snmp-server community community use-acl snmp-server source-interface VlanID snmp-server contact syscontact snmp-server location syslocation ip access-list standard SNMP permit IP_ADDRESS deny any log
Cisco ASA
The second community listed in line 4 is the actual community string.
snmp-server community 0 community snmp-server contact syscontact snmp-server location syslocation snmp-server host inside IP_ADDRESS community community version 2c snmp-server enable traps snmp authentication linkup linkdown coldstart