= SNMP and LibreNMS = In the first part of this Hands-On you will install and learn some basic SNMP commands. Then you will Install LibreNMS and Configure the Network Management System == SNMP == === Installing client (manager) tools === Start by installing the net-snmp tools: {{{ $ sudo apt-get install snmp $ sudo apt-get install snmp-mibs-downloader }}} The second of the two commands downloads the standard IETF and IANA SNMP MIBs which are not included by default. '''Note''': to find snmp-mibs-downloader, you must enable the “multiverse” source in your APT configuration. This has already been done for you in this workshop. Now, edit the file /etc/snmp/snmp.conf: {{{ $ sudo vi /etc/snmp/snmp.conf }}} Change this line: {{{ mibs : }}} ... so that it looks like: {{{ # mibs : }}} (You are “commenting out” the empty mibs statement, which was telling the snmp* tools not to automatically load the mibs in the /usr/share/mibs/ directory) Now, in your home directory make a .snmp directory with file snmp.conf inside it, make it readable only be you, and add the credentials to it: {{{ $ cd $ mkdir .snmp $ chmod 700 .snmp/ $ vi .snmp/snmp.conf }}} Put the following contents in the file: {{{ defVersion v2c defCommunity NetManage }}} Creating this configuration file means you won't have to enter your snmp community everytime you use one of the SNMP utilities. === Configure SNMP on Your Router (Already done) === '''Note''': If you are using a cisco router this is the way to enable snmp on the device. In this lab this part is already done. Connect to your router: {{{ rtrN> enable Password: <> rtrN# configure terminal (conf t) }}} Now we need to add an Access Control List rule for SNMP access, turn on SNMP, assign a read-only SNMP community string as well as a SNMPv3 group and user and tell the router to maintain SNMP information across reboots. To do this we do: {{{ rtrN(config)# access-list 60 permit 192.248.0.0 0.0.0.255 rtrN(config)# snmp-server community NetManage ro 60 }}} Now let's exit and save this new configuration to the routers permanent config. {{{ rtrN(config)# exit rtrN# write memory (wr mem) rtrN# exit (until you return to your pc) }}} === Testing SNMP === To check that your SNMP installation works, run the snmpstatus command on each of the following devices {{{ $ snmpstatus }}} Where is each of the following: {{{ * LEARN Router: 192.248.1.1 * Lab Switch : }}} What happens if you try using the wrong community string (i.e. change NetManage to something else) using the options "'''-c NetWrong'''”? === SNMP Walk and OIDs === Now, you are going to use the snmpwalk command, part of the SNMP toolkit, to list the tables associated with the OIDs listed below, on each piece of equipment you tried above: {{{ .1.3.6.1.2.1.2.2.1.2 .1.3.6.1.2.1.31.1.1.1.18 .1.3.6.1.4.1.9.9.13.1 .1.3.6.1.2.1.25.2.3.1 .1.3.6.1.2.1.25.4.2.1 }}} You will try this with two forms of the snmpwalk command: {{{ $ snmpwalk }}} and {{{ $ snmpwalk -On }}} ... where OID is one of the OIDs listed above: .1.3.6... ...where IP_ADDRESS can be your group's router... '''Note''': the -On option turns on numerical output, i.e.: no translation of the OID <-> MIB object takes place. For these OIDs: a) Do all the devices answer ? b) Do you notice anything important about the OID on the output ? === Configuration of snmpd on your PC === For this exercise your group needs to verify that the snmpd service is running and responding to queries for all machines in your group. First enable snmpd on your machine, then test if your machine is responding, then check each machine of your other group members. Install the SNMP agent (daemon) {{{ $ sudo apt-get install snmpd $ sudo apt-get install libsnmp-dev }}} ==== Configuration ==== We will make a backup of the distributed config, and then we will create our own: {{{ $ cd /etc/snmp $ sudo mv snmpd.conf snmpd.conf.dist $ sudo vi snmpd.conf }}} Then, copy/paste the following (change pcX to your own pc number): {{{ # Listen for connections on all interfaces (both IPv4 *and* IPv6) agentAddress udp:161,udp6:[::1]:161 # For SNMPv2: Configure Read-Only community and restrict who can connect rocommunity NetManage 192.248.0.0/16 rocommunity NetManage 127.0.0.1 # Information about this host sysLocation LEARN Workshop sysContact admin@'your domain'.ws.ac.lk # Which OSI layers are active in this host # (Application + End-to-End layers) sysServices 72 # Include proprietary dskTable MIB (in addition to hrStorageTable) includeAllDisks 10% }}} Now save and exit from the editor. Now we will add the same SNMPv3 user to your PC. We need to stop snmpd before adding the user, and restart it to read the above changes as well as the new user: {{{ $ sudo service snmpd restart }}} Check that snmpd is working: {{{ $ snmpstatus localhost }}} What do you observe ? === Test your neighbors === Check now that you can run snmpstatus against your other group members servers: {{{ $ snmpstatus www.'your neighbors domain.ws.ac.lk }}} == LibreNMS == === Installing LibreNMS === These instructions assume you are the root user. If you are not, prepend ''sudo'' to the shell commands (the ones that aren't at ''mysql>'' prompts) or temporarily invoke root privileges. ==== Create database ==== '''NOTE''': These instructions are based on the official LibreNMS installation notes and have been tested on a fresh install of Ubuntu 16.0. We will assume that the database is running on the same machine as your network management server (this is the most common initial deployment scenario). First install mysql and configure: {{{ # apt-get update (Already done) # apt-get install mysql-server mysql-client }}} You will be asked to enter a password for the MySQL root user. Be absolutely sure that you remember what you choose here. You will use this later. {{{ # mysql -uroot -p }}} Input the MySQL root password (the one you chose in the previous step) to enter the MySQL command-line interface where you will get a mysql> prompt. Create the database: {{{ CREATE DATABASE librenms; GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost' IDENTIFIED BY '' ; FLUSH PRIVILEGES; exit }}} PLEASE NOTE Here we are using as the password for LibreNMS to access MySQL. Please replace with, Please do not forget the password as you will need it in the future ==== Install LibreNMS ==== The NMS is the host is where the web server and SNMP poller run. Install the required software: {{{ apt-get install libapache2-mod-php7.0 php7.0-cli php7.0-mysql php7.0-gd php7.0-snmp php-pear php7.0-curl snmp graphviz php7.0-mcrypt php7.0-json apache2 fping imagemagick whois mtr-tiny nmap python-mysqldb snmpd php-net-ipv4 php-net-ipv6 rrdtool git }}} The packages listed above are an all-inclusive list of packages that were necessary on a clean install of Ubuntu 16.0 ==== snmp ==== You need to configure snmpd appropriately if you have not already done so. We will do a minimal snmp configuration on our server -- '''please DON'T''' do this if you've already configured SNMP earlier! {{{ # mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig # vi /etc/snmp/snmpd.conf }}} and, add the following line to the empty file: {{{ rocommunity NetManage 127.0.0.1 }}} And, now restart the snmp service so that the changes become active. {{{ # service snmpd restart }}} You can verify that snmp now responds to you locally by typing: {{{ # snmpstatus -v2c -c NetManage 127.0.0.1 sysStatus }}} ==== php ==== In both '''/etc/php/7.0/apache2/php.ini''' and '''/etc/php/7.0/cli/php.ini''', ensure '''date.timezone''' is set to your preferred time zone. See or files under ''/usr/share/zoneinfo'' for a list of supported timezones. For this workshop we are all going to use the same timezone. In the two archives noted above find the line that reads: {{{ ;date.timezone = }}} and change it to: {{{ date.timezone = Asia/Colombo }}} Save and exit from the files. ==== Adding the LibreNMS user ==== We need to create a LibreNMS system user, librenms # useradd librenms -d /opt/librenms -M -r # usermod -a -G librenms www-data ==== Cloning the LibreNMS source code with git ==== LibreNMS is installed using git. If you're not familiar with git, check out the git book or the tips at git ready. The initial install from github.com is called a ''git clone''; subsequent updates are done through ''git pull''. The initial clone can take quite a while (nearly 3 minutes on a 10Mbps connection is typical) as the size of the software repository is 220+ MB in size. Run the following: {{{ # cd /opt # git clone https://github.com/librenms/librenms.git librenms }}} At this point, you should have a ''librenms'' directory, with the most recent revision checked out. ==== Web Interface ==== To prepare the web interface (and adding devices shortly), you'll need to create and change the ownership of a directory as well as create an Apache Virtul Host definition. First, create and chown the ''rrd'' directory and create the ''logs'' directory: {{{ # cd /opt/librenms # mkdir rrd logs # chown -R librenms:librenms /opt/librenms # chmod 775 rrd # chown www-data /opt/librenms }}} Next, create '''/etc/apache2/sites-available/librenms.conf''': {{{ # vi /etc/apache2/sites-available/librenms.conf }}} Add the following lines: {{{ DocumentRoot /opt/librenms/html/ ServerName librenms."your domain".ws.ac.lk CustomLog /opt/librenms/logs/access_log combined ErrorLog /opt/librenms/logs/error_log AllowEncodedSlashes NoDecode Require all granted AllowOverride All Options FollowSymLinks MultiViews }}} Now enable the Virtual Host, but wait to restart Apache {{{ # a2ensite librenms.conf # a2enmod rewrite # service apache2 restart }}}