SNMP (Simple Network Management Protocol) remains the dominant standard for monitoring network devices, switches, routers, and hardware appliances that do not expose Prometheus endpoints. On RHEL 8, the net-snmp package provides both the daemon and a suite of command-line tools for querying and testing SNMP agents. This tutorial covers installing and configuring the SNMP daemon, setting up SNMPv3 for authenticated access, testing connectivity with snmpwalk, and collecting SNMP metrics into Prometheus via the Telegraf SNMP input plugin.
Prerequisites
- RHEL 8 server with a non-root sudo user
- EPEL 8 repository enabled
- Prometheus and Grafana installed (for the metrics ingestion step)
- Telegraf installed and running (or install it in Step 5)
- UDP port 161 accessible (SNMP default)
Step 1 — Install net-snmp
Install the SNMP daemon and its utilities from the standard RHEL 8 AppStream repository.
sudo dnf install -y net-snmp net-snmp-utils
snmpd --versionThe package provides snmpd (the daemon), snmpwalk, snmpget, snmptranslate, and the net-snmp-create-v3-user helper.
Step 2 — Configure /etc/snmp/snmpd.conf
Back up the default configuration and write a minimal but functional snmpd.conf that exposes the full MIB tree to a read-only community string on localhost, with system identity fields set correctly.
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
cat <<'EOF' | sudo tee /etc/snmp/snmpd.conf
# SNMPv2c community string (localhost only)
com2sec localuser localhost public
com2sec localnet 192.168.1.0/24 public
# Map community strings to security groups
group localgroup v2c localuser
group netgroup v2c localnet
# Define the view (full MIB tree)
view allview included .1
# Grant read-only access to the groups
access localgroup "" any noauth exact allview none none
access netgroup "" any noauth exact allview none none
# System identity
syslocation "Server Room A, Rack 3"
syscontact "[email protected]"
# Expose all interfaces and disk information
disk / 10%
load 16 8 4
EOFStep 3 — Enable and Start snmpd, Open the Firewall
Start the SNMP daemon, enable it to start on boot, and open the standard SNMP UDP port in the RHEL 8 firewall.
sudo systemctl enable --now snmpd
sudo systemctl status snmpd
sudo firewall-cmd --permanent --add-port=161/udp
sudo firewall-cmd --reload
sudo firewall-cmd --list-portsTest that the daemon responds with a basic snmpwalk query against the system MIB.
snmpwalk -v2c -c public localhost system
snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021 # UCD-SNMP-MIB (load, disk, memory)Step 4 — Set Up an SNMPv3 User for Authenticated Access
SNMPv2c sends community strings in plaintext. For production environments, create an SNMPv3 user with authentication and privacy encryption. Stop the daemon before creating the user so net-snmp can write the credentials safely.
sudo systemctl stop snmpd
# Create user: username=monitoruser, auth=SHA passphrase, priv=AES passphrase
sudo net-snmp-create-v3-user -ro -A "AuthPassphrase123!" -a SHA
-X "PrivPassphrase456!" -x AES monitoruser
sudo systemctl start snmpd
# Test SNMPv3 authentication
snmpwalk -v3 -l authPriv -u monitoruser
-a SHA -A "AuthPassphrase123!"
-x AES -X "PrivPassphrase456!"
localhost systemA successful response listing sysDescr, sysUpTime, and related OIDs confirms SNMPv3 is working.
Step 5 — Collect SNMP Metrics with Telegraf into Prometheus
Install Telegraf from the InfluxData repository and configure its SNMP input plugin to scrape the local SNMP daemon, then expose the results on a Prometheus output endpoint.
# Add InfluxData repo
cat <<'EOF' | sudo tee /etc/yum.repos.d/influxdata.repo
[influxdata]
name=InfluxData Repository
baseurl=https://repos.influxdata.com/rhel/8/x86_64/stable/
enabled=1
gpgcheck=1
gpgkey=https://repos.influxdata.com/influxdata-archive_compat.key
EOF
sudo dnf install -y telegraf
# Write Telegraf SNMP configuration
cat <<'EOF' | sudo tee /etc/telegraf/telegraf.d/snmp.conf
[[inputs.snmp]]
agents = ["udp://127.0.0.1:161"]
version = 3
sec_name = "monitoruser"
auth_protocol = "SHA"
auth_password = "AuthPassphrase123!"
priv_protocol = "AES"
priv_password = "PrivPassphrase456!"
[[inputs.snmp.field]]
name = "uptime"
oid = "RFC1213-MIB::sysUpTime.0"
[[inputs.snmp.field]]
name = "load1"
oid = "UCD-SNMP-MIB::laLoad.1"
[[inputs.snmp.field]]
name = "load5"
oid = "UCD-SNMP-MIB::laLoad.2"
[[inputs.snmp.table]]
name = "ifTable"
oid = "IF-MIB::ifTable"
[[inputs.snmp.table.field]]
name = "ifDescr"
oid = "IF-MIB::ifDescr"
is_tag = true
[[outputs.prometheus_client]]
listen = ":9273"
metric_version = 2
EOF
sudo systemctl enable --now telegraf
sudo systemctl status telegraf
# Check metrics are exposed
curl http://localhost:9273/metrics | grep snmp | head -20Step 6 — Add Telegraf to Prometheus scrape_configs
Add a short job block to your Prometheus configuration to scrape the Telegraf Prometheus client endpoint.
# In /etc/prometheus/prometheus.yml, add:
scrape_configs:
- job_name: telegraf_snmp
static_configs:
- targets: ['localhost:9273']
sudo systemctl reload prometheus
sudo firewall-cmd --permanent --add-port=9273/tcp
sudo firewall-cmd --reloadAfter a scrape interval, navigate to the Prometheus expression browser and query snmp_load1 or snmp_ifTable_ifInOctets to confirm data is flowing.
Conclusion
You have installed and configured the SNMP daemon on RHEL 8 with both SNMPv2c and the more secure SNMPv3 user authentication and AES encryption. You verified connectivity with snmpwalk, configured Telegraf’s SNMP input plugin to poll local OIDs, and exposed the results as Prometheus metrics. This pipeline can be extended to monitor any SNMP-capable network device — routers, switches, or storage arrays — by pointing the Telegraf agents list at their management IP addresses and adjusting the OID tables accordingly.
Next steps: How to Build Grafana Dashboards for Linux Server Metrics on RHEL 8, How to Use Prometheus Blackbox Exporter for Endpoint Monitoring on RHEL 8, and How to Install and Configure cAdvisor for Container Monitoring on RHEL 8.
