SNMP (Simple Network Management Protocol) is the universal language of network device monitoring, supported by routers, switches, UPS units, printers, and hundreds of other appliances. On RHEL 9 you can both expose your Linux server as an SNMP agent and query remote devices from the command line. This tutorial covers installing net-snmp, writing a secure snmpd configuration, testing with snmpwalk and snmpget, querying remote network devices, and feeding SNMP data into Prometheus via the snmp_exporter.
Prerequisites
- RHEL 9 server with a non-root sudo user
- A network device or second host that supports SNMPv2c for query testing
- Prometheus running (for the snmp_exporter integration steps)
- Go 1.21+ or a pre-built snmp_exporter binary (for the final step)
Step 1 — Install net-snmp
sudo dnf install -y net-snmp net-snmp-utils
# Confirm the installed versions
snmpd --version
snmpwalk --versionnet-snmp provides the daemon (snmpd) and its libraries, while net-snmp-utils provides the command-line tools (snmpwalk, snmpget, snmptrap, etc.).
Step 2 — Configure snmpd
RHEL 9’s default /etc/snmp/snmpd.conf is verbose. Back it up and write a clean, minimal configuration that restricts access by source address and community string.
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
sudo tee /etc/snmp/snmpd.conf > /dev/null <<'EOF'
# System identification
sysLocation "Rack 3, Data Centre, London"
sysContact [email protected]
sysServices 72
# Allow read-only access from localhost and the monitoring server (replace IP)
rocommunity public 127.0.0.1
rocommunity public 192.168.1.50
# Alternatively, use a stronger community string for production:
# rocommunity s3cur3mon 192.168.1.50
# Expose all MIBs
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
# Include the full MIB tree for the prometheus snmp_exporter
view all included .1
access notConfigGroup "" any noauth exact all none none
EOFSecurity note: Avoid using the community string public in production environments accessible from untrusted networks. Restrict source IPs with rocommunity directives and consider SNMPv3 with authentication and privacy for sensitive infrastructure.
Step 3 — Enable and Start snmpd, Open Firewall
sudo systemctl enable --now snmpd
sudo systemctl status snmpd
# SNMP uses UDP port 161
sudo firewall-cmd --permanent --add-port=161/udp
sudo firewall-cmd --reload
sudo firewall-cmd --list-ports # confirm 161/udp appearsStep 4 — Test with snmpwalk and snmpget
# Walk the entire system MIB on localhost
snmpwalk -v2c -c public localhost .1.3.6.1.2.1.1
# Get a single OID — system description
snmpget -v2c -c public localhost .1.3.6.1.2.1.1.1.0
# Get system uptime
snmpget -v2c -c public localhost .1.3.6.1.2.1.1.3.0
# Walk a remote network device (router)
snmpwalk -v2c -c public router.example.com .1.3.6.1.2.1.2.2 # ifTable
# Get interface descriptions on remote device
snmpwalk -v2c -c public 192.168.1.1 IF-MIB::ifDescrIf you see Timeout: No Response from localhost, check that snmpd is running (systemctl status snmpd), the firewall permits UDP 161, and the community string and version (-v2c) match the configuration.
Step 5 — Install and Configure the Prometheus SNMP Exporter
The snmp_exporter translates SNMP walks into Prometheus metrics using a snmp.yml generator file.
cd /tmp
SNMPVER="0.26.0"
wget https://github.com/prometheus/snmp_exporter/releases/download/v${SNMPVER}/snmp_exporter-${SNMPVER}.linux-amd64.tar.gz
tar xzf snmp_exporter-${SNMPVER}.linux-amd64.tar.gz
sudo cp snmp_exporter-${SNMPVER}.linux-amd64/snmp_exporter /usr/local/bin/
# Use the built-in default snmp.yml which includes IF-MIB and system MIBs
sudo mkdir -p /etc/snmp_exporter
sudo cp snmp_exporter-${SNMPVER}.linux-amd64/snmp.yml /etc/snmp_exporter/
# Create systemd unit
sudo tee /etc/systemd/system/snmp_exporter.service > /dev/null <<'EOF'
[Unit]
Description=Prometheus SNMP Exporter
After=network-online.target
[Service]
User=nobody
ExecStart=/usr/local/bin/snmp_exporter --config.file=/etc/snmp_exporter/snmp.yml
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable --now snmp_exporter
sudo firewall-cmd --permanent --add-port=9116/tcp
sudo firewall-cmd --reloadStep 6 — Scrape SNMP Metrics in Prometheus
Add a job to prometheus.yml that relays requests through the snmp_exporter, similar to the Blackbox Exporter pattern:
- job_name: 'snmp'
static_configs:
- targets:
- 192.168.1.1 # router
- 192.168.1.254 # switch
metrics_path: /snmp
params:
module: [if_mib] # module defined in snmp.yml
auth: [public_v2]
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: localhost:9116After reloading Prometheus, you will see metrics such as ifInOctets, ifOutOctets, ifOperStatus and sysUpTime in the metrics explorer. Import Grafana dashboard ID 11169 (SNMP Stats) for a ready-made network interface visualization.
Conclusion
SNMP is now configured on your RHEL 9 server with a minimal, access-restricted snmpd.conf. You can query local and remote devices with snmpwalk and snmpget, and the Prometheus SNMP Exporter feeds IF-MIB interface statistics into your metrics pipeline for Grafana dashboards and alerting rules.
Next steps: How to Build Grafana Dashboards for Linux Server Metrics on RHEL 9, How to Use Prometheus Blackbox Exporter for Endpoint Monitoring on RHEL 9, and How to Install and Configure cAdvisor for Container Monitoring on RHEL 9.
