How to Configure SNMP Monitoring on RHEL 7
Simple Network Management Protocol (SNMP) is one of the most widely supported protocols for monitoring network devices, servers, storage appliances, and virtually any managed infrastructure component. Configuring SNMP on Red Hat Enterprise Linux 7 allows your monitoring platform — whether Zabbix, LibreNMS, Nagios, or Prometheus with the SNMP Exporter — to poll system metrics such as CPU load, memory utilisation, disk I/O, network interface statistics, and process counts. This guide covers installing and configuring the Net-SNMP daemon on RHEL 7, testing connectivity with snmpwalk, integrating with Zabbix and LibreNMS, setting up the more secure SNMPv3 with authentication and encryption, and opening the correct firewall port.
Prerequisites
- RHEL 7 server with a non-root sudo user
- A registered subscription or access to RHEL 7 base repositories (for
yuminstalls) - A monitoring server running Zabbix, LibreNMS, or another SNMP-capable platform
- Basic understanding of SNMP concepts (OIDs, community strings, MIBs)
Step 1: Install Net-SNMP Packages
RHEL 7 provides the Net-SNMP daemon and utilities through the base repository. Install both the agent (net-snmp) and the command-line utilities (net-snmp-utils) which include snmpwalk, snmpget, and snmpset.
# Install the SNMP daemon and utilities
sudo yum install -y net-snmp net-snmp-utils
# Optionally install MIB files for friendlier OID output
sudo yum install -y net-snmp-libs
# Verify the installation
rpm -q net-snmp net-snmp-utils
snmpd --version
Step 2: Configure the SNMP Daemon
The main configuration file is /etc/snmp/snmpd.conf. The default file is verbose and contains many commented-out examples. It is cleaner to back it up and write a minimal configuration from scratch.
# Back up the default configuration
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
# Open the configuration file for editing
sudo vi /etc/snmp/snmpd.conf
Replace the contents with the following minimal but functional configuration. Adjust the community string, location, and contact fields to match your environment.
###########################################################################
# Net-SNMP agent configuration — RHEL 7
###########################################################################
# Agent listening address
# Listen on all interfaces on UDP port 161
agentAddress udp:161,udp6:[::1]:161
# SNMPv1/v2c community string configuration
# rocommunity = read-only community (use a non-default string in production)
rocommunity public default .1.3.6.1
# Restrict access to your monitoring server's IP for tighter security:
# rocommunity mysecret 10.0.0.5 .1.3.6.1
# System information OIDs (sysDescr, sysContact, sysLocation)
syslocation "Rack 3, Data Centre East, London"
syscontact "[email protected] (Operations Team)"
# Host MIB — enables process, disk, and load table reporting
disk / 10%
disk /var 10%
disk /home 5%
# Load average threshold alerts (1m, 5m, 15m)
load 12 8 4
# Log SNMP requests at level warning or above
log_timestamps yes
# Extend with custom shell scripts (optional example)
# extend uptime /bin/sh -c "uptime"
Key directives explained:
- agentAddress — specifies the interfaces and protocols the daemon binds to. Set to a specific IP (e.g.,
udp:eth0:161) for security. - rocommunity — the community string acts as a password for SNMPv1/v2c. The third field restricts which source IP can poll; use your monitoring server’s IP in production.
- syslocation / syscontact — metadata returned by the
sysLocationandsysContactOIDs, useful for inventory systems. - disk — registers disk partitions so the Host Resources MIB reports their utilisation.
Step 3: Enable and Start the SNMP Daemon
# Enable snmpd to start at boot
sudo systemctl enable snmpd
# Start the daemon
sudo systemctl start snmpd
# Check its status
sudo systemctl status snmpd
# Confirm it is listening on UDP 161
ss -ulnp | grep 161
Step 4: Open the Firewall for SNMP
SNMP uses UDP port 161 for agent queries and UDP port 162 for SNMP traps sent from the agent to a trap receiver. Open the relevant ports through firewalld.
# Allow SNMP queries (UDP 161)
sudo firewall-cmd --zone=public --add-port=161/udp --permanent
# Allow SNMP traps if you plan to send traps to a receiver (UDP 162)
sudo firewall-cmd --zone=public --add-port=162/udp --permanent
# Reload firewall rules
sudo firewall-cmd --reload
# Confirm the rules
sudo firewall-cmd --list-ports
For tighter security, restrict port 161 to your monitoring server’s IP only:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="10.0.0.5/32" port port="161" protocol="udp" accept' --permanent
sudo firewall-cmd --reload
Step 5: Test with snmpwalk
Use snmpwalk to verify that the agent is responding and returning data. Run these commands from the RHEL 7 server itself (using localhost) or from your monitoring server using the server’s IP.
# Walk the entire MIB tree (may produce a lot of output)
snmpwalk -v2c -c public localhost
# Query just system information
snmpwalk -v2c -c public localhost system
# Query specific OIDs
snmpget -v2c -c public localhost sysDescr.0
snmpget -v2c -c public localhost sysUpTime.0
snmpget -v2c -c public localhost sysContact.0
snmpget -v2c -c public localhost sysLocation.0
# Check CPU load averages (HOST-RESOURCES-MIB)
snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2021.10
# Check disk usage
snmpwalk -v2c -c public localhost dskTable
# Check network interface statistics
snmpwalk -v2c -c public localhost interfaces
Step 6: Configure SNMP v3 User (Recommended for Production)
SNMPv1 and v2c transmit community strings in plaintext, making them unsuitable for untrusted networks. SNMPv3 provides authentication (via HMAC-SHA) and optional privacy encryption (AES or DES). To configure an SNMPv3 user, the daemon must be stopped while the user is created.
# Stop the daemon before creating the v3 user
sudo systemctl stop snmpd
# Create an SNMPv3 user with SHA authentication and AES-128 encryption
# Syntax: net-snmp-create-v3-user [-ro] [-A authpass] [-a SHA] [-X privpass] [-x AES] username
sudo net-snmp-create-v3-user
-ro
-A "MyAuthPassphrase1!"
-a SHA
-X "MyPrivPassphrase1!"
-x AES
monitoruser
# This writes a 'createUser' line to /var/lib/net-snmp/snmpd.conf
# and a 'rouser' line to /etc/snmp/snmpd.conf
# Start the daemon
sudo systemctl start snmpd
# Test the v3 user
snmpwalk -v3
-l authPriv
-u monitoruser
-A "MyAuthPassphrase1!"
-a SHA
-X "MyPrivPassphrase1!"
-x AES
localhost system
Step 7: Configure SNMP in Zabbix
In the Zabbix web interface, navigate to Configuration → Hosts → Create host. Set the host’s IP address and then configure the SNMP interface.
- Under Interfaces, click Add → SNMP
- Set IP address to your RHEL 7 server’s IP
- Port:
161 - SNMP version: SNMPv2 or SNMPv3
- For v2: set SNMP community to
public(or your custom string) - For v3: set Security name (
monitoruser), Security level (authPriv), Auth protocol (SHA), Auth passphrase, Privacy protocol (AES128), and Privacy passphrase
Attach the Template OS Linux by SNMP (or Template Module Linux CPU by SNMP) from Zabbix’s built-in template library to automatically collect CPU, memory, disk, and network metrics via SNMP.
Step 8: Configure SNMP in LibreNMS
LibreNMS uses SNMP as its primary data collection mechanism. Add the RHEL 7 server via the LibreNMS web UI or CLI.
# On the LibreNMS server, add the device via CLI
php /opt/librenms/addhost.php rhel7-server.example.com public v2c 161 udp
# Or with SNMPv3
php /opt/librenms/addhost.php rhel7-server.example.com '' v3 161 udp
monitoruser authPriv SHA "MyAuthPassphrase1!" AES "MyPrivPassphrase1!"
# Run discovery to collect initial data
php /opt/librenms/discovery.php -h rhel7-server.example.com
# Run a manual poll
php /opt/librenms/poller.php -h rhel7-server.example.com
LibreNMS will automatically apply the Linux device type and begin graphing CPU, memory, disk, and network interface data using its built-in SNMP polling engine.
Conclusion
You have successfully installed and configured Net-SNMP on RHEL 7, defined a secure community string with access restrictions, and tested the agent with snmpwalk. You also set up an SNMPv3 user with SHA authentication and AES encryption for production-grade security, and walked through integration steps for both Zabbix and LibreNMS. SNMP remains the lingua franca of infrastructure monitoring — virtually every network device and operating system supports it — and having a properly configured SNMP agent on your RHEL 7 servers gives your monitoring platform a reliable, standards-based source of metrics without any custom agent software.
