How to use SNMPv3 credential manager for authentication on OpManager

How to use SNMPv3 credential manager for authentication on OpManager

OpManager is a network monitoring software that can automatically discover your network, group your devices, services, process status and so on.
Credential Manager allows to add credentials in many formats like telnet,ssh,snmp and so on.

In our previous session we have seen the installation of OpManager on centos 7
Note : provide link here

Status of OpManager
[root@linuxhelp bin\]# systemctl status OpManager
 OpManager.service - OpManager As Service
     Loaded: loaded (/etc/systemd/system/OpManager.service  enabled  vendor preset: disabled)
     Active: active (exited) since Mon 2018-06-25 09:41:04 IST  3h 37min ago
   Process: 94539 ExecStart=/opt/ManageEngine/OpManager/bin/na\_service start (code=exited, status=0/SUCCESS)
  Main PID: 94539 (code=exited, status=0/SUCCESS)
     CGroup: /system.slice/OpManager.service
                 ├─94553 ./wrapper ../conf/wrapper.conf wrapper.pidfile=.//OpManager.pid wrapper.daemonize=TRUE
                 └─96145 /opt/ManageEngine/OpManager/jre/bin/java -Dcatalina.home=.. -Dserver.home=.. -Dserver.stats=1000 -Djava.util.logging.m...Jun 25 09:41:03 localhost.localdomain systemd\[1\]: Starting OpManager As Service...
Jun 25 09:41:04 localhost.localdomain systemd\[1\]: Started OpManager As Service.
Jun 25 09:41:10 localhost.localdomain su\[94583\]: (to postgres) root on none

Move to your OpManager interface

Go to inventory which comprises of the list of devices (By default my localhost gets added soon after installing the OpManager)

Click on your device

Go to edit device details and add the vendor details, category, type.

Now click on settings and go to discovery in that select credentials tab and finally click Add credentials


Select SNMPv3 ( which is secured one compared to SNMPv1/v2)

The values are need to be added after configuring snmp on client side

Foe that install snmp and its required packages on client machine

[root@linuxhelp ~\]# yum install net-snmp net-snmp-utils net-snmp-devel -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 \* base: centos-hcm.viettelidc.com.vn
 \* extras: mirrors.fibergrid.in
 \* updates: mirrors.fibergrid.in
Resolving Dependencies
-->  Running transaction check
--->  Package net-snmp.x86\_64 1:5.7.2-33.el7\_5.2 will be installed
-->  Processing Dependency: net-snmp-libs = 1:5.7.2-33.el7\_5.2 for package: 1:net-snmp-5.7.2-33.el7\_5.2.x86\_64
-->  Processing Dependency: net-snmp-agent-libs = 1:5.7.2-33.el7\_5.2 for package: 1:net-snmp-5.7.2-33.el7\_5.2.x86\_64
-->  Processing Dependency: libnetsnmptrapd.so.31()(64bit) for package: 1:net-snmp-5.7.2-33.el7\_5.2.x86\_64
-->  Processing Dependency: libnetsnmpmibs.so.31()(64bit) for package: 1:net-snmp-5.7.2-33.el7\_5.2.x86\_64
-->  Processing Dependency: libnetsnmpagent.so.31()(64bit) for package: 1:net-snmp-5.7.2-33.el7\_5.2.x86\_64
--->  Package net-snmp-devel.x86\_64 1:5.7.2-33.el7\_5.2 will be installed
-->  Processing Dependency: tcp\_wrappers-devel for package: 1:net-snmp-devel-5.7.2-33.el7\_5.2.x86\_64
-->  Processing Dependency: rpm-devel for package: 1:net-snmp-devel-5.7.2-33.el7\_5.2.x86\_64
-->  Processing Dependency: perl-devel(x86-64) for package: 1:net-snmp-devel-5.7.2-33.el7\_5.2.x86\_64
-->  Processing Dependency: openssl-devel for package: 1:net-snmp-devel-5.7.2-33.el7\_5.2.x86\_64
-->  Processing Dependency: lm\_sensors-devel for package: 1:net-snmp-devel-5.7.2-33.el7\_5.2.x86\_64
.
.
.
.
Dependency Updated:
  e2fsprogs.x86\_64 0:1.42.9-12.el7\_5     e2fsprogs-libs.x86\_64 0:1.42.9-12.el7\_5  elfutils.x86\_64 0:0.170-4.el7          elfutils-libelf.x86\_64 0:0.170-4.el7  elfutils-libs.x86\_64 0:0.170-4.el7       glibc.x86\_64 0:2.17-222.el7
  glibc-common.x86\_64 0:2.17-222.el7     krb5-libs.x86\_64 0:1.15.1-19.el7         libcom\_err.x86\_64 0:1.42.9-12.el7\_5    libdb.x86\_64 0:5.3.21-24.el7          libdb-utils.x86\_64 0:5.3.21-24.el7       libselinux.x86\_64 0:2.5-12.el7
  libselinux-python.x86\_64 0:2.5-12.el7  libselinux-utils.x86\_64 0:2.5-12.el7     libsepol.x86\_64 0:2.5-8.1.el7          libss.x86\_64 0:1.42.9-12.el7\_5        net-snmp-libs.x86\_64 1:5.7.2-33.el7\_5.2  openssl.x86\_64 1:1.0.2k-12.el7
  openssl-libs.x86\_64 1:1.0.2k-12.el7    rpm.x86\_64 0:4.11.3-32.el7               rpm-build-libs.x86\_64 0:4.11.3-32.el7  rpm-libs.x86\_64 0:4.11.3-32.el7       rpm-python.x86\_64 0:4.11.3-32.el7

Complete!

Now check the status of snmpd


[root@linuxhelp ~\]# systemctl status snmpd
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service  disabled  vendor preset: disabled)
   Active: inactive (dead)
Now there are 3 types to configure snmpv3
&bull     Command Line
&bull     Interactive
&bull     Manual

select any one of the method and create SNMPv3 user, here command line mode is used, Backup the old configuration file before creating user.

[root@linuxhelp ~\]#   mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.old
Use the following to create 
[root@linuxhelp ~\]# net-snmp-config --create-snmpv3-user -A Net@123 -X alerts -a SHA -x AES alert@123
adding the following line to /var/lib/net-snmp/snmpd.conf:
   createUser alert@123 SHA " Net@123"  AES alerts
adding the following line to /etc/snmp/snmpd.conf:
   rwuser alert@123

Now move to your OpManager under settings, go to credentials tab and &ldquo Add credential&rdquo



We have successfully added credentials, before associating it start and enable the snmpd service

[root@linuxhelp ~\]# systemctl start snmpd

[root@linuxhelp ~\]# systemctl enable snmpd
Created symlink from /etc/systemd/system/multi-user.target.wants/snmpd.service to /usr/lib/systemd/system/snmpd.service.

Under settings we have basic settings configuration comprising of mail settings, credentials etc.

The added device is displayed in &ldquo Inventory&rdquo


Edit credentials (telnet,ssh,net-snmp)


In that &ldquo Click here to change password&rdquo there choose SNMP credentials and apply them globally
Now click Monitor icon
Comprises of Script,service,URL,Process monitors

For Adding Process Monitor,
Similarly for Service monitors


For Performance monitor

Tag : SNMP
FAQ
Q
Why I can see the system group, but nothing else. Why?
A
The easiest way to test this is to try a GETNEXT request on one of the other standard groups

e.g.
snmpgetnext ..... interfaces
Q
Why do I sometimes get "End of MIB" when walking a tree, and sometimes not?
A
This depends on which MIB modules are supported by the agent you are querying and exactly what you're asking for.
Q
Why can't I set any variables in the MIB?
A
There are three possible reasons for this:
Many MIB objects are defined as "read-only" and inherently cannot be changed via SET requests. Attempts to do so will typically be rejected by the 'snmpset' command without ever being sent to the agent.
Q
How do I use SNMPv3?
A
The simplest form of SNMPv3 request is unauthenticated and unencrypted (noAuthNoPriv). It simply requires a user name, and would look something like:

snmpget -v 3 -l noAuthNoPriv -u dave localhost sysUpTime.0
Q
How do I receive SNMPv1 traps?
A
Directives in the 'snmptrapd.conf' file use the (SNMPv2) snmpTrapOID value to identify individual notifications. This applies to *all* versions of SNMP - including SNMPv1 traps. See the co-existence spec (RFC 2576) for details of mapping SNMPv1 traps to SNMPv2 OIDs.