Today I needed to enable SNMP on my XenServer lab at home, I was looking for an efficient way to monitor my XenServer. I found a Linux distribution very handy for a Cacti box, EZCacti, you can download it here :
So to enable SNMP on XenServer 6, you need to follow the following guide. Please keep in memory you shouldn’t do that on your XenServer in a production environment, Citrix won’t be able to bring support if you modify the dom0.
First step, you need to allow SMTP to be able to collect and allow Cacti to get information from SNMP on the port 161/UDP :
Edit the file /etc/sysconfig/iptables with vi and add the following line :
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPTand then restart the iptables service using the following command line : service iptables restart
Now you need to configure your SNMP settings (community etc…) by editing the following file with vi : /etc/snmp/snmpd.conf
###############################################################################
# Access Control
###############################################################################
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes.
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec archynet 192.168.0.0/24 public
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 archynet
group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to:
# name incl/excl subtree mask(optional)
view systemview included system
view systemview included interfaces
view systemview included at
view systemview included ip
view systemview included icmp
view systemview included tcp
view systemview included udp
view systemview included snmp
####
# XenServer control domain does not support IPv6.
#
view systemview excluded ipv6InterfaceTableLastChange
view systemview excluded icmpStatsInErrors.ipv6
view systemview excluded icmpStatsInMsgs.ipv6
view systemview excluded icmpStatsOutErrors.ipv6
view systemview excluded icmpStatsOutMsgs.ipv6
view systemview excluded icmpMsgStatsInPkts.ipv6
view systemview excluded icmpMsgStatsOutPkts.ipv6
####
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview none none
###############################################################################
# System contact information
#
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (edit /etc/snmp/snmpd.conf)Make the change on your smtpd.conf file on the two line (in red) you can find in the example above, of course you’ll need to change the IP range to match your network subnet.
Now you need to start the SNMP service using the following command line : service snmpd start
Finally, to enable the automatic start of the SNMP service at your XenServer startup, type : chkconfig snmpd on
Now I can begin to work on Cacti and try to monitor the host and the VMs (Next blog to come)
