How can we help?

How to enable SNMP on Citrix Xen hypervisors

Follow

There are six steps to correctly configuring SNMP on your Citrix Xen hypervisor. These steps don’t require a system restart and are non-service affecting.

To start, we assume you’re running Xen v6.x or v7.x, and are logged into the Xen CLI as root.

1. Enable the SNMP daemon

Enable the snmpd daemon by typing

chkconfig snmpd

2. Configure the SNMP service

Make a backup of the snmpd.conf file. The default snmpd.conf file contains a lot of useful documentation for more advanced implementations of SNMP.

# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup

Then edit /etc/snmp/snmpd.conf in your favorite text editor. (vi, and nano are installed by default in Xenserver.)

Remove all of the previous content of /etc/snmp/snmpd.conf.  Add a line with the community string of your choice and the CIDR address of the subnet in which your collector resides.

rocommunity your_community_string subnet_of_collector

Example:

rocommunity public 192.168.1.0/24

If you have multiple collectors, repeat for each collector as follows:

rocommunity auvik 192.168.3.0/24
rocommunity auvik 10.10.10.0/24

Configure the firewall rules

Citrix XenServer uses iptables for firewalling. We’re going to create a new firewall rule that accepts SNMP queries from the Auvik collector. You’ll need to know your Auvik collector’s IP address for this step. You can find the IP address in the collector console or by clicking Auvik Collectors from the side navigation bar.

Edit /etc/sysconfig/iptables using your favourite text editor.

Above the default ICMP rule, add the line that’s shown in bold below. Make sure you substitute the Auvik collector’s IP address between the parentheses.

...
-A RH-Firewall-1-INPUT -s (Auvik.Collector.IP.Address) -p udp -m udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
...
COMMIT
...

4. Restart the firewall

# service iptables restart

5. Restart the SNMP daemon

# service snmpd restart

6. Add the new community string to Auvik

If you set a new community string, follow these steps to add it to Auvik.

You’re all done.

Troubleshooting

If remote machines still can’t communicate with your Xenserver using SNMP after performing all of the steps above, check for a lock file here:

/var/lock/subsys/snmpd

If the lock file exists, delete it:

rm /var/lock/subsys/snmpd

Have more questions? Submit a request

Comments

Powered by Zendesk