There are six steps to correctly configuring SNMP on your Citrix Xen hypervisor. These steps don’t require a system restart and are non-service affecting.
To start, we assume you’re running Xen v6.x or v7.x, and are logged into the Xen CLI as root.
1. Enable the SNMP daemon
Enable the snmpd daemon by typing-
2. Configure the SNMP service
Make a backup of the snmpd.conf file. The default snmpd.conf file contains a lot of useful documentation for more advanced implementations of SNMP.
# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup
Then edit /etc/snmp/snmpd.conf in your favorite text editor. (vi, and nano are installed by default in Xenserver.)
Remove all of the previous content of /etc/snmp/snmpd.conf. Add a line with the community string of your choice and the CIDR address of the subnet in which your collector resides.
rocommunity your_community_string subnet_of_collector
rocommunity public 192.168.1.0/24
If you have multiple collectors, repeat for each collector as follows:
rocommunity auvik 192.168.3.0/24 rocommunity auvik 10.10.10.0/24
3. Configure the firewall rules
XenServer uses iptables for firewalling. We’re going to create a new firewall rule that accepts SNMP queries from the Auvik collector. You’ll need to know your Auvik collector’s IP address for this step. You can find the IP address in the collector console or by clicking Auvik Collectors from the side navigation bar.
Edit /etc/sysconfig/iptables using your favourite text editor.
Above the default ICMP rule, add the line that’s shown in bold below. Make sure you substitute the Auvik collector’s IP address between the parentheses.
... -A RH-Firewall-1-INPUT -s (Auvik.Collector.IP.Address) -p udp -m udp --dport 161 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited ... COMMIT ...
4. Restart the firewall
# service iptables restart
5. Restart the SNMP daemon
# service snmpd restart
6. Add the new community string to Auvik
If you set a new community string, follow these steps to add it to Auvik.
You’re all done.
If remote machines still can’t communicate with your Xenserver using SNMP after performing all of the steps above, check for a lock file here:
If the lock file exists, delete it: