Enable SNMP on Citrix Xenserver distribution

The procedure for enabling SNMP on a Citrix Xenserver server is fairly straightforward. You need to connect via SSH with your 'root' user. This procedure has been tested on version 8 of Xenserver.

Then type the following command to activate SNMP.

copy
chkconfig snmpd

You can now edit the configuration file

copy
nano /etc/snmp/snmpd.conf

At the beginning of the file, add a line of the type rocommunity public <ip de votre esia/unity> for example:

copy
rocommunity public 192.168.1.3/32

Then configure the firewall to allow port 161. We need to edit the following file:

copy
nano /etc/sysconfig/iptables

Just before the line “-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited”. add the following line, putting the IP of your Unity/Esia server.

copy
-A RH-Firewall-1-INPUT -s <IP> -p udp -m udp --dport 161 -j ACCEPT

Here is an example of a complete file:

# DHCP for host internal networks (CA-6996)
-A RH-Firewall-1-INPUT -p udp -m udp --dport 67 --in-interface xenapi -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Linux HA hearbeat (CA-9394)
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m udp -p udp --dport 694 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
# dlm
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21064 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m multiport --dports 5404,5405 -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.10.0.20/32 -p udp -m udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Now all you have to do is restart your firewall and the SNMP agent

copy
service iptables restart
service snmpd restart

SNMP is now enabled on your Xenserver server. It will be recognised as a Linux server in the interface. You can add the “default_snmp_linux_server” or “default_gesa_linux_server” pattern to it via the following link: Apply patterns to your nodes