Setting up SNMP on VMware

In setting up Zabbix to monitor my devices, I had to look up how to set up SNMP in VMware. My first mistake was assuming that vCenter, the central management system for VMware, would actually centrally manage SNMP. It does not.

From what I can tell, you cannot set up SNMP from the GUI, and has to be set up on each ESXi host manually, or rather individually. It could be scripted.

Setting up vCenter

For vCenter, log in to the command shell as root via ssh. I assume here you have already set up ssh and know your root password.

The command for setting the community string(s) is:

snmp.set --communities my_community1,mycommunity2,etc

You do not have to specify more than one, but you can. Then you enable the SNMP service with the command:

snmp.enable 

Setting up ESXi Hosts

To set up on each ESXi host, you need to log in to the command line via ssh as root. I assume here you have already set up ssh and know your root password.

To see the list of SNMP options, you can run the command:

[root@esxi01:~] esxcli system snmp set --help
Usage: esxcli system snmp set [cmd options]

Description:
  set                   This command allows the user to set up ESX SNMP agent.

Cmd options:
  -a|--authentication=<str>
                        Set default authentication protocol. Values: none, MD5, SHA1
  -c|--communities=<str>
                        Set up to ten communities each no more than 64 characters. Format is:
                        community1[,community2,...] (this overwrites previous settings)
  -e|--enable           Start or stop SNMP service. Values: [yes|no, true|false, 0|1]
  -E|--engineid=<str>   Set SNMPv3 engine id. Must be at least 10 to 32 hexadecimal characters. 0x or 0X is
                        stripped if found as well as colons (:)
  -y|--hwsrc=<str>      Where to source hardware events from IPMI sensors or CIM Indications. One of:
                        indications|sensors
  -s|--largestorage     Support large storage for hrStorageAllocationUnits * hrStorageSize. Values: [yes|no,
                        true|false, 0|1]. Control how the agent reports hrStorageAllocationUnits,
                        hrStorageSize and hrStorageUsed in hrStorageTable. Setting this directive to 1 to
                        support large storage with small allocation units, the agent re-calculates these
                        values so they all fit Integer32 and hrStorageAllocationUnits * hrStorageSize gives
                        real size of the storage ( Note: hrStorageAllocationUnits will not be real
                        allocation units if real hrStorageSize won't fit into Integer32 ). Setting this
                        directive to 0 turns off this calculation and the agent reports real
                        hrStorageAllocationUnits, but it might report wrong hrStorageSize for large storage
                        because the value won't fit into Integer32.
  -l|--loglevel=<str>   System Agent syslog logging level: debug|info|warning|error
  -n|--notraps=<str>    Comma separated list of trap oids for traps not to be sent by agent. Use value
                        'reset' to clear setting
  -p|--port=<long>      Set UDP port to poll snmp agent on. The default is udp/161
  -x|--privacy=<str>    Set default privacy protocol. Values: none, AES128
  -R|--remote-users=<str>
                        Set up to five inform user ids. Format is: user/auth-proto/-|auth-hash/priv-
                        proto/-|priv-hash/engine-id[,...] Where user is 32 chars max. auth-proto is
                        none|MD5|SHA1, priv-proto is none|AES. '-' indicates no hash. engine-id is hex
                        string '0x0-9a-f' up to 32 chars max.
  -r|--reset            Return agent configuration to factory defaults
  -C|--syscontact=<str> System contact string as presented in sysContact.0. Up to 255 characters
  -L|--syslocation=<str>
                        System location string as presented in sysLocation.0. Up to 255 characters.
  -t|--targets=<str>    Set up to three targets to send SNMPv1 traps to. Format is: ip-or-
                        hostname[@port]/community[,...] The default port is udp/162. (this overwrites
                        previous settings)
  -u|--users=<str>      Set up to five local users. Format is: user/-|auth-hash/-|priv-hash/model[,...]
                        Where user is 32 chars max. '-' indicates no hash. Model is one of (none|auth|priv).
  -i|--v3targets=<str>  Set up to three SNMPv3 notification targets. Format is: ip-or-
                        hostname[@port]/remote-user/security-level/trap|inform[,...].

So, the basic two steps you need for SNMP v1/2c are to see your community string, and to enable the service:

esxcli system snmp set -c my_community
esxcli system snmp set -e true 

I am not covering v3 here as that is much more involved. On a closed LAN, v2c is perfectly fine. If you have hosts in any way exposed to the internet, you will definitely want to use v3.

Leave a Comment