SNMP isn’t exactly new technology, but it’s pretty reliable and just about every monitoring system out there supports it. There are definitely more in-depth monitoring solutions for ESXi out there, but if you are looking for a quick and dirty monitoring solution for an ESXi host to integrate into a platform you already have, SNMP will do the trick. This post describes how to setup SNMP on ESXi 5, 5.5, and 6. I’m fairly certain it will work on older versions of ESXi as well, but i have not tested that theory.
How to enable SNMP on ESXi 5 / 5.5 / 6
There are a few steps involved in getting SNMP functional on ESXi. They go something like this.
- Set the SNMP community string
- Enable the SNMP service
- Add necessary firewall rules
- Enable the added firewall rule
- Restart the SNMP daemon
It’s a pretty straight forward process. Let’s getting started. First, you need to connect to your ESXi host via SSH, If you don’t know how to do this, click here to read my post on how to enable SSH on ESXi. After logging in to your ESXi host via SSH, run the following commands.
# esxcli system snmp set --communities YOUR_STRING # esxcli system snmp set --enable true
You will need to change YOUR_STRING to the name of your SNMP community. Many times this is PUBLIC or PRIVATE, but I suggest you use something different and unique for security purposes.
Next, we need to add a firewall rule to allow the SNMP inbound port, and then enable it.
# esxcli network firewall ruleset set --ruleset-id snmp --allowed-all true # esxcli network firewall ruleset set --ruleset-id snmp --enabled true
This allows all subnets and hosts inbound access to the SNMP daemon.
If you only wish to allow a specific host or subnet, you can run these commands instead.
# esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false # esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.1.0/24 # esxcli network firewall ruleset set --ruleset-id snmp --enabled true
You will need to change 192.168.1.0/24 to your subnet (in CIDR notation). If you don’t know the CIDR for your subnet off hand, check out my CIDR notation and IP address subnet cheat sheet here.
The last step is to restart the SNMP daemon to apply all of the changes we’ve made. To do so run the following command.
# /etc/init.d/snmpd restart
You can fire up the vSphere Client if you want to verify everything in the GUI. You should see snmpd under Configuration > Security Profile > Services.
You will also see SNMP Server under Configuration > Security Profile > Firewall.
Now you have enabled SNMP and opened up the port in your ESXi firewall. If you run into any problems, please feel free to ask for help in the comments below. Thanks!
Subscribe to future posts and updates!