How to enable SNMP on Citrix Xen hypervisors

There are six steps to correctly configuring SNMP on your Citrix Xen hypervisor. These steps don’t require a system restart and are non-service affecting.

To start, we assume you’re running Xen v6.x or v7.x, and are logged into the Xen CLI as root.
1. Enable the SNMP daemon

Enable the snmpd daemon by typing

chkconfig snmpd

2. Configure the SNMP service

Make a backup of the snmpd.conf file. The default snmpd.conf file contains a lot of useful documentation for more advanced implementations of SNMP.

# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.backup

Then edit /etc/snmp/snmpd.conf in your favorite text editor. (vi, and nano are installed by default in Xenserver.)

Remove all of the previous content of /etc/snmp/snmpd.conf.  Add a line with the community string of your choice and the CIDR address of the subnet in which your collector resides.

rocommunity your_community_string subnet_of_collector

Example:

rocommunity public 192.168.1.0/24

If you have multiple collectors, repeat for each collector as follows:

rocommunity public 192.168.3.0/24
rocommunity public 10.10.10.0/24
Configure the firewall rules

Citrix XenServer uses iptables for firewalling. We’re going to create a new firewall rule that accepts SNMP queries from the Auvik collector. You’ll need to know your monitoring collector’s IP address for this step.
Edit /etc/sysconfig/iptables using your favourite text editor.

Above the default ICMP rule, add the line that’s shown in bold below. Make sure you substitute the Auvik collector’s IP address between the parentheses.

...
-A RH-Firewall-1-INPUT -s (Monitoring.Collector.IP.Address) -p udp -m udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
...
COMMIT
...
4. Restart the firewall

# service iptables restart
5. Restart the SNMP daemon

# service snmpd restart
6. Add the new community string to your monitor.

If you set a new community string, follow these steps to add it to your monitor.

You’re all done.
  • xenserver, xen, snmp, virtual, vm, monitoring
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Connecting your service to your in-home wiring

"I've switched to VoIP for all my home's phone connections and now want to distribute VoIP...

How to Disable SIP ALG on the TP-LINK TD-W8960n, TP-LINK TD-W8968 and TP-LINK TD-W9970 Modem Router

SIP ALG (Application Layer Gateway) is a feature which is enabled by default in most TP-LINK...

Connecting to your voicemail

To connect to your home phone voicemail service, pick up your phone and dial *97. If this is your...