Set up comprehensive network monitoring using SNMP with Prometheus and Grafana to monitor network devices, collect performance metrics, and create visual dashboards for infrastructure visibility.

Prerequisites

Root or sudo access
Network devices with SNMP enabled
At least 2GB RAM
Basic understanding of networking concepts

What this solves

Network monitoring with SNMP provides real-time visibility into your network infrastructure, allowing you to track device performance, bandwidth utilization, and system health across switches, routers, and servers. This tutorial shows you how to configure Net-SNMP, integrate it with Prometheus using snmp_exporter, and create comprehensive Grafana dashboards for network device monitoring.

Step-by-step installation

Update system packages

Start by updating your package manager to ensure you get the latest versions of all components.

sudo apt update && sudo apt upgrade -y

sudo dnf update -y

Install Net-SNMP daemon and tools

Install the SNMP daemon and utilities that will handle SNMP requests and provide monitoring data.

sudo apt install -y snmp snmpd snmp-mibs-downloader

sudo dnf install -y net-snmp net-snmp-utils net-snmp-libs

Configure Net-SNMP daemon

Create a secure SNMP configuration with community strings and access controls. This configuration enables monitoring while maintaining security.

# Basic SNMP configuration for network monitoring
Community string configuration
rocommunity monitoring_read default -V systemonly
rocommunity6 monitoring_read default -V systemonly

System information
sysLocation Network Operations Center
sysContact admin@example.com
sysServices 72

Process monitoring
proc sshd
proc cron
proc rsyslog

Disk monitoring
disk / 10000
disk /var 5000

Load monitoring
load 12 10 5

Network interface monitoring
interface eth0
interface lo

Enable AgentX for extending functionality
master agentx
agentXSocket tcp:localhost:705

Access control
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view systemonly included .1.3.6.1.2.1.2
view systemonly included .1.3.6.1.2.1.3
view systemonly included .1.3.6.1.2.1.4
view systemonly included .1.3.6.1.2.1.6
view systemonly included .1.3.6.1.2.1.10

Configure SNMP v3 security

Set up SNMPv3 with authentication and encryption for secure monitoring. This provides better security than community strings.

sudo systemctl stop snmpd

sudo net-snmp-create-v3-user -ro -A monitoring123! -X encryption456! -a SHA -x AES monitoruser

Add the v3 configuration to the SNMP daemon config:

# SNMPv3 configuration (append to existing config)
rouser monitoruser

v3 access control
group MyROGroup v3 monitoruser
view all included .1 80
access MyROGroup "" any auth exact all none none

Install Prometheus

Download and install Prometheus to collect metrics from the SNMP exporter.

cd /tmp
wget https://github.com/prometheus/prometheus/releases/download/v2.48.0/prometheus-2.48.0.linux-amd64.tar.gz
tar -xzf prometheus-2.48.0.linux-amd64.tar.gz
sudo mv prometheus-2.48.0.linux-amd64/prometheus /usr/local/bin/
sudo mv prometheus-2.48.0.linux-amd64/promtool /usr/local/bin/
sudo mkdir -p /etc/prometheus /var/lib/prometheus
sudo chown prometheus:prometheus /var/lib/prometheus

sudo useradd --no-create-home --shell /bin/false prometheus

Install SNMP Exporter

Download and configure the Prometheus SNMP exporter to bridge SNMP data into Prometheus metrics format.

cd /tmp
wget https://github.com/prometheus/snmp_exporter/releases/download/v0.24.1/snmp_exporter-0.24.1.linux-amd64.tar.gz
tar -xzf snmp_exporter-0.24.1.linux-amd64.tar.gz
sudo mv snmp_exporter-0.24.1.linux-amd64/snmp_exporter /usr/local/bin/
sudo mkdir -p /etc/snmp_exporter

sudo useradd --no-create-home --shell /bin/false snmp_exporter

Configure SNMP Exporter

Create configuration for the SNMP exporter to define how it should query SNMP devices and which metrics to collect.

auths:
  public_v2:
    community: monitoring_read
    security_level: noAuthNoPriv
    auth_protocol: MD5
    priv_protocol: DES
    version: 2
  
  secure_v3:
    username: monitoruser
    security_level: authPriv
    auth_protocol: SHA
    auth_password: monitoring123!
    priv_protocol: AES
    priv_password: encryption456!
    version: 3

modules:
  if_mib:
    walk:
    - 1.3.6.1.2.1.2.2.1.2   # ifDescr
    - 1.3.6.1.2.1.2.2.1.3   # ifType
    - 1.3.6.1.2.1.2.2.1.5   # ifSpeed
    - 1.3.6.1.2.1.2.2.1.8   # ifOperStatus
    - 1.3.6.1.2.1.2.2.1.10  # ifInOctets
    - 1.3.6.1.2.1.2.2.1.16  # ifOutOctets
    - 1.3.6.1.2.1.2.2.1.14  # ifInErrors
    - 1.3.6.1.2.1.2.2.1.20  # ifOutErrors
    
  system_mib:
    walk:
    - 1.3.6.1.2.1.1.1.0     # sysDescr
    - 1.3.6.1.2.1.1.3.0     # sysUpTime
    - 1.3.6.1.2.1.25.1.1.0  # hrSystemUptime
    - 1.3.6.1.2.1.25.2.2    # hrMemorySize
    - 1.3.6.1.2.1.25.3.3.1.2 # hrProcessorLoad

Create systemd service files

Set up systemd services for both Prometheus and SNMP exporter to manage them as system services.

[Unit]
Description=Prometheus
Wants=network-online.target
After=network-online.target

[Service]
User=prometheus
Group=prometheus
Type=simple
ExecStart=/usr/local/bin/prometheus \
    --config.file /etc/prometheus/prometheus.yml \
    --storage.tsdb.path /var/lib/prometheus/ \
    --web.console.templates=/etc/prometheus/consoles \
    --web.console.libraries=/etc/prometheus/console_libraries \
    --web.listen-address=0.0.0.0:9090 \
    --web.enable-lifecycle

[Install]
WantedBy=multi-user.target

[Unit]
Description=SNMP Exporter
Wants=network-online.target
After=network-online.target

[Service]
User=snmp_exporter
Group=snmp_exporter
Type=simple
ExecStart=/usr/local/bin/snmp_exporter --config.file=/etc/snmp_exporter/snmp.yml
Restart=always

[Install]
WantedBy=multi-user.target

Configure Prometheus to scrape SNMP targets

Set up Prometheus configuration to collect metrics from SNMP devices through the exporter.

global:
  scrape_interval: 15s
  evaluation_interval: 15s

scrape_configs:
  - job_name: 'prometheus'
    static_configs:
      - targets: ['localhost:9090']

  - job_name: 'snmp_exporter'
    static_configs:
      - targets: ['localhost:9116']

  - job_name: 'snmp_devices_if_mib'
    static_configs:
      - targets:
        - 203.0.113.10  # Network switch
        - 203.0.113.11  # Router
        - 203.0.113.12  # Server
    metrics_path: /snmp
    params:
      module: [if_mib]
      auth: [public_v2]
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: localhost:9116

  - job_name: 'snmp_devices_system_mib'
    static_configs:
      - targets:
        - 203.0.113.10
        - 203.0.113.11
        - 203.0.113.12
    metrics_path: /snmp
    params:
      module: [system_mib]
      auth: [secure_v3]
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: localhost:9116

Install Grafana

Install Grafana to create visual dashboards for your SNMP monitoring data.

wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee /etc/apt/sources.list.d/grafana.list
sudo apt update
sudo apt install -y grafana

sudo dnf install -y https://dl.grafana.com/oss/release/grafana-10.2.0-1.x86_64.rpm

Set correct permissions

Ensure all configuration files have the correct ownership and permissions for security and functionality.

Never use chmod 777. It gives every user on the system full access to your files. Instead, fix ownership with chown and use minimal permissions.

sudo chown -R prometheus:prometheus /etc/prometheus /var/lib/prometheus
sudo chown -R snmp_exporter:snmp_exporter /etc/snmp_exporter
sudo chmod 644 /etc/prometheus/prometheus.yml
sudo chmod 644 /etc/snmp_exporter/snmp.yml
sudo chmod 640 /etc/snmp/snmpd.conf
sudo chown root:snmp /etc/snmp/snmpd.conf

Start and enable all services

Enable and start all monitoring services to begin collecting SNMP data.

sudo systemctl daemon-reload
sudo systemctl enable --now snmpd
sudo systemctl enable --now snmp_exporter
sudo systemctl enable --now prometheus
sudo systemctl enable --now grafana-server

Configure firewall rules

Open the necessary ports for SNMP monitoring and web interfaces while maintaining security.

sudo ufw allow 161/udp comment 'SNMP'
sudo ufw allow 9090/tcp comment 'Prometheus'
sudo ufw allow 9116/tcp comment 'SNMP Exporter'
sudo ufw allow 3000/tcp comment 'Grafana'
sudo ufw reload

sudo firewall-cmd --permanent --add-port=161/udp
sudo firewall-cmd --permanent --add-port=9090/tcp
sudo firewall-cmd --permanent --add-port=9116/tcp
sudo firewall-cmd --permanent --add-port=3000/tcp
sudo firewall-cmd --reload

Configure Grafana data source

Add Prometheus as a data source in Grafana to enable dashboard creation. Access Grafana at http://your-server:3000 with admin/admin credentials.

Name: Prometheus-SNMP
Type: Prometheus
URL: http://localhost:9090
Access: Server (default)
Scrape interval: 15s

Create network monitoring dashboard

Import or create a comprehensive dashboard for network device monitoring. This configuration provides key network metrics visualization.

# Network Interface Traffic (bytes/sec)
rate(ifInOctets[5m]) * 8

Interface Status
ifOperStatus

Interface Errors Rate
rate(ifInErrors[5m])

System Uptime
sysUpTime / 100

Verify your setup

Test your SNMP monitoring configuration to ensure all components are working correctly.

sudo systemctl status snmpd
sudo systemctl status snmp_exporter
sudo systemctl status prometheus
sudo systemctl status grafana-server

# Test SNMP v2c query
snmpwalk -v2c -c monitoring_read localhost 1.3.6.1.2.1.1.1.0

Test SNMP v3 query
snmpwalk -v3 -u monitoruser -l authPriv -a SHA -A monitoring123! -x AES -X encryption456! localhost 1.3.6.1.2.1.1.1.0

# Check Prometheus targets
curl http://localhost:9090/api/v1/targets

Test SNMP exporter
curl 'http://localhost:9116/snmp?target=localhost&module=if_mib&auth=public_v2'

You can also explore the monitoring setup by linking to our related HAProxy and Consul monitoring tutorial for additional Prometheus and Grafana configuration examples.

Common issues

Symptom	Cause	Fix
SNMP queries timeout	Community string mismatch or firewall blocking	Check community string in config and verify port 161/udp is open
SNMPv3 authentication fails	Incorrect credentials or protocol mismatch	Verify username, passwords, and auth/priv protocols match exactly
Prometheus shows SNMP targets as down	SNMP exporter configuration or network connectivity	Test SNMP exporter endpoint directly and check target reachability
Grafana shows no data	Prometheus data source misconfiguration	Verify Prometheus URL in Grafana and check query syntax
Permission denied errors	Incorrect file ownership or service user permissions	Use chown to set correct ownership, never use chmod 777
High CPU usage on monitored devices	Too frequent SNMP polling	Increase scrape_interval in Prometheus configuration to 30s or 60s

Next steps

Integrate SNMP monitoring with InfluxDB and Telegraf for advanced time-series analysis
Set up network interface monitoring with SNMP for basic traffic analysis
Configure advanced SNMP alerting with Prometheus Alertmanager
Implement SNMP device auto-discovery for dynamic network monitoring
Configure custom SNMP MIBs for vendor-specific device monitoring

Automated install script

Run this to automate the entire setup

install.sh

#!/usr/bin/env bash

set -euo pipefail

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# Global variables
SNMP_COMMUNITY="${1:-monitoring_read}"
SNMP_V3_USER="${2:-monitoruser}"
SNMP_V3_AUTH="${3:-monitoring123!}"
SNMP_V3_PRIV="${4:-encryption456!}"
TOTAL_STEPS=10

# Usage function
usage() {
    echo "Usage: $0 [snmp_community] [snmpv3_user] [snmpv3_auth_pass] [snmpv3_priv_pass]"
    echo "Example: $0 public_read netmon secretauth secretpriv"
    exit 1
}

# Error handling
cleanup_on_error() {
    echo -e "${RED}[ERROR] Installation failed. Cleaning up...${NC}"
    systemctl stop snmpd 2>/dev/null || true
    systemctl stop prometheus 2>/dev/null || true
    systemctl stop snmp_exporter 2>/dev/null || true
    exit 1
}

trap cleanup_on_error ERR

# Check if running as root
if [[ $EUID -ne 0 ]]; then
    echo -e "${RED}This script must be run as root${NC}"
    exit 1
fi

# Detect distribution
if [ -f /etc/os-release ]; then
    . /etc/os-release
    case "$ID" in
        ubuntu|debian)
            PKG_MGR="apt"
            PKG_INSTALL="apt install -y"
            PKG_UPDATE="apt update && apt upgrade -y"
            SNMP_PACKAGES="snmp snmpd snmp-mibs-downloader"
            ;;
        almalinux|rocky|centos|rhel|ol)
            PKG_MGR="dnf"
            PKG_INSTALL="dnf install -y"
            PKG_UPDATE="dnf update -y"
            SNMP_PACKAGES="net-snmp net-snmp-utils net-snmp-libs"
            ;;
        fedora)
            PKG_MGR="dnf"
            PKG_INSTALL="dnf install -y"
            PKG_UPDATE="dnf update -y"
            SNMP_PACKAGES="net-snmp net-snmp-utils net-snmp-libs"
            ;;
        amzn)
            PKG_MGR="yum"
            PKG_INSTALL="yum install -y"
            PKG_UPDATE="yum update -y"
            SNMP_PACKAGES="net-snmp net-snmp-utils net-snmp-libs"
            ;;
        *)
            echo -e "${RED}Unsupported distribution: $ID${NC}"
            exit 1
            ;;
    esac
else
    echo -e "${RED}Cannot detect distribution${NC}"
    exit 1
fi

echo -e "${GREEN}Starting SNMP + Prometheus + Grafana monitoring setup${NC}"

# Step 1: Update system packages
echo -e "${YELLOW}[1/$TOTAL_STEPS] Updating system packages...${NC}"
$PKG_UPDATE

# Step 2: Install required system packages
echo -e "${YELLOW}[2/$TOTAL_STEPS] Installing system dependencies...${NC}"
if [[ "$PKG_MGR" == "apt" ]]; then
    $PKG_INSTALL wget curl tar systemd
else
    $PKG_INSTALL wget curl tar systemd firewalld
fi

# Step 3: Install SNMP packages
echo -e "${YELLOW}[3/$TOTAL_STEPS] Installing SNMP daemon and tools...${NC}"
$PKG_INSTALL $SNMP_PACKAGES

# Step 4: Configure SNMP daemon
echo -e "${YELLOW}[4/$TOTAL_STEPS] Configuring SNMP daemon...${NC}"
cat > /etc/snmp/snmpd.conf << EOF
# Basic SNMP configuration for network monitoring
rocommunity $SNMP_COMMUNITY default -V systemonly
rocommunity6 $SNMP_COMMUNITY default -V systemonly

# System information
sysLocation Network Operations Center
sysContact admin@example.com
sysServices 72

# Process monitoring
proc sshd
proc systemd

# Disk monitoring
disk / 10000
disk /var 5000

# Load monitoring
load 12 10 5

# Enable AgentX
master agentx
agentXSocket tcp:localhost:705

# Access control views
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
view systemonly included .1.3.6.1.2.1.2
view systemonly included .1.3.6.1.2.1.3
view systemonly included .1.3.6.1.2.1.4
view systemonly included .1.3.6.1.2.1.6
view systemonly included .1.3.6.1.2.1.10
EOF

chmod 644 /etc/snmp/snmpd.conf

# Step 5: Configure SNMPv3
echo -e "${YELLOW}[5/$TOTAL_STEPS] Configuring SNMPv3 security...${NC}"
systemctl stop snmpd 2>/dev/null || true
net-snmp-create-v3-user -ro -A "$SNMP_V3_AUTH" -X "$SNMP_V3_PRIV" -a SHA -x AES "$SNMP_V3_USER"

cat >> /etc/snmp/snmpd.conf << EOF

# SNMPv3 configuration
rouser $SNMP_V3_USER
group MyROGroup v3 $SNMP_V3_USER
view all included .1 80
access MyROGroup "" any auth exact all none none
EOF

# Step 6: Create system users
echo -e "${YELLOW}[6/$TOTAL_STEPS] Creating system users...${NC}"
useradd --no-create-home --shell /bin/false prometheus 2>/dev/null || true
useradd --no-create-home --shell /bin/false snmp_exporter 2>/dev/null || true

# Step 7: Install Prometheus
echo -e "${YELLOW}[7/$TOTAL_STEPS] Installing Prometheus...${NC}"
cd /tmp
wget -q https://github.com/prometheus/prometheus/releases/download/v2.48.0/prometheus-2.48.0.linux-amd64.tar.gz
tar -xzf prometheus-2.48.0.linux-amd64.tar.gz
mv prometheus-2.48.0.linux-amd64/prometheus /usr/local/bin/
mv prometheus-2.48.0.linux-amd64/promtool /usr/local/bin/
mkdir -p /etc/prometheus /var/lib/prometheus
chown prometheus:prometheus /var/lib/prometheus
chmod 755 /etc/prometheus /var/lib/prometheus

# Create Prometheus config
cat > /etc/prometheus/prometheus.yml << EOF
global:
  scrape_interval: 15s

scrape_configs:
  - job_name: 'snmp'
    static_configs:
      - targets:
        - 127.0.0.1  # SNMP target
    metrics_path: /snmp
    params:
      module: [if_mib]
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 127.0.0.1:9116
EOF

chown prometheus:prometheus /etc/prometheus/prometheus.yml
chmod 644 /etc/prometheus/prometheus.yml

# Step 8: Install SNMP Exporter
echo -e "${YELLOW}[8/$TOTAL_STEPS] Installing SNMP Exporter...${NC}"
cd /tmp
wget -q https://github.com/prometheus/snmp_exporter/releases/download/v0.24.1/snmp_exporter-0.24.1.linux-amd64.tar.gz
tar -xzf snmp_exporter-0.24.1.linux-amd64.tar.gz
mv snmp_exporter-0.24.1.linux-amd64/snmp_exporter /usr/local/bin/
mkdir -p /etc/snmp_exporter
chown snmp_exporter:snmp_exporter /etc/snmp_exporter
chmod 755 /etc/snmp_exporter

# Create SNMP Exporter config
cat > /etc/snmp_exporter/snmp.yml << EOF
auths:
  public_v2:
    community: $SNMP_COMMUNITY
    security_level: noAuthNoPriv
    version: 2
  
  secure_v3:
    username: $SNMP_V3_USER
    security_level: authPriv
    auth_protocol: SHA
    auth_password: $SNMP_V3_AUTH
    priv_protocol: AES
    priv_password: $SNMP_V3_PRIV
    version: 3

modules:
  if_mib:
    walk:
      - 1.3.6.1.2.1.2.2.1.10
      - 1.3.6.1.2.1.2.2.1.16
      - 1.3.6.1.2.1.2.2.1.8
    auth:
      community: $SNMP_COMMUNITY
EOF

chown snmp_exporter:snmp_exporter /etc/snmp_exporter/snmp.yml
chmod 644 /etc/snmp_exporter/snmp.yml

# Step 9: Create systemd services
echo -e "${YELLOW}[9/$TOTAL_STEPS] Creating systemd services...${NC}"

cat > /etc/systemd/system/prometheus.service << EOF
[Unit]
Description=Prometheus
After=network.target

[Service]
User=prometheus
Group=prometheus
Type=simple
ExecStart=/usr/local/bin/prometheus \\
    --config.file /etc/prometheus/prometheus.yml \\
    --storage.tsdb.path /var/lib/prometheus/ \\
    --web.console.templates=/etc/prometheus/consoles \\
    --web.console.libraries=/etc/prometheus/console_libraries \\
    --web.listen-address=0.0.0.0:9090

[Install]
WantedBy=multi-user.target
EOF

cat > /etc/systemd/system/snmp_exporter.service << EOF
[Unit]
Description=SNMP Exporter
After=network.target

[Service]
User=snmp_exporter
Group=snmp_exporter
Type=simple
ExecStart=/usr/local/bin/snmp_exporter --config.file=/etc/snmp_exporter/snmp.yml

[Install]
WantedBy=multi-user.target
EOF

chmod 644 /etc/systemd/system/prometheus.service /etc/systemd/system/snmp_exporter.service

# Step 10: Start and enable services
echo -e "${YELLOW}[10/$TOTAL_STEPS] Starting and enabling services...${NC}"
systemctl daemon-reload
systemctl enable --now snmpd
systemctl enable --now prometheus
systemctl enable --now snmp_exporter

# Configure firewall if needed
if command -v firewall-cmd &> /dev/null; then
    firewall-cmd --permanent --add-port=9090/tcp --add-port=9116/tcp --add-port=161/udp
    firewall-cmd --reload
elif command -v ufw &> /dev/null; then
    ufw allow 9090/tcp
    ufw allow 9116/tcp
    ufw allow 161/udp
fi

# Verification
echo -e "${GREEN}Verifying installation...${NC}"
sleep 5

if systemctl is-active --quiet snmpd; then
    echo -e "${GREEN}✓ SNMP daemon is running${NC}"
else
    echo -e "${RED}✗ SNMP daemon failed to start${NC}"
fi

if systemctl is-active --quiet prometheus; then
    echo -e "${GREEN}✓ Prometheus is running${NC}"
else
    echo -e "${RED}✗ Prometheus failed to start${NC}"
fi

if systemctl is-active --quiet snmp_exporter; then
    echo -e "${GREEN}✓ SNMP Exporter is running${NC}"
else
    echo -e "${RED}✗ SNMP Exporter failed to start${NC}"
fi

echo -e "${GREEN}Installation completed successfully!${NC}"
echo -e "${YELLOW}Access Prometheus at: http://localhost:9090${NC}"
echo -e "${YELLOW}SNMP Exporter metrics at: http://localhost:9116${NC}"
echo -e "${YELLOW}Test SNMP: snmpwalk -v2c -c $SNMP_COMMUNITY localhost 1.3.6.1.2.1.1.5${NC}"

Review the script before running. Execute with: bash install.sh

#snmp #prometheus #grafana #network monitoring #infrastructure

Configure network monitoring with SNMP and Grafana dashboards for infrastructure visibility

Prerequisites

What this solves

Step-by-step installation

Update system packages

Install Net-SNMP daemon and tools

Configure Net-SNMP daemon

Community string configuration

System information

Process monitoring

Disk monitoring

Load monitoring

Network interface monitoring

Enable AgentX for extending functionality

Access control

Configure SNMP v3 security

v3 access control

Install Prometheus

Install SNMP Exporter

Configure SNMP Exporter

Create systemd service files

Configure Prometheus to scrape SNMP targets

Install Grafana

Set correct permissions

Start and enable all services

Configure firewall rules

Configure Grafana data source

Create network monitoring dashboard

Interface Status

Interface Errors Rate

System Uptime

Verify your setup

Test SNMP v3 query

Test SNMP exporter

Common issues

Next steps

Related tutorials

Configure Nagios SNMP monitoring for network devices with automated discovery and templates

Integrate Elasticsearch 8 with Prometheus monitoring and Grafana dashboards

Configure Netdata alerts with Slack and Microsoft Teams for real-time monitoring notifications

Don't want to manage this yourself?