Tag Archives: ESX

Configure ESX4 for SNMP traps

I’ve struggled for a while getting SNMP traps from our ESX hosts and stuffing them into Opsview which is our monitoring platform of choice. I’ll try to outline what I did to get it working in this post. Hopefully it’ll be useful for someone besides myself when I need a reinstall 😉

The following steps worked for me on ESX 4.1. Depending on versions you may have different results than me. For simplicity, I will use 10.0.0.1 as IP for my ESX host, and 10.0.0.99 for my SNMP trap handler.

1. Download and install the vSphere CLI from http://goo.gl/X8NsX. Keep in mind that you need an account to access it. Check BugMeNot if you’re not in the mood for registering. The vSphere CLI will give you a host of useful tools to control your ESX environment with without having to resport to SSH or console access.

2. Check if you already have an active SNMP agent on your host with the following command:

vicfg-snmp --show --server 10.0.0.1

3. If no traps are configured (why would you even be reading this if they were?). Add your SNMP target like this (By default, vicfg-snmp.pl is located in the C:\Program Files\VMware\VMware vSphere CLI\bin directory):

vicfg-snmp.pl --server 10.0.0.1 --username root --password qwerty1234 -t 10.0.0.99@162/communitystring

4. Enable the SNMP service:

vicfg-snmp.pl --server 10.0.0.1 --username root --password qwerty1234 --enable

5. Check that you have a working configuration by using the –show command like this:

vicfg-snmp.pl --server 10.0.0.1 --username root --password qwerty1234 --show

Your output should look something like this:

Current SNMP agent settings:
Enabled : 1
UDP port : 162

Communities :
communitystring

Notification targets :
10.0.0.99@162/communitystring

6. If you’d like, you can send a test trap to your target to make sure you’re on the right path. If you’re just testing, you can send them to your own client PC. I use the freeware application SNMP Trap Watcher (http://goo.gl/vztvt) for this. Sending the following command through the vSphere CLI will generate a Warm Start trap:

vicfg-snmp.pl --server 10.0.0.1 --username root --password qwerty1234 --test

You should receive a report in your trap watcher:

If you’re not getting anything, chances are the ESX firewall isn’t allowing SNMP traffic. I had to allow this using the vSphere Client (connect to the ESX server, not a vCenter host). Click the tab “Configuration”, and select “Security Profile” in the menu on your left. Click “Properties” and enable SNMP:

The outgoing port will be the one you configured when you added a trap handler in step 4.

That’s it. You have an ESX host sending SNMP traps properly. Now all you need to do is get your monitoring software to understand what it’s saying. I’ll cover that in my next post, using Opsview Community Edition as a trap handler).