If you’re running LibreNMS on a server somewhere and you’ve got a Raspberry Pi sitting on the same network, it’s worth pulling that Pi into your monitoring. It draws almost no power, it’s always on, and once it’s reporting data you’ll have graphs for CPU, memory, disk, network traffic, and temperature with very little effort.
The only real work is getting the SNMP daemon installed and configured on the Pi. After that, LibreNMS does the rest. This guide covers the whole process: installing the agent, configuring it (both the simple way and the secure way), opening the firewall, testing the link, and adding the device to LibreNMS.
A Quick Word on SNMP
SNMP (Simple Network Management Protocol) is how a monitoring server asks a device how it’s doing. The device runs an agent called snmpd. The server sends it a request, and the agent replies with a value from a big tree of data points called the MIB. Each value has a numeric address called an OID, like 1.3.6.1.2.1.1.3.0 for system uptime. You’ll never need to touch OIDs directly because LibreNMS knows them all. Your job is just to get the agent answering.
You’ll run into three versions:
- SNMPv1 is the original and basically dead.
- SNMPv2c is what most home labs use. It protects access with a plain-text “community string,” which works fine on a network you trust.
- SNMPv3 adds real authentication and encryption. Use it if anyone else can see your network traffic.
I’ll show both v2c and v3 below so you can pick.
Before You Start
You’ll want:
- A Raspberry Pi on Raspberry Pi OS or any Debian or Ubuntu based system. Anything from a Pi Zero to a Pi 5 works the same way.
- SSH or terminal access with a
sudo-capable account. - A working LibreNMS server that can reach the Pi over the network.
- The IP address of that LibreNMS server, since we’ll lock SNMP down to it.
I’ll use these stand-in values in the examples. Swap in your own as you go:
- Raspberry Pi IP:
192.168.1.50 - LibreNMS server IP:
192.168.1.10 - Community string:
MySecretString(please don’t use the defaultpublic)
Step 1: Update the Pi
Start clean. SSH in and run:
sudo apt update && sudo apt upgrade -y
If that pulled in a new kernel or other core updates, reboot before carrying on:
sudo reboot
Step 2: Install the SNMP Packages
Install the daemon and the client tools together. The client tools let you test things locally later, which saves a lot of guessing.
sudo apt install snmpd snmp -y
snmpd is the agent that runs on the Pi and answers queries. snmp gives you snmpwalk, snmpget, and friends for testing.
There’s one more package that helps with MIB resolution. It’s optional but cheap to add:
sudo apt install snmp-mibs-downloader -y
Step 3: Back Up the Default Config
Copy the stock config before you change anything. If you break something, you can put it back in one command.
sudo cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
Step 4: Configure SNMP
This is where most people get stuck, usually on one specific line, so read closely. Open the config:
sudo nano /etc/snmp/snmpd.conf
The default file is full of comments and is set up to only listen on localhost with a stripped-down view of the data. We’re going to change that. Below are two ways to do it. Pick one.
Option A: SNMPv2c (Simple, Fine for a Trusted Home Network)
The quickest path. Two things matter here: making the agent listen on the network instead of just itself, and handing read-only access to your LibreNMS server.
Find the line that sets which address the agent listens on. By default it’s:
agentaddress udp:127.0.0.1:161
That 127.0.0.1 is the part that trips everyone up. It means the agent only talks to the Pi itself and ignores the rest of the network. Change it to listen everywhere:
agentaddress udp:161,udp6:[::1]:161
If you’d rather bind to one interface only, put the Pi’s own IP in there, for example agentaddress udp:192.168.1.50:161.
Now find the default community lines. On recent versions they look like this, locked to a systemonly view:
rocommunity public default -V systemonly
rocommunity6 public default -V systemonly
Comment both out by putting a # in front, then add your own read-only community that only answers your LibreNMS server:
rocommunity MySecretString 192.168.1.10
Read that line as: allow read-only access with the string MySecretString, but only when the request comes from 192.168.1.10. Tying it to a single source IP is one of the better things you can do for security here.
While you’re in the file, set a location and contact so the device is easy to recognize later:
sysLocation Living Room Rack
sysContact [email protected]
Option B: SNMPv3 (Secure, Better for Anything You Don’t Fully Trust)
SNMPv3 drops the plain-text community string in favor of a username, an authentication password, and an encryption password. Nothing crosses the network in the clear.
Stop the daemon first so you can create the user:
sudo systemctl stop snmpd
Open the config and add a user. Use long, unique passwords of your own, not the ones below:
createUser librenms SHA "YourAuthPassword123" AES "YourPrivPassword456"
rouser librenms priv
SHA handles authentication and AES handles encryption. The rouser librenms priv line gives that user read-only access and requires both authentication and encryption on every request.
Set your location and contact too, same as Option A:
sysLocation Living Room Rack
sysContact [email protected]
Here’s the part that surprises people: when you start snmpd again, it reads that createUser line, hashes the credentials into its own private store, and then deletes the plain-text line from your config on its own. So write those passwords down somewhere safe now, because you’ll need them when you add the device to LibreNMS and you won’t be able to read them back out of the file.
Worth Doing Either Way: Better OS Detection
By default LibreNMS will probably label your Pi as a generic device. There’s a tiny helper script from the LibreNMS project that fixes this and gets it showing the real OS version. It works with both v2c and v3.
Download it and mark it executable:
sudo wget -O /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
sudo chmod +x /usr/bin/distro
Then add one line to /etc/snmp/snmpd.conf:
extend distro /usr/bin/distro
Skip this and the setup still works, but your device info in LibreNMS will look bare. It’s a thirty-second job, so I’d do it.
Step 5: Restart and Enable the Service
Save and close the file (in nano that’s Ctrl+O, Enter, then Ctrl+X). Restart the daemon and set it to start on boot:
sudo systemctl restart snmpd
sudo systemctl enable snmpd
Check that it came up cleanly:
sudo systemctl status snmpd
Look for active (running). Press q to get out of that view.
Step 6: Confirm the Agent Is Actually Listening
This catches the most common mistake. Check what address the agent is bound to:
sudo ss -tulpn | grep 161
You want to see 0.0.0.0:161 or the Pi’s own IP. If all you see is 127.0.0.1:161, the agent is still talking to itself only. Go back to the agentaddress line in Step 4, fix it, and restart.
Step 7: Test It Locally on the Pi
Before bringing the network into it, make sure the agent answers a query from the Pi itself.
For SNMPv2c:
snmpwalk -v2c -c MySecretString localhost
For SNMPv3:
snmpwalk -v3 -l authPriv -u librenms -a SHA -A "YourAuthPassword123" -x AES -X "YourPrivPassword456" localhost
A working agent will spit out screen after screen of system data: uptime, descriptions, interface stats, the lot. If you see that, the agent is healthy. If it times out, recheck the community string or the v3 credentials, since they’re case-sensitive.
Step 8: Open the Firewall
If the Pi runs a firewall like ufw, you need to let SNMP through. SNMP uses UDP port 161. Allow it only from your LibreNMS server:
sudo ufw allow from 192.168.1.10 to any port 161 proto udp
Scoping the rule to one IP keeps the port shut to everything else. No host firewall on the Pi? Then skip this, but make sure nothing between the two machines (your router, for instance) is blocking UDP 161.
Step 9: Test From the LibreNMS Server
Now hop over to the LibreNMS server, or any other machine on the network, and query the Pi remotely. If the tools aren’t there, install them with sudo apt install snmp -y.
For SNMPv2c:
snmpwalk -v2c -c MySecretString 192.168.1.50
For SNMPv3:
snmpwalk -v3 -l authPriv -u librenms -a SHA -A "YourAuthPassword123" -x AES -X "YourPrivPassword456" 192.168.1.50
Same flood of data you saw locally? Then SNMP is reachable across the network and you’re ready to add the device. If it worked on the Pi but times out from here, the cause is nearly always the firewall or an agentaddress still stuck on localhost.
Step 10: Add the Pi to LibreNMS
With SNMP answering remotely, this part is quick. Use the web interface or the command line, whichever you prefer.
From the Web Interface
- Log in to LibreNMS.
- Go to Devices, then Add Device.
- Enter the Pi’s IP:
192.168.1.50. - Pick the SNMP version. For v2c, choose
v2cand type your community string. For v3, choosev3, set the level toauthPriv, and fill in the username, the auth password withSHA, and the privacy password withAES. - Click Add Device.
LibreNMS polls the Pi right away and starts drawing graphs within a few minutes.
From the Command Line
Run these from your LibreNMS directory, usually /opt/librenms.
For SNMPv2c:
sudo -u librenms lnms device:add 192.168.1.50 --v2c -c MySecretString
For SNMPv3:
sudo -u librenms lnms device:add 192.168.1.50 --v3 \
--auth-level authPriv \
--auth-name librenms \
--auth-pass "YourAuthPassword123" --auth-algo SHA \
--priv-pass "YourPrivPassword456" --priv-algo AES
If you don’t want to wait for the next cron run, kick off discovery and a poll by hand:
sudo -u librenms ./discovery.php -h 192.168.1.50
sudo -u librenms ./poller.php -h 192.168.1.50
When Things Don’t Work
A few problems come up again and again. Here’s how to deal with them.
Local test passes, remote test times out. This is a network issue, not an SNMP one. Confirm the agent isn’t bound to localhost (sudo ss -tulpn | grep 161), then check ufw on the Pi and any firewall on your router.
“Timeout: No Response” even with the right settings. Your community string or v3 credentials probably don’t match exactly. They’re case-sensitive. On v2c, also confirm the source IP on the rocommunity line matches the machine you’re testing from.
The service won’t start after an edit. That’s almost always a typo in the config. Run sudo snmpd -f -Le to start it in the foreground and read the actual error, or restore your backup with sudo cp /etc/snmp/snmpd.conf.bak /etc/snmp/snmpd.conf and try again.
LibreNMS shows it as a generic device. That’s what the distro script in Step 4 is for. Add it, restart snmpd, and run discovery again.
Edits don’t seem to take. Restart the daemon after every change: sudo systemctl restart snmpd.
A Few Notes on Security
SNMP can give away a fair amount about a device, so don’t get sloppy:
- Don’t run with
publicas your community string. It’s the first thing anyone tries. - Lock access to your LibreNMS server’s IP, either on the
rocommunityline or in the firewall, or both. - Use SNMPv3 on any network where someone else might be watching the wire. v2c sends its community string in plain text.
- Keep it read-only. This guide uses
rocommunityandrouserthroughout. There’s no reason to allow writes for monitoring. - Keep the Pi updated.
Wrapping Up
Your Raspberry Pi is now feeding health and performance data into LibreNMS, and it’ll alert you if something goes sideways. The same steps work on just about any Linux box, so once you’ve done it once, rolling it out to the rest of your network is mostly copy and paste.
If you hit a snag somewhere in here, drop a comment with where it broke and what you’re seeing. Most SNMP problems come down to one of three things: the listen address, the firewall, or a mistyped string.