goals:

  • crawl logs from mk router
  • push it into grafana

server side

# get snmp_exporter binary from https://github.com/prometheus/snmp_exporter
> curl -OL \
  https://github.com/prometheus/snmp_exporter/releases/download/v0.20.0/snmp_exporter-0.20.0.linux-amd64.tar.gz \
  && tar xvfz snmp_exporter-0.20.0.linux-amd64.tar.gz

# copy config and binary in place
> cp snmp_exporter*/snmp /usr/local/bin/snmp_exporter
> cp snmp_exporter*/snmp.yml /etc/prometheus/snmp.yml

# generate certificates
> openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
  -keyout /etc/prometheus/snmp-exporter.key \
  -out /etc/prometheus/snmp-exporter.crt \
  -subj "/C=DE/ST=SA/L=Magdeburg/O=x33u.org/CN=maybe_a_hostname"

# setup web.config file
> edit /etc/prometheus/snmp_web.yml
tls_server_config:
  cert_file: /etc/prometheus/snmp-exporter.crt
  key_file: /etc/prometheus/snmp-exporter.key

basic_auth_users:
  snmp_exporter: $2b$12$xxxxxx..xxxxxx

# change file permissions
> chown prometheus:prometheus /etc/prometheus/snmp*

# create unit file/etc/systemd/system/snmp_exporter.service
[Unit]
Description=snmp_exporter service
After=network.target

[Service]
Type=simple
User=prometheus
ExecStart=/usr/local/bin/snmp_exporter --config.file /etc/prometheus/snmp.yml --web.config.file /etc/prometheus/web.yml

[Install]
WantedBy=multi-user.target


# append module to prometheus config
...
  - job_name: mikrotik
    scheme: https
    tls_config:
      ca_file: /etc/prometheus/snmp-exporter.crt
      insecure_skip_verify: true
    basic_auth:
      username: snmp_exporter
      password: <password> # cleartext instead of a hash from what i know
    static_configs:
      - targets:
        - 192.168.1.1  # client-1
        - 192.168.2.1  # client-2
        - 192.168.3.1  # client-3
    metrics_path: /snmp
    params:
      module: [mikrotik]
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 127.0.0.1:9116 # snmp_exporter address

# start and enable unit file
> systemctl enable --now snmp_exporter.service

# test connection using curl
> curl -u snmp_exporter -k 'https://127.0.0.1:9116/snmp?target=192.168.1.1'

client side

# enable snmp service
> /snmp set enabled=yes

ensure that you use this unsecure config only for testing
both client and server supports a secure configuration