Install a Second External SNMP Daemon
Description
I will install an SNMPD on a different external server.
I do not need the SNMP tools (snnmpget, snmpwalk, etc) in this case, so I am only installing the bare minimum which is the SNMP Daemon.
SSH onto the other/external server.
#ubuntu
sudo apt install snmpd
#centos 7
sudo yum install net-snmp
Next,
SSH back onto your Prometheus server.
Open the prometheus.yml
sudo nano /etc/prometheus/prometheus.yml
Add add the extra target to the static_configs --> targets.
---
- job_name: snmp
---
static_configs:
- targets:
- 127.0.0.1
- IP_Address_pointing_to_other_SNMPD_service
Save and check changes to the config are syntactically correct
promtool check config /etc/prometheus/prometheus.yml
and if OK, then restart the Prometheus service.
sudo service prometheus restart
sudo service prometheus status
Since the SNMPD that I just setup is on a server accessible from the internet, I should also restrict access to the port 161.
I will use iptables to restrict access and allow only my prometheus server to query it.
iptables -A INPUT -p udp -s [domain name or ip] --dport 161 -j ACCEPT
iptables -A INPUT -p udp -s localhost --dport 161 -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j DROP
iptables -L
I then restart the SNMPD service
sudo service snmpd restart
Warning
iptables settings will be lost in case of system reboot. You will need to reapply them manually,
or
install iptables-persistent
sudo apt install iptables-persistent
This will save your settings into two files called,
/etc/iptables/rules.v4
/etc/iptables/rules.v6
Any changes you make to the iptables configuration won't be auto saved to these persistent files, so if you want to update these files with any changes, then use the commands,
iptables-save > /etc/iptables/rules.v4
iptables-save > /etc/iptables/rules.v6