Install a Second External SNMP Daemon

Video Lecture

Install a Second External SNMP Daemon Install a Second External SNMP Daemon Install a Second External SNMP Daemon

Description

I will install an SNMPD on a different external server.

I do not need the SNMP tools (snnmpget, snmpwalk, etc) in this case, so I am only installing the bare minimum which is the SNMP Daemon.

SSH onto the other/external server.

#ubuntu
sudo apt install snmpd

#centos 7
sudo yum install net-snmp

Next,

SSH back onto your Prometheus server.

Open the prometheus.yml

sudo nano /etc/prometheus/prometheus.yml

Add add the extra target to the static_configs --> targets.

...
  - job_name: snmp
...
    static_configs:
      - targets:
        - 127.0.0.1
        - IP_Address_pointing_to_other_SNMPD_service
...

Save and check changes to the config are syntactically correct

promtool check config /etc/prometheus/prometheus.yml

and if OK, then restart the Prometheus service.

sudo service prometheus restart
sudo service prometheus status

Since the SNMPD that I just setup is on a server accessible from the internet, I should also restrict access to the port 161.

I will use iptables to restrict access and allow only my prometheus server to query it.

iptables -A INPUT -p udp -s [domain name or ip] --dport 161 -j ACCEPT
iptables -A INPUT -p udp -s localhost --dport 161 -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j DROP
iptables -L

I then restart the SNMPD service

sudo service snmpd restart

Warning

iptables settings will be lost in case of system reboot. You will need to reapply them manually,

or

install iptables-persistent

sudo apt install iptables-persistent

This will save your settings into two files called,

/etc/iptables/rules.v4

/etc/iptables/rules.v6

Any changes you make to the iptables configuration won't be auto saved to these persistent files, so if you want to update these files with any changes, then use the commands,

iptables-save > /etc/iptables/rules.v4

iptables-save > /etc/iptables/rules.v6