Special Offer

Zabbix Monitoring Course Discount $11.99
https://www.udemy.com/course/zabbix-monitoring/?couponCode=607976806882D016D221
Offer expires in hours. Be quick and share with your friends and colleagues.

Special Offer

Grafana Course Discount $13.99
https://www.udemy.com/course/grafana-tutorial/?couponCode=D04B41D2EF297CC83032
Offer expires in hours. Be quick and share with your friends and colleagues.

Special Offer

Prometheus Course Discount $9.99
https://www.udemy.com/course/prometheus/?couponCode=EB3123B9535131F1237F
Offer expires in hours. Be quick and share with your friends and colleagues.

Special Offer

Threejs Course Discount $9.99
https://www.udemy.com/course/threejs-tutorials/?couponCode=416F66CD4614B1E0FD02
Offer expires in hours. Be quick and share with your friends and colleagues.

Install a Second External SNMP Daemon

Video Lecture

Description

I will install an SNMPD on a different external server.

I do not need the SNMP tools (snnmpget, snmpwalk, etc) in this case, so I am only installing the bare minimum which is the SNMP Daemon.

SSH onto the other/external server.

#ubuntu
sudo apt install snmpd

#centos 7
sudo yum install net-snmp

Next,

SSH back onto your Prometheus server.

Open the prometheus.yml

sudo nano /etc/prometheus/prometheus.yml

Add add the extra target to the static_configs --> targets.

...
  - job_name: snmp
...
    static_configs:
      - targets:
        - 127.0.0.1
        - IP_Address_pointing_to_other_SNMPD_service
...

Save and check changes to the config are syntactically correct

promtool check config /etc/prometheus/prometheus.yml

and if OK, then restart the Prometheus service.

sudo service prometheus restart
sudo service prometheus status

Since the SNMPD that I just setup is on a server accessible from the internet, I should also restrict access to the port 161.

I will use iptables to restrict access and allow only my prometheus server to query it.

iptables -A INPUT -p udp -s [domain name or ip] --dport 161 -j ACCEPT
iptables -A INPUT -p udp -s localhost --dport 161 -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j DROP
iptables -L

I then restart the SNMPD service

sudo service snmpd restart

Warning

iptables settings will be lost in case of system reboot. You will need to reapply them manually,

or

install iptables-persistent

sudo apt install iptables-persistent

This will save your settings into two files called,

/etc/iptables/rules.v4

/etc/iptables/rules.v6

Any changes you make to the iptables configuration won't be auto saved to these persistent files, so if you want to update these files with any changes, then use the commands,

iptables-save > /etc/iptables/rules.v4

iptables-save > /etc/iptables/rules.v6