Skip to content

donnygithub/snmp_exporter

 
 

Repository files navigation

Prometheus SNMP Exporter

This is an exporter that exposes information gathered from SNMP for use by the Prometheus monitoring system.

Installation

go get -d
go build

Usage

./snmp_exporter

Visit http://localhost:9116/snmp?target=1.2.3.4 where 1.2.3.4 is the IP of the SNMP device to get metrics from. You can also specify a module parameter, to choose which module to use from the config file.

Authentication

###SNMPv2

The default configuration is to use SNMPv2 with the community public. This can be changed in the yaml config. NOTE: Version 2 implies SNMP version 2c.

####Authentication parameters

Name Description
community Community string defined on the device

Example:

default:
  version: 2
  auth:
    community: SomeCommunityString
  walk:
    - ...
  metrics:
    - ...

###SNMPv1

For SNMPv1, the authentication also requires a community string which will default to 'public'.

####Authentication parameters

Name Description
community Community string defined on the device

Example:

default:
  version: 1
  auth:
    community: SomeCommunityString
  walk:
    - ...
  metrics:
    - ...

##SNMPv3

For SNMPv3, the authentication requires different parameters. The auth_protocol defaults to MD5 and the priv_protocol defaults to DES. The security_level defaults to noAuthNoPriv.

####Authentication parameters

Name Description required
username A string representing the name of the user yes
password If messages sent on behalf of this user can be authenticated, the (private) authentication key for use with the authentication protocol. Defined as authKey in RFC3414 if security_level = authNoPriv or authPriv
auth_protocol An indication of whether messages sent on behalf of this user can be authenticated, and if so, the type of authentication protocol which is used. 2 protocols are defined in RFC3414: MD5 (HMAC-MD5-96) and SHA (HMAC-SHA-96) if security_level = authNoPriv or authPriv
priv_protocol An indication of whether messages sent on behalf of this user can be protected from disclosure, and if so, the type of privacy protocol which is used. Only one protocol is defined in RFC3414: DES (CBC-DES Symmetric Encryption Protocol) if security_level = authPriv
security_level The Level of Security from which the User-based Security module determines if the message needs to be protected from disclosure and if the message needs to be authenticated. yes (see security settings under table)
priv_password If messages sent on behalf of this user can be en/decrypted, the (private) privacy key for use with the privacy protocol. Defined as privKey in RFC3414 if security_level = authPriv

Security_level has 3 settings:

  • noAuthNoPriv: no authentication or privacy
  • authNoPriv: user authentication, without privacy
  • authPriv: user authentication and privacy

Example:

default:
  version: 3
  auth:
    username: SomeUser
    password: TotallySecret
    auth_protocol: SHA
    priv_protocol: AES
    security_level: SomethingReadOnly
    priv_password: SomeOtherSecret
  walk:
    - ...
  metrics:
    - ...

Prometheus Configuration

The snmp exporter needs to be passed the address as a parameter, this can be done with relabelling.

Example config:

scrape_configs:
  - job_name: 'snmp'
    target_groups:
      - targets:
        - 192.168.1.2  # SNMP device.
    metrics_path: /snmp
    params:
      module: [default]
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: 127.0.0.1:9116  # SNMP exporter.

This setup allows Prometheus to provide scheduling and service discovery, as unlike all other exporters running an exporter on the machine from which we are getting the metrics from is not possible.

Design

There are two components. An exporter that does the actual scraping, and a generator that creates the configuration for use by the exporter. Only the exporter is written so far.

This is to allow for customisation of what's done during the scrape as many special cases are expected. The varying levels of SNMP MIB-parsing support across different languages also means that a single language may not be practical.

About

SNMP Exporter for Prometheus

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 90.8%
  • Makefile 6.6%
  • Dockerfile 2.6%