Configuring monitoring of MikroTik RouterOS v7 devices (SNMP v3 protocol) using Zabbix server (v6.2). SNMP diagnostics with the snmpwalk utility.
SNMPv3 provides important security features:Wikipedia.org: SNMP
Authentication – determining the origin of the message.
Confidentiality – Encryption of packets to protect against interception.
Integrity – preventing changes to messages in transit, including an additional mechanism to protect against retransmission of a captured packet.
For the initial setup, I recommend setting the settings indicated in the article (values and passwords, except for IP addresses), after you make sure that everything works correctly, change the necessary parameters to your own.
Article in other languages:
- 🇪🇸 Monitoreo de MikroTik SNMP v3 con Zabbix
- 🇷🇺 Мониторинг MikroTik SNMP v3 с Zabbix
- 🇫🇷 Surveillance de MikroTik SNMP v3 avec Zabbix
- 🇩🇪 Überwachung von MikroTik SNMP v3 mit Zabbix
- 🇳🇱 MikroTik SNMP v3 bewaken met Zabbix
- 🇵🇹 Monitorando MikroTik SNMP v3 com Zabbix
- 🇲🇾 Memantau MikroTik SNMP v3 dengan Zabbix
Configuring MikroTik SNMP v3
Open the Community settings and make the following settings:
[IP] – [SNMP] – [SNMP Settings] – [Communities] – [+]
|Name||Community name (username), example: snmp-v3|
|Addresses||Zabbix server IP address, example: 10.41.11.10|
|Authentication password||Example: Tn_FMD5_Bw|
|Encryption password||Example: k7TW_Th8V_ay|
- I could not configure MikroTik AES (encryption protocol) to work with Zabbix (there is no AES item in Zabbix, and in MikroTik there is no way to specify the strength of AES encryption. Maybe this will be fixed later).
- For Authentication password and Encryption password I use only letters, numbers and “_” character, when I used special characters I got Zabbix server unable to connect to MikroTik device.
SNMP v3 configuration
Open the SNMP settings and make the following settings:
[IP] – [SNMP] – [SNMP Settings]
|Contact||Contacts (optional), example: email@example.com|
|Location||Device location (optional), example: Main Office|
|Engine ID||I use the MAC address of the device, example: DC2C6E2D4656|
|Trap Target||Zabbix server IP address, example: 10.41.11.10|
|Trap Community||Community name, example: snmp-v3|
|Trap Version||SNMP version, example: 3|
✏️ Note: Engine ID – if you do not specify the field value, there may be a problem that Zabbix cannot connect to the device if there are many MikroTik devices (can be fixed later).
Configuring Zabbix SNMP v3
Create a new host in Zabbix:
[Monitoring] – [Hosts] – [Create host]
|Host name||Example: MHRT01|
|Visible name||Example: MHELP.PRO MAIN ROUTER 01|
|Templates||Select a template, example: MikroTik RB5009UG+S+IN SNMP|
|Host groups||Discovered hosts|
|Interfaces||Add SNMP service, click Add|
|SNMP||Zabbix server IP address, example: 10.41.40.1|
|SNMP version||Select SNMPv3|
|Context name||Engine ID of the device, example: DC2C6E2D4656|
|Security name||Community name, example: snmp-v3|
|Authentication protocol||Corresponds to the selection on the MikroTik device, example: SHA1|
|Authentication passphrase||Example: Tn_FMD5_Bw|
|Privacy protocol||Corresponds to the selection on the MikroTik device, example: DES|
|Privacy passphrase||Example: k7TW_Th8V_ay|
- Zabbix 6 has templates for popular MikroTik devices, find your device model in the list;
- In MikroTik, there is no way to specify the AES key length, so we use DES encryption in the Privacy protocol;
- Context name is equal to Engine ID, if you do not specify this parameter, there was a problem connecting devices (Zabbix did not connect to devices) when there were several devices.
If everything is correct, after about 1 minute the status in the Availability column will change to green SNMP.
If the Zabbix server was unable to access your device, click on the device name in the list and run the ping command.
If the server can see (ping) your device, try using the snmpwalk utility to check if the SNMPv3 is configured correctly.
To diagnose device settings, install the snmpwalk utility:
yum install net-snmp-utils
Query the MikroTik device using the following command, where 10.41.11.10 is the IP address of the MikroTik device.
snmpwalk -v 3 -u snmp-v3 -l authPriv -A Tn_FMD5_Bw -a SHA -X k7TW_Th8V_ay -x DES 10.41.11.200 | head -n 5
The following answer speaks about the correctness of the settings of the end device and the search for a problem in the host settings on the Zabbix server:
SNMPv2-MIB::sysDescr.0 = STRING: RouterOS RB5009UG+S+ SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.14988.1 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (276641500) 32 days, 0:26:55.00 SNMPv2-MIB::sysContact.0 = STRING: firstname.lastname@example.org SNMPv2-MIB::sysName.0 = STRING: MHRT01
Otherwise, you will receive a response that the device is not available. This says that the end device is configured incorrectly:
Timeout: No Response from 10.41.40.1
🟢 This article discussed how to configure the Zabbix server and MikroTik device to work using the SNMP version 3 protocol. I hope you were able to configure monitoring of network devices. However, if you encounter any problems, feel free to write in the comments. I will try to help.