Monitoring MikroTik SNMP v3 with Zabbix

Configuring monitoring of MikroTik RouterOS v7 devices (SNMP v3 protocol) using Zabbix server (v6.2). SNMP diagnostics with the snmpwalk utility.

SNMPv3 provides important security features:
Authentication – determining the origin of the message.
Confidentiality – Encryption of packets to protect against interception.
Integrity – preventing changes to messages in transit, including an additional mechanism to protect against retransmission of a captured packet.

Wikipedia.org: SNMP

For the initial setup, I recommend setting the settings indicated in the article (values and passwords, except for IP addresses), after you make sure that everything works correctly, change the necessary parameters to your own.

Article in other languages:

Configuring MikroTik SNMP v3

Community setting

Open the Community settings and make the following settings:

[IP] – [SNMP] – [SNMP Settings] – [Communities] – [+]

NameCommunity name (username), example: snmp-v3
AddressesZabbix server IP address, example: 10.41.11.10
Securityprivate
AccessRead Access
Authentication protocolSHA1
Encryption protocolDES
Authentication passwordExample: Tn_FMD5_Bw
Encryption passwordExample: k7TW_Th8V_ay

✏️ Notes:

  • I could not configure MikroTik AES (encryption protocol) to work with Zabbix (there is no AES item in Zabbix, and in MikroTik there is no way to specify the strength of AES encryption. Maybe this will be fixed later).
  • For Authentication password and Encryption password I use only letters, numbers and “_” character, when I used special characters I got Zabbix server unable to connect to MikroTik device.

SNMP v3 configuration

Open the SNMP settings and make the following settings:

[IP] – [SNMP] – [SNMP Settings]

Use SNMPEnabled
ContactContacts (optional), example: mikrotik@mhelp.pro
LocationDevice location (optional), example: Main Office
Engine IDI use the MAC address of the device, example: DC2C6E2D4656
Trap TargetZabbix server IP address, example: 10.41.11.10
Trap CommunityCommunity name, example: snmp-v3
Trap VersionSNMP version, example: 3
Trap Generatorsinterfaces
Configuring MikroTik SNMP v3 - MHelp.pro
Configuring SNMP-v3 in RouterOS v7

✏️ Note: Engine ID – if you do not specify the field value, there may be a problem that Zabbix cannot connect to the device if there are many MikroTik devices (can be fixed later).

Configuring Zabbix SNMP v3

Create a new host in Zabbix:

[Monitoring] – [Hosts] – [Create host]

Host nameExample: MHRT01
Visible nameExample: MHELP.PRO MAIN ROUTER 01
TemplatesSelect a template, example: MikroTik RB5009UG+S+IN SNMP
Host groupsDiscovered hosts
InterfacesAdd SNMP service, click Add
SNMPZabbix server IP address, example: 10.41.40.1
SNMP versionSelect SNMPv3
Context nameEngine ID of the device, example: DC2C6E2D4656
Security nameCommunity name, example: snmp-v3
Security levelauthPriv
Authentication protocolCorresponds to the selection on the MikroTik device, example: SHA1
Authentication passphraseExample: Tn_FMD5_Bw
Privacy protocolCorresponds to the selection on the MikroTik device, example: DES
Privacy passphraseExample: k7TW_Th8V_ay
Configuring Zabbix v6 for MikroTik SNMP v3
Configuring SNMP-v3 in Zabbix

✏️ Notes:

  1. Zabbix 6 has templates for popular MikroTik devices, find your device model in the list;
  2. In MikroTik, there is no way to specify the AES key length, so we use DES encryption in the Privacy protocol;
  3. Context name is equal to Engine ID, if you do not specify this parameter, there was a problem connecting devices (Zabbix did not connect to devices) when there were several devices.

If everything is correct, after about 1 minute the status in the Availability column will change to green SNMP.

Successful monitoring of MikroTik SNMP-v3 using Zabbix server
Successful connection of MikroTik device to Zabbix

If the Zabbix server was unable to access your device, click on the device name in the list and run the ping command.

If the server can see (ping) your device, try using the snmpwalk utility to check if the SNMPv3 is configured correctly.

snmpwalk diagnostics

To diagnose device settings, install the snmpwalk utility:

yum install net-snmp-utils

Query the MikroTik device using the following command, where 10.41.11.10 is the IP address of the MikroTik device.

snmpwalk -v 3 -u snmp-v3 -l authPriv -A Tn_FMD5_Bw -a SHA -X k7TW_Th8V_ay -x DES 10.41.11.200 | head -n 5

The following answer speaks about the correctness of the settings of the end device and the search for a problem in the host settings on the Zabbix server:

SNMPv2-MIB::sysDescr.0 = STRING: RouterOS RB5009UG+S+
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.14988.1
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (276641500) 32 days, 0:26:55.00
SNMPv2-MIB::sysContact.0 = STRING: mikrotik@mhelp.pro
SNMPv2-MIB::sysName.0 = STRING: MHRT01

Otherwise, you will receive a response that the device is not available. This says that the end device is configured incorrectly:

Timeout: No Response from 10.41.40.1

🟢 This article discussed how to configure the Zabbix server and MikroTik device to work using the SNMP version 3 protocol. I hope you were able to configure monitoring of network devices. However, if you encounter any problems, feel free to write in the comments. I will try to help.

Leave a Reply

Your email address will not be published.

Adblock
detector