snmp_exporter: [snmp running only for localhost]
252 views
Skip to first unread message
Rizwan Khan
Mar 29, 2021, 2:39:24 PM3/29/21
to Prometheus Users
Guys, a question regarding snmp_exporter, as it runs as proxy and fetches snmp from other machines unlike node_exporter, I am having an issue. The customer I am working on has given access to snmp only over localhost .. whats the best way to make it work? One idea I had was to ssh tunnel over some port and then use that port as proxy .. but how do i use it with snmp_exporter? any other suggestions are welcome ..
Stuart Clark
Mar 29, 2021, 3:03:47 PM3/29/21
to Rizwan Khan, Prometheus Users
On 2021-03-29 19:39, Rizwan Khan wrote:
> Guys, a question regarding snmp_exporter, as it runs as proxy and
> fetches snmp from other machines unlike node_exporter, I am having an
> issue. The customer I am working on has given access to snmp only over
> localhost [1] .. whats the best way to make it work? One idea I had
> Guys, a question regarding snmp_exporter, as it runs as proxy and
> fetches snmp from other machines unlike node_exporter, I am having an
> issue. The customer I am working on has given access to snmp only over
> was to ssh tunnel over some port and then use that port as proxy ..
> but how do i use it with snmp_exporter? any other suggestions are
> welcome ..
Localhost for what? I'd normally associate SNMP with monitoring things
> but how do i use it with snmp_exporter? any other suggestions are
> welcome ..
like network switches rather than servers, where local only access makes
little sense. If you are talking about full servers which are running
SNMPd you'd be much better off ignoring that totally and instead using
standard exporters such as node exporter, etc. - SNMP is great as a
generic protocol that pretty much all network equiptment supports, but
for a Linux or Windows machine the normal exporters are much quicker,
more reliable and support more detailed information.
--
Stuart Clark
Rizwan Khan
Mar 29, 2021, 3:09:26 PM3/29/21
to Prometheus Users
I am have to scrape certain snmp OIDs from appliances, which run custom Oses based on Linux and FreeBSD. And most of these are vendor specific OIDs. They are running snmpd processes with access restricted to local host only.
I think I a workaround could be to use vmagent from Victoria Metrics with proxy_url .. and i can create an ssh tunnel to those machines from the machine which is going to scrape. Not an ideal solution but a workaround. Cant think of anything else...
Stuart Clark
Mar 29, 2021, 3:55:05 PM3/29/21
to Rizwan Khan, Prometheus Users
On 2021-03-29 20:09, Rizwan Khan wrote:
> I am have to scrape certain snmp OIDs from appliances, which run
> custom Oses based on Linux and FreeBSD. And most of these are vendor
> specific OIDs. They are running snmpd processes with access restricted
> to local host only.
>
> I think I a workaround could be to use vmagent from Victoria Metrics
> with proxy_url .. and i can create an ssh tunnel to those machines
> from the machine which is going to scrape. Not an ideal solution but a
> workaround. Cant think of anything else...
>
Ignoring Prometheus completely for a moment, how would SNMP be used
> I am have to scrape certain snmp OIDs from appliances, which run
> custom Oses based on Linux and FreeBSD. And most of these are vendor
> specific OIDs. They are running snmpd processes with access restricted
> to local host only.
>
> I think I a workaround could be to use vmagent from Victoria Metrics
> with proxy_url .. and i can create an ssh tunnel to those machines
> from the machine which is going to scrape. Not an ideal solution but a
> workaround. Cant think of anything else...
>
generally for those machines given that only local processes can access
it? I'd normally expect external access, often firewalled (at either the
network and/or machine layers) rather than local only.
If you are able to create permanent SSH tunnels then there's no reason
you couldn't use those for the SNMP exporter directly - you are adding a
failure mode that you probably want to monitor for as well - a tunnel
failing would stop metrics totally, so you'd ideally setup the tunnel in
a way that can detect issues (e.g. keepalives) and fix itself (auto
restarts).
--
Stuart Clark
Rizwan Khan
Mar 30, 2021, 1:34:35 AM3/30/21
to Prometheus Users
The customer does not to open SNMP at all, they want us to get the required information by other means (local bash scripts, db scripts etc) but we need SNMP. So they will open it for localhost access only. Yes, I'll use keep alive and may be give autossh a try and see how it goes.
Thanks for the help.
Ben Kochie
Mar 30, 2021, 2:15:14 AM3/30/21
to Rizwan Khan, Prometheus Users
Your customer is probably right, don't use SNMP. If you're using Prometheus, you don't need SNMP. Why not use Prometheus-native solutions?
This sounds like you and your customer have cornered yourselves into an XY Problem.
--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/35da41a6-c41c-4deb-a539-e1672fdecf37n%40googlegroups.com.
Stuart Clark
Mar 30, 2021, 2:45:41 AM3/30/21
to Rizwan Khan, Prometheus Users
On 30/03/2021 06:34, Rizwan Khan wrote:
> The customer does not to open SNMP at all, they want us to get the
> required information by other means (local bash scripts, db scripts
> etc) but we need SNMP. So they will open it for localhost access only.
> Yes, I'll use keep alive and may be give autossh a try and see how it
> goes.
>
Can't you install the node exporter on those servers? Why do you "need"
> The customer does not to open SNMP at all, they want us to get the
> required information by other means (local bash scripts, db scripts
> etc) but we need SNMP. So they will open it for localhost access only.
> Yes, I'll use keep alive and may be give autossh a try and see how it
> goes.
>
SNMP?
--
Stuart Clark
Rizwan Khan
Mar 30, 2021, 3:20:38 AM3/30/21
to Prometheus Users
To extract some vendor specific snmp OIDs ...
Stuart Clark
Mar 30, 2021, 4:59:50 AM3/30/21
to Rizwan Khan, Prometheus Users
On 30/03/2021 08:20, Rizwan Khan wrote:
> To extract some vendor specific snmp OIDs ...
You could still use the node exporter - using the textfile collector to
> To extract some vendor specific snmp OIDs ...
include that data that you've fetched locally.
What is the reasoning for not opening SNMP even to just the Prometheus
servers? If they are worried about that would they be equally concerned
about node exporter or SSH tunnels?
--
Stuart Clark
Rizwan Khan
Mar 30, 2021, 8:12:08 AM3/30/21
to Stuart Clark, Prometheus Users
Yes they are. We have convinced them of key based access for ssh. Rest they are not opening anything else.
Rizwan A. Khan
Stuart Clark
Mar 30, 2021, 8:23:42 AM3/30/21
to Rizwan Khan, Prometheus Users
On 30/03/2021 13:11, Rizwan Khan wrote:
> Yes they are. We have convinced them of key based access for ssh.
> Rest they are not opening anything else.
So it sounds like you just need to set up some SSH tunnels.
> Yes they are. We have convinced them of key based access for ssh.
> Rest they are not opening anything else.
Then you can use node exporter or SNMP exporter or whatever...
--
Stuart Clark
Ben Kochie
Mar 30, 2021, 8:52:29 AM3/30/21
to Stuart Clark, Rizwan Khan, Prometheus Users
I would recommend looking at PushProx.
You can install and run services as a user using systemd.
--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/7c9fa4a3-8300-292b-2909-de063750dd4a%40Jahingo.com.
Mohammad Masihullah
Jul 27, 2021, 3:16:01 PM7/27/21
to Prometheus Users
I have install the snmp exporter successfully, I'm getting the metrics on the web browser, but I cannot hit the endpoint/target on the web browser. The same target is working fine with snmpwalk command. Can someone help here please?
TIA.
Reply all
Reply to author
Forward
0 new messages