SNMPWALK PROBLEM

[Grati Mohamed ali]

 I’am monitoring my fortigate 200D using snmp_exporter i got problem wh:
-snmp_exporter status is working but snmpwalk -c public -v2c x.x.x.x.x show Timeout no response
-then i got that error :
snmp_exporter[7974]: level=info ts=2020-04-22T12:06:47.755Z caller=collector.go:216 module=if_mib target=172.16.0.240 msg=“Error scraping target” err=“error getting target 172.16.0.240: context canceled”
Some help please 

[Brian Candler]

snmpwalk "Timeout no response" means exactly that - no response was obtained from the device.  The "context canceled" means pretty much the same.

Therefore, you need to debug first why snmpwalk or snmpstatus doesn't work, before configuring snmp_exporter.

Some possible reasons:

* the device is not network reachable from where you are running snmpwalk (try pinging x.x.x.x)

* snmp agent is not enabled on the device

* the device is not configured for SNMP v2c

* an ACL on the device does not allow SNMP queries from your address

* you are using the wrong community string (i.e. it's not "public", or none has been configured)

[Grati Mohamed ali]

i tried the same config and the same command on my local server ! it worked on the local server but not on my OVH hosted server !

-snmp agent is enabled with -v2c version with ''public'' community name   

-i added an authorisation rule on Firewall to allow access from my Server => my Device only

 => the device i want to monitor is my FIREWALL !

-the ping is not working  ! 

[Brian Candler]

If your firewall is blocking pings, then it may be blocking SNMP as well.

Try adding a rule which permits UDP port 161 from your source address.

[Bruce]

shall i allow acces from host to prometheus on udp port number 161?
i alreadu set a rule on my firewall to allow all services !

[Brian Candler]

You said before that your firewall is blocking ping from your host, so it sounds like it *isn't* allowing all services.  If you can get to the point where you can ping your firewall, you'll have a better change of being sure that you can open SNMP.

When you say "host to prometheus" I don't understand what you're saying.  I think you were talking about two things:

- the host where you are running prometheus and snmpwalk

- the target device that prometheus/snmpwalk is trying to communicate with via SNMP (i.e. the Fortigate).

The SNMP UDP query originates at the prometheus host, and arrives at the target device with destination port 161. The response UDP packet will have source port 161, but any half-decent stateful firewall will allow the response automatically.

[Bruce]

I meant the target device !
 i'am already monitoring my fortigate using his public ip address 

[James Eduard]

You need to enabled the snmp on w/c interface on fortigate firewall in able to communicate.

Regards,

James

--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/e1a0e292-aa1d-4ee2-903e-469483a0c296%40googlegroups.com.