Issues with snmp_exporter

[Jeff Peters]

Hi,

I'm extremely new to prometheus for my company, and I'm looking to get snmp_exporter functioning. Im mainly wanting to poll cisco routers and switches utilizing snmpv3. What I'm finding is a few things.

1.) I can get snmpv2 working and polling when I'm in debug mode, but can't seem to get V3 working via the generator. I don't get an error, it just doesn't seem to even try to poll

2.) How do I poll another file that has all of the OID/MIB information? I'd prefer to not having to keep touching the snmp.yaml file. 

Does anyone have a .yaml that is scrubbed, but in the proper format to look at cisco stuff and v3 that I can work off of? 

Otherwise, any idea why v3 wouldn't work? Again, I need a bit of handholding for this, sorry, but appreciate any help.

Thanks

Jeff

[Brian Candler]

On Friday, 14 February 2025 at 15:53:24 UTC Jeff Peters wrote:

I'm extremely new to prometheus for my company, and I'm looking to get snmp_exporter functioning. Im mainly wanting to poll cisco routers and switches utilizing snmpv3. What I'm finding is a few things.

1.) I can get snmpv2 working and polling when I'm in debug mode, but can't seem to get V3 working via the generator. I don't get an error, it just doesn't seem to even try to poll

You need to show exactly what you're doing, what commands you're running, what responses you get.

However, I suggest you start by using the supplied snmp.yml and not hacking around with generator. That is, start by polling one of the supplied mibs like if_mib.

 

2.) How do I poll another file that has all of the OID/MIB information? I'd prefer to not having to keep touching the snmp.yaml file. 

snmp_exporter --config.file=/etc/prometheus/snmp.d/*.yml

This means that for example you can add your own 'auths' section in a separate file (say /etc/prometheus/snmpd./auth.yml), and not touch the vanilla snmp.yml

 

Does anyone have a .yaml that is scrubbed, but in the proper format to look at cisco stuff and v3 that I can work off of? 

Otherwise, any idea why v3 wouldn't work?

Depends what SNMP settings you're using. If you're using privacy, AES should be OK but note that Cisco uses a proprietary, incompatible version of AES192 and AES256 (which you can select using AES192C or AES256C)

[erich trowbridge]

I have identical issue to the OP. snmpV2 works fine. snmpV3 does not attempt to poll edge devices I am just trying to scrape ifmib off of cisco devices. Snmpwalk works fine. Debugging snmp on edge devices shows that polling the devices is not being attempted. Any idea why this would be the case? I'm very green with prometheous. I'm happy to post any error log files, if told where to find them. 

snmp.yml

auths:

  prod_v3:
    version: 3
    security_level: authPriv
    username: user
    auth_protocol: SHA
    password: xxx
    priv_protocol: AES
    priv_password: yyy

The prometheous dashboard shows correct endpoint urls and red status 'down'.

[erich trowbridge]

Just figured this out and wanted it to go in the archives... maybe some other n00b will find this and get help. 

If you're editing snmp.yml you have to restart snmp_exporter. Only restarting prometheous to reference the new auth is insufficent.

I have Cisco devices.  configuring "priv_protocol: AESC" in your snmpv3 config crashes snmp_exporter. 

My Cisco snmpv3 config is: 

snmp-server view snmp-v3-ReadOnly-View iso included
snmp-server group snmp-v3-ReadOnly v3 priv read snmp-v3-ReadOnly-View access 29
snmp-server user USER snmp-v3-ReadOnly v3 auth sha xxx priv aes 128 yyy access 29

my snmp.yml file is:

auths:

   prod_v3:
    version: 3
    security_level: authPriv

    username: USER

    auth_protocol: SHA
    password: xxx
    priv_protocol: AES
    priv_password: yyy

My prometheous.yml is:

    params:
      auth: [prod_v3]
      module: [if_mib]

[Brian Candler]

You're right, there's no AESC; AES (meaning AES128) is standard across platforms. It's only if you were using AES192 or AES256 with Cisco that this could be an issue.