Vyos Monitoring on Zabbix using SNMP v3
Vyos initial setup:
Configure IP address of the interfaces:
configure
set interface ethernet ethn address x.x.x.x/x
Configure DNS for domain resolution:
set system name-server x.x.x.x
Configure static route to allow internet access:
set protocols static route 0.0.0.0/0 next-hop x.x.x.x
Enable SSH:
set service ssh port 22
Save public key for authentication:
loadkey <user> <key_file>
Add debian buster repositories to /etc/apt/sources.list do be able to install emacs and other shit:
deb http://ftp.rnl.tecnico.ulisboa.pt/pub/debian/ buster main
deb-src http://ftp.rnl.tecnico.ulisboa.pt/pub/debian/ buster main
deb http://security.debian.org/debian-security/ buster/updates main contrib
deb-src http://security.debian.org/debian-security/ buster/updates main contrib
# buster-updates, previously known as 'volatile'
deb http://ftp.rnl.tecnico.ulisboa.pt/pub/debian/ buster-updates main contrib
deb-src http://ftp.rnl.tecnico.ulisboa.pt/pub/debian/ buster-updates main contrib
Prepare Ubuntu Server to install Zabbix:
Install and configure MySQL and nginx:
$ sudo apt install mysql-server php php-mysql php-fpm nginx -y
Install Zabbix repo:
$ wget https://repo.zabbix.com/zabbix/5.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_5.4-1+ubuntu20.04_all.deb
$ sudo dpkg -i zabbix-release_5.4-1+ubuntu20.04_all.deb
$ sudo apt update
Install Zabbix server, frontend and agent:
$ sudo apt install zabbix-server-mysql zabbix-frontend-php zabbix-nginx-conf zabbix-sql-scripts zabbix-agent -y
Create initial database:
$ sudo mysql -u root -p
password
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by 'password';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> quit;
Import initial database schema and data, use the password created earlier (it takes a while):
$ zcat /usr/share/doc/zabbix-sql-scripts/mysql/create.sql.gz | mysql -uzabbix -p zabbix
Configure the database access for Zabbix server, make the following edit the file /etc/zabbix/zabbix_server.conf:
DBPassword=password
Configure PHP for Zabbix frontend, uncomment the following lines on /etc/zabbix/nginx.conf and change port 80 to 81:
listen 127.0.0.1:81;
server_name example.com;
This would make Zabbix be on the root directory instead of /zabbix subdirectory, create a file named proxy inside /etc/nginx/sites-available, and put this inside it:
server {
listen 80;
root /var/www/html;
index index.php index.html;
location /zabbix/ {
proxy_pass http://127.0.0.1:81/;
}
}
Then create a link for this file on /etc/nginx/sites-enabled.
Make sure all relevant services are enables:
systemctl enable zabbix-server zabbix-agent nginx php7.4-fpm
That will make it so you anyone won’t be able to access zabbix directly through port 81, and instead will have to go through the /zabbix subdirectory.
After that restart nginx and access x.x.x.x/zabbix using the IP address of the server.
Click next until the DB connection configuration, put the password configured previously and click next, give it a name and click next, now select the correct time zone and choose a theme, click next, next again e finish.
After that you can log in, the username is Admin and the password is zabbix.
Configuring SNMP v3 on Vyos:
set service snmp listen-address x.x.x.x port 161 (port is optional, if omitted will default to 161, the IP is of the interface that will receive the requests)
set service snmp v3 engineid '000000000000000000000002' (it’s a hexadecimal number with at least two digits)
set service snmp v3 group groupname mode 'ro'
set service snmp v3 group groupname view viewname
set service snmp v3 user username auth plaintext-password 'password'
set service snmp v3 user username auth type sha
set service snmp v3 user username group groupname
set service snmp v3 user username privacy plaintext-password 'password'
set service snmp v3 user username privacy type aes
set service snmp v3 view viewname oid 1