{"id":895,"date":"2021-10-17T06:32:49","date_gmt":"2021-10-17T05:32:49","guid":{"rendered":"https:\/\/wordpress.pedrorotoli.com\/?p=895"},"modified":"2021-10-17T13:52:33","modified_gmt":"2021-10-17T12:52:33","slug":"vyos-2","status":"publish","type":"post","link":"https:\/\/wordpress.pedrorotoli.com\/?p=895","title":{"rendered":"Vyos Monitoring on Zabbix using SNMP v3"},"content":{"rendered":"

Vyos initial setup:<\/h4>\n

Configure IP address of the interfaces:
\nconfigure
\nset interface ethernet ethn<\/strong><\/em> address x.x.x.x\/x<\/code><\/p>\n

Configure DNS for domain resolution:
\nset system name-server x.x.x.x<\/code><\/p>\n

Configure static route to allow internet access:
\nset protocols static route 0.0.0.0\/0 next-hop x.x.x.x<\/code><\/p>\n

Enable SSH:
\nset service ssh port 22<\/code><\/p>\n

Save public key for authentication:
\nloadkey <user> <key_file><\/code><\/p>\n

Add debian buster repositories to \/etc\/apt\/sources.list<\/code> do be able to install emacs and other shit:<\/p>\n

deb http:\/\/ftp.rnl.tecnico.ulisboa.pt\/pub\/debian\/ buster main<\/code>
\ndeb-src http:\/\/ftp.rnl.tecnico.ulisboa.pt\/pub\/debian\/ buster main<\/code><\/p>\n

deb http:\/\/security.debian.org\/debian-security\/ buster\/updates main contrib<\/code>
\ndeb-src http:\/\/security.debian.org\/debian-security\/ buster\/updates main contrib<\/code><\/p>\n

# buster-updates, previously known as 'volatile'<\/code>
\ndeb http:\/\/ftp.rnl.tecnico.ulisboa.pt\/pub\/debian\/ buster-updates main contrib<\/code>
\ndeb-src http:\/\/ftp.rnl.tecnico.ulisboa.pt\/pub\/debian\/ buster-updates main contrib<\/code><\/p>\n

Prepare Ubuntu Server to install Zabbix:<\/h4>\n

Install and configure MySQL and nginx:
\n$ sudo apt install mysql-server php php-mysql php-fpm nginx -y<\/code><\/p>\n

Install Zabbix repo:
\n$ wget https:\/\/repo.zabbix.com\/zabbix\/5.4\/ubuntu\/pool\/main\/z\/zabbix-release\/zabbix-release_5.4-1+ubuntu20.04_all.deb
\n$ sudo dpkg -i zabbix-release_5.4-1+ubuntu20.04_all.deb
\n$ sudo apt update<\/code><\/p>\n

Install Zabbix server, frontend and agent:
\n$ sudo apt install zabbix-server-mysql zabbix-frontend-php zabbix-nginx-conf zabbix-sql-scripts zabbix-agent -y<\/code><\/p>\n

Create initial database:
\n$ sudo mysql -u root -p
\npassword<\/span>
\nmysql> create database zabbix character set utf8 collate utf8_bin;
\nmysql> create user zabbix@localhost identified by 'password<\/span>';
\nmysql> grant all privileges on zabbix.* to zabbix@localhost;
\nmysql> quit;<\/code><\/p>\n

Import initial database schema and data, use the password created earlier (it takes a while):
\n$ zcat \/usr\/share\/doc\/zabbix-sql-scripts\/mysql\/create.sql.gz | mysql -uzabbix -p zabbix<\/code><\/p>\n

Configure the database access for Zabbix server, make the following edit the file \/etc\/zabbix\/zabbix_server.conf<\/code>:
\nDBPassword=password<\/span><\/code><\/p>\n

Configure PHP for Zabbix frontend, uncomment the following lines on \/etc\/zabbix\/nginx.conf<\/code> and change port 80 to 81:
\nlisten 127.0.0.1:81;<\/code>
\nserver_name example.com;<\/code><\/p>\n

This would make Zabbix be on the root directory instead of \/zabbix<\/code> subdirectory, create a file named proxy<\/code> inside \/etc\/nginx\/sites-available<\/code>, and put this inside it:<\/p>\n

server {<\/code>
\n\u00a0\u00a0\u00a0\u00a0listen 80;<\/code>
\n\u00a0\u00a0\u00a0\u00a0root \/var\/www\/html;<\/code>
\n\u00a0\u00a0\u00a0\u00a0index index.php index.html;<\/code>
\n\u00a0\u00a0\u00a0\u00a0location \/zabbix\/ {<\/code>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0proxy_pass http:\/\/127.0.0.1:81\/;<\/code>
\n\u00a0\u00a0\u00a0\u00a0}<\/code>
\n}<\/code><\/p>\n

Then create a link for this file on \/etc\/nginx\/sites-enabled<\/code>.<\/p>\n

Make sure all relevant services are enables:
\nsystemctl enable zabbix-server zabbix-agent nginx php7.4-fpm<\/code><\/p>\n

That will make it so you anyone won’t be able to access zabbix directly through port 81, and instead will have to go through the \/zabbix<\/code> subdirectory.<\/p>\n

After that restart nginx and access x.x.x.x\/zabbix<\/code> using the IP address of the server.<\/p>\n

Click next until the DB connection configuration, put the password configured previously and click next, give it a name and click next, now select the correct time zone and choose a theme, click next, next again e finish.<\/p>\n

After that you can log in, the username is Admin and the password is zabbix.<\/p>\n

Configuring SNMP v3 on Vyos:<\/h4>\n

set service snmp listen-address x.x.x.x port 161<\/code> (port is optional, if omitted will default to 161, the IP is of the interface that will receive the requests)
\nset service snmp v3 engineid '000000000000000000000002'<\/code> (it’s a hexadecimal number with at least two digits)
\nset service snmp v3 group groupname<\/span> mode 'ro'<\/code>
\nset service snmp v3 group groupname<\/span> view viewname<\/span><\/code>
\nset service snmp v3 user username<\/span> auth plaintext-password 'password<\/span>'<\/code>
\nset service snmp v3 user username<\/span> auth type sha<\/span><\/code>
\nset service snmp v3 user username<\/span> group groupname<\/span><\/code>
\nset service snmp v3 user username<\/span> privacy plaintext-password 'password<\/span>'<\/code>
\nset service snmp v3 user username<\/span> privacy type aes<\/span><\/code>
\nset service snmp v3 view viewname<\/span> oid 1<\/code><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Vyos initial setup: Configure IP address of the interfaces: configure set interface ethernet ethn address x.x.x.x\/x Configure DNS for domain resolution: set system name-server x.x.x.x<\/p>\n","protected":false},"author":1,"featured_media":899,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,53],"tags":[64,41,49,63],"class_list":["post-895","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-network","tag-snmp-v3","tag-ubuntu-server","tag-vyos","tag-zabbix"],"_links":{"self":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=895"}],"version-history":[{"count":35,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/895\/revisions"}],"predecessor-version":[{"id":931,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/895\/revisions\/931"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/media\/899"}],"wp:attachment":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}