Just figured this out and wanted it to go in the archives... maybe some
other n00b will find this and get help.
If you're editing snmp.yml you have to restart snmp_exporter. Only
restarting prometheous to reference the new auth is insufficent.
I have Cisco devices. configuring "priv_protocol: AESC" in your snmpv3
config crashes snmp_exporter.
My Cisco snmpv3 config is:
snmp-server view snmp-v3-ReadOnly-View iso included
snmp-server group snmp-v3-ReadOnly v3 priv read snmp-v3-ReadOnly-View
access 29
snmp-server user USER snmp-v3-ReadOnly v3 auth sha xxx priv aes 128 yyy
access 29
my snmp.yml file is:
auths:
prod_v3:
version: 3
security_level: authPriv
username: USER
auth_protocol: SHA
password: xxx
priv_protocol: AES
priv_password: yyy
My prometheous.yml is:
params:
auth: [prod_v3]
module: [if_mib]
On Wednesday, March 12, 2025 at 11:36:25 AM UTC-4 erich trowbridge wrote:
> I have identical issue to the OP. snmpV2 works fine. snmpV3 does not
> attempt to poll edge devices I am just trying to scrape ifmib off of cisco
> devices. Snmpwalk works fine. Debugging snmp on edge devices shows that
> polling the devices is not being attempted. Any idea why this would be the
> case? I'm very green with prometheous. I'm happy to post any error log
> files, if told where to find them.
>
> *snmp.yml*
> auths:
> prod_v3:
> version: 3
> security_level: authPriv
> username: user
> auth_protocol: SHA
> password: xxx
> priv_protocol: AES
> priv_password: yyy
>
> The prometheous dashboard shows correct endpoint urls and red status
> 'down'.
>
> On Friday, February 14, 2025 at 1:34:18 PM UTC-5 Brian Candler wrote:
>
>> On Friday, 14 February 2025 at 15:53:24 UTC Jeff Peters wrote:
>>
>> I'm extremely new to prometheus for my company, and I'm looking to get
>> snmp_exporter functioning. Im mainly wanting to poll cisco routers and
>> switches utilizing snmpv3. What I'm finding is a few things.
>>
>> 1.) I can get snmpv2 working and polling when I'm in debug mode, but
>> can't seem to get V3 working via the generator. I don't get an error, it
>> just doesn't seem to even try to poll
>>
>>
>> You need to show exactly what you're doing, what commands you're running,
>> what responses you get.
>>
>> However, I suggest you start by using the supplied snmp.yml and not
>> hacking around with generator. That is, start by polling one of the
>> supplied mibs like if_mib.
>>
>>
>>
>> 2.) How do I poll another file that has all of the OID/MIB information?
>> I'd prefer to not having to keep touching the snmp.yaml file.
>>
>>
>> snmp_exporter --config.file=/etc/prometheus/snmp.d/*.yml
>>
>> This means that for example you can add your own 'auths' section in a
>> separate file (say /etc/prometheus/snmpd./auth.yml), and not touch the
>> vanilla snmp.yml
>>
>>
>> Does anyone have a .yaml that is scrubbed, but in the proper format to
>> look at cisco stuff and v3 that I can work off of?
>>
>> Otherwise, any idea why v3 wouldn't work?
>>
>>
>> Depends what SNMP settings you're using. If you're using privacy, AES
>> should be OK but note that Cisco uses a proprietary, incompatible version
>> of AES192 and AES256 (which you can select using AES192C or AES256C)
>>
>
--
You received this message because you are subscribed to the Google Groups
"Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prometheus-users+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/prometheus-users/21545a5a-40b1-4b08-9ee8-dc0d9e9f8a3dn%40googlegroups.com.
