SNMP Agent

MITIGATOR comes with a built-in SNMP agent listening on port 1161. No community is configured by default.

SNMP metrics of all MITIGATOR instances are only available through the leader instance.

Metrics provided under OID 1.3.6.1.4.1.88778:

  • MITIGATOR data ports (ext*, int*)
  • MITIGATOR operation (resource utilization, protection statistics)
  • Wireguard interface wg0 of cluster VPN (in gateway service container)

Access SNMP metrics

Create SNMP configuration file in the working directory /srv/mitigator:

echo "rocommunity $(tr -dc A-Za-z0-9 </dev/urandom | head -c 10)" | tee snmp.conf
Warning

Generated value of rocommunity field is a de-facto password to access SNMP metrics.

Recreate SNMP service:

docker-compose up -d --force-recreate snmp

External SNMP agent

To pass SNMP data into external SNMP agent via AgentX protocol, set MITIGATOR_SNMP_AGENTX_ADDRESS environment variable in .env file to the external SNMP agent IP address.

Restart fwstats after the change:

docker-compose up -d fwstats

Port configuration

By default, SNMP agent listens on 1161 port (TCP and UDP). Set MITIGATOR_SNMP_PORT environment variable in .env file to an alternative value to change the port. The new port must not conflict with another SNMP agent that may be running on the machine, e.g. the system SNMP agent.

Restart MITIGATOR after the change:

docker-compose down && docker-compose up -d