Mikrotik Router Monitoring with Grafana/Prometheus.
MKTXP Exporter
source: https://github.com/akpw/mktxp
MKTXP is a Prometheus Exporter for Mikrotik RouterOS devices.
It gathers and exports a rich set of metrics across multiple routers, all easily configurable via built-in CLI interface.
Grafana Dashboard: https://grafana.com/grafana/dashboards/13679-mikrotik-mktxp-exporter/
Deployment
deployment.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: mktxp-exporter
spec:
selector:
matchLabels:
app: mktxp-exporter
template:
metadata:
labels:
app: mktxp-exporter
spec:
containers:
- name: mktxp-exporter
image: ghcr.io/akpw/mktxp:1.2.10
args:
- --cfg-dir
- /mktxp_config
- export
resources:
limits:
memory: "256Mi"
cpu: "200m"
volumeMounts:
- name: mktxp-credentials
mountPath: /mktxp_config
ports:
- containerPort: 49090
volumes:
- name: mktxp-credentials
secret:
secretName: mktxp-credentials
Secret
secret.yamlapiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: mktxp-credentials
namespace: mktxp
spec:
refreshInterval: "15s"
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: mktxp-credentials
creationPolicy: Owner
data:
- secretKey: _mktxp.conf
remoteRef:
key: secret/mktxp-credentials
property: _mktxp.conf
- secretKey: mktxp.conf
remoteRef:
key: secret/mktxp-credentials
property: mktxp.conf
_mktxp.conf
[MKTXP]
listen = '0.0.0.0:49090' # Space separated list of socket addresses to listen to, both IPV4 and IPV6
socket_timeout = 5
initial_delay_on_failure = 120
max_delay_on_failure = 900
delay_inc_div = 5
bandwidth = False # Turns metrics bandwidth metrics collection on / off
bandwidth_test_interval = 600 # Interval for collecting bandwidth metrics
minimal_collect_interval = 5 # Minimal metric collection interval
verbose_mode = False # Set it on for troubleshooting
fetch_routers_in_parallel = False # Fetch metrics from multiple routers in parallel / sequentially
max_worker_threads = 5 # Max number of worker threads that can fetch routers (parallel fetch only)
max_scrape_duration = 30 # Max duration of individual routers' metrics collection (parallel fetch only)
total_max_scrape_duration = 90 # Max overall duration of all metrics collection (parallel fetch only)
compact_default_conf_values = False # Compact mktxp.conf, so only specific values are kept on the individual routers' level
mktxp.conf
[RB4011]
# for specific configuration on the router level, change here the defaults values from below
hostname = 10.10.10.1
[default]
# this affects configuration of all routers, unless overloaded on their specific levels
enabled = True # turns metrics collection for this RouterOS device on / off
hostname = localhost # RouterOS IP address
port = 41239 # RouterOS IP Port
username = mktxp_user # RouterOS user, needs to have 'read' and 'api' permissions
password = mktxp_password
use_ssl = False # enables connection via API-SSL servis
no_ssl_certificate = True # enables API_SSL connect without router SSL certificate
ssl_certificate_verify = False # turns SSL certificate verification on / off
plaintext_login = True # for legacy RouterOS versions below 6.43 use False
installed_packages = True # Installed packages
dhcp = True # DHCP general metrics
dhcp_lease = True # DHCP lease metrics
connections = True # IP connections metrics
connection_stats = False # Open IP connections metrics
interface = True # Interfaces traffic metrics
route = True # IPv4 Routes metrics
pool = True # IPv4 Pool metrics
firewall = True # IPv4 Firewall rules traffic metrics
neighbor = True # IPv4 Reachable Neighbors
ipv6_route = False # IPv6 Routes metrics
ipv6_pool = False # IPv6 Pool metrics
ipv6_firewall = False # IPv6 Firewall rules traffic metrics
ipv6_neighbor = False # IPv6 Reachable Neighbors
poe = True # POE metrics
monitor = True # Interface monitor metrics
netwatch = True # Netwatch metrics
public_ip = True # Public IP metrics
wireless = True # WLAN general metrics
wireless_clients = True # WLAN clients metrics
capsman = True # CAPsMAN general metrics
capsman_clients = True # CAPsMAN clients metrics
lte = False # LTE signal and status metrics (requires additional 'test' permission policy on RouterOS v6)
ipsec = False # IPSec active peer metrics
switch_port = False # Switch Port metrics
kid_control_assigned = False # Allow Kid Control metrics for connected devices with assigned users
kid_control_dynamic = False # Allow Kid Control metrics for all connected devices, including those without assigned user
user = True # Active Users metrics
queue = True # Queues metrics
bgp = False # BGP sessions metrics
routing_stats = False # Routing process stats
certificate = False # Certificates metrics
remote_dhcp_entry = None # An MKTXP entry to provide for remote DHCP info / resolution
remote_capsman_entry = None # An MKTXP entry to provide for remote capsman info
use_comments_over_names = True # when available, forces using comments over the interfaces names
check_for_updates = False # check for available ROS updates
Networking
networking.yamlapiVersion: v1
kind: Service
metadata:
name: mktxp-exporter
annotations:
prometheus.io/port: "49090"
prometheus.io/scrape: "true"
spec:
selector:
app: mktxp-exporter
ports:
- port: 49090
targetPort: 49090