Monitoring your Ubiquiti home-network with a Docker LibreNMS and SNMP
My Ubiquiti network gear is an awesome “prosumer” device and it supports a number of enterprise features for gadgeteers to use. Over the years I tried various methods of monitoring devices and network throughput – either via RRD, SmokePing or custom scripts.
With my Ubiquiti gear installed and the lack of any network issues at home for weeks, I managed to find a new monitoring project in the form of LibreNMS which supports a large number of devices and graphs via standard SNMP:
Want to monitor your printer, Synology NAS or switch – well you can do now. My HP printer will now report status of toner and I can configure an email alert to remind me to purchase new ink once a threshold is reached:
The Synology reports a vast array of information and allows me to monitor and alert on storage, CPU utilisation and other vitals:
Installing LibreNMS
This is the easiest part – I use Docker running on my Synology DS1010+ and creating the Docker container is simple:
First I create a MySQL database which runs on my Synology:
CREATE DATABASE librenms; GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'%' IDENTIFIED BY 'librenms'; FLUSH PRIVILEGES;
The next step is to create the Docker container for LibreNMS. In my case the 192.168.1.97 is the IP of my Synology where Docker runs. I also use MariaDB on my Synology which is needed for LibreNMS to store recorded data. LibreNMS can be accessed via http://192.168.1.97:8668. For all my Docker configurations I create separate directories on the Synology and mount those as volumes via the -v switch.
First you need to generate an encryption key:
docker run --rm jarischaefer/docker-librenms generate_key
Then run the container and pass the encryption key into the run-command as APP_KEY
docker run \
-d \
-p 8668:80 \
-e DB_HOST=192.168.1.97 \
-e APP_KEY="base64:xxxx" \
-e DB_NAME=librenms \
-e DB_USER=librenms \
-e DB_PASS=librenms \
-e PUID=0 -e PGID=101 \
-e TZ=Europe/Vienna \
-e BASE_URL=http://192.168.1.97:8668 \
-e POLLERS=16 \
-v /volume1/docker/librenms/logs:/opt/librenms/logs \
-v /volume1/docker/librenms/rrd:/opt/librenms/rrd \
--name librenms \
jarischaefer/docker-librenms
Before you can access LibreNMS, you need to create a LibreNMS admin user:
docker exec librenms php /opt/librenms/adduser.php admin admin 10 [email protected]
The next step is to adjust SNMP configuration (this is typically not necessary, but with the config below I restrict explorable network ranges and the community strings required to explore SNMP devices.
Connect to your Docker image:
docker exec -it librenms bash
Edit the LibreNMS config via vim /opt/librenms/config.php and add the following:
// v1 or v2c $config['snmp']['community'][] = "muffinsnmp"; $config['snmp']['community'][] = "public"; $config['nets'][] = '192.168.1.0/24'; $config['nets'][] = '10.0.0.0/24'; $config['discovery_by_ip'] = true;
Enabling SNMP on Ubiquiti
I prefer configuring my Ubiquiti kit via the config.gateway.json on my Unifi Cloud Key – this is relatively simple by placing the file into the /srv/unifi/data/sites/default/ directory on my Cloud Key:
config.gateway.json
{
"firewall": {
"options": {
"mss-clamp": {
"interface-type": [ "all" ],
"mss": "1440"
}
}
},
"interfaces": {
"ethernet": {
"eth0": {
"mtu": "1480"
}
}
},
"service": {
"dns": {
"forwarding": {
"cache-size": "10000"
}
},
"snmp": {
"community": {
"muffinsnmp": {
"authorization": "ro",
"client": [ "192.168.1.97" ]
}
}
},
"upnp2": {
"listen-on": [ "eth1" ],
"nat-pmp": "enable",
"secure-mode": "enable",
"wan": "eth0"
}
}
}
The above will require some adjustments to change the SNMP server IP (in my case 192.168.1.97 is my Synology) as well as the community string. In the above configuration file you will also notice a few more tuning options, which you can leave or remove:
- MSS-Clamping: In my case I noticed MTU fragmentation with my ISP and I then ensured that MTU size is fixed to avoid packet fragementation and re-transmission
- UPNP: We are a house full of gamers and multiple consoles and UPNP is a necessity to have a good online gaming experience
With the above changes, LibreNMS will start to discover devices and monitor vitals of all your peripherals on your network (I went to configure SNMP everywhere I could). I found the quickest way to get all the devices discovered is to manually initiate a discovery on LibreNMS:
/opt/librenms/snmp-scan.php -r 192.168.1.0/24
Using WatchTower to keep your Docker images up-to-date
Maintainers of Docker images often tweak and adjust the images with fixes and enhancements. I previously used to just destroy the current container and re-create it with the latest image. Until I found WatchTower which is an application that will monitor your running Docker containers and watch for changes to the images that those containers were originally started from. If Watchtower detects that an image has changed, it will automatically restart the container using the new image.
Installation is simple:
docker run -d \ --name watchtower \ -v /var/run/docker.sock:/var/run/docker.sock \ centurylink/watchtower \ --interval 82800 \ --cleanup
🍺 Pay it forward: If any of my content helped you in any way, then follow me on Twitter or send me some coins:
(CRO) cro1w2kvwrzp23aq54n3amwav4yy4a9ahq2kz2wtmj (Memo: 644996249) or 0xb83c3Fe378F5224fAdD7a0f8a7dD33a6C96C422C (Cronos)
(USDC) 0xb83c3Fe378F5224fAdD7a0f8a7dD33a6C96C422C
(BTC) 3628nqihXvw2RXsKtTR36dN6WvYzaHyr52
(ETH) 0xb83c3Fe378F5224fAdD7a0f8a7dD33a6C96C422C
(BAT) 0xb83c3Fe378F5224fAdD7a0f8a7dD33a6C96C422C
(LTC) MQxRAfhVU84KDVUqnZ5eV9MGyyaBEcQeDf
(Ripple) rKV8HEL3vLc6q9waTiJcewdRdSFyx67QFb (Tag: 1172047832)
(XLM) GB67TJFJO3GUA432EJ4JTODHFYSBTM44P4XQCDOFTXJNNPV2UKUJYVBF (Memo ID: 1406379394)
🚀 Use my referral link https://crypto.com/app/ref6ayzqvp to sign up for Crypto.com and we both get $25 USD 😸
🧨 During signup use my referral code ref6ayzqvp to claim your reward 🧨
Go to Curve.com to add your Crypto.com card to ApplePay (get 1% cashback)
Recent Comments