Integrating MikroTik with Zabbix for Advanced Network Monitoring

0 Shares

MikroTik routers are popular in enterprise and ISP networks for their flexibility, performance, and cost efficiency. Zabbix is a powerful open-source monitoring platform that can track the health and performance of your network devices in real time. When you integrate MikroTik with Zabbix, you gain deep visibility into bandwidth usage, CPU load, memory consumption, and hardware health, all from a single dashboard. This integration makes it easier to detect issues before they affect users, automate alerts, and maintain high service availability. In this guide, you will learn how to configure MikroTik for SNMP, set up Zabbix to monitor your devices, use templates and auto-discovery, secure your monitoring setup, and troubleshoot common issues.

Introduction: Why Integrate MikroTik and Zabbix

Zabbix provides strong data collection and alerting for networks.
MikroTik devices are common in branch, campus, and ISP networks.
SNMP gives Zabbix direct access to device counters and states.
Integration improves visibility for interface use, CPU load, memory, and link health.
Alerts help teams fix issues before users call.
Templates and discovery reduce setup time across many routers and switches.

Goal: Build a clear and repeatable method to integrate MikroTik with Zabbix. Keep the setup simple, the process secure, and the results actionable.

Prerequisites and Planning Checklist

A working Zabbix Server or Zabbix Proxy
Access to MikroTik RouterOS with administrative rights
IP reachability between Zabbix and the MikroTik management address
SNMP allowed by firewall policies
Time sync in place (NTP) on Zabbix and MikroTik
Host naming convention for easy identification

Version notes

RouterOS supports SNMP v2c and SNMP v3.
Zabbix supports SNMP polling and trap processing.
Prefer SNMP v3 for security. Use v2c for simple or isolated networks.

SNMP Basics for MikroTik Monitoring

SNMP uses a manager (Zabbix) and agents (MikroTik devices).
SNMP v2c uses a community string for read access. It lacks encryption.
SNMP v3 supports authentication and privacy. It adds encryption.
Use UDP/161 for queries and UDP/162 for traps.
Object identifiers (OIDs) identify values like interface status or octets.
Low-Level Discovery (LLD) finds interfaces and creates items and triggers.

Configure SNMP v2c on MikroTik RouterOS

Use v2c in a secure, isolated network. Limit source IPs. Use strong community strings.

Enable SNMP service

/snmp set enabled=yes contact="NOC <noc@example.com>" location="DC-R1"

Create a read-only community

/snmp community add name="ZBX-RO" addresses=10.0.10.50/32,10.0.10.51/32 authentication-password="" read-access=yes write-access=no

Replace 10.0.10.50 and 10.0.10.51 with Zabbix Server or Proxy addresses.
Do not leave the default “public” community in place.
Use a unique community per environment when possible.

Confirm SNMP agent identity

/snmp set system-descr="MikroTik_RouterOS" system-contact="Network Team" system-location="HQ-Core"

Configure SNMP v3 on MikroTik RouterOS (Recommended)

SNMP v3 protects credentials and payloads. Use it for remote sites and shared networks.

Create an SNMP v3 user with authentication and privacy

/snmp set enabled=yes

/snmp user add name="zbxv3" \
  auth-protocol=SHA \
  auth-password="A-Strong-Auth-Password" \
  privacy-protocol=AES \
  privacy-password="A-Strong-Priv-Password" \
  read-access=yes write-access=no

# Optional: set engine-id to a unique string to avoid conflicts
/snmp set engine-id="0x0102030405060708"

Use SHA or SHA-256 for authentication if your RouterOS build supports it.
Use AES for privacy where supported.
Use long passphrases. Store passphrases in a password manager.

Restrict SNMP v3 access to Zabbix hosts

/snmp set trap-version=3
/snmp community set [find name="public"] disabled=yes

Disable the default v2c community. Limit access by firewall rules. See the next section.

MikroTik Firewall Rules for SNMP and Traps

Permit queries from Zabbix and drop all other SNMP traffic.

Example filter rules

/ip firewall filter
add chain=input action=accept protocol=udp dst-port=161 \
    src-address-list=zabbix-hosts comment="Allow SNMP from Zabbix"
add chain=input action=accept protocol=udp dst-port=162 \
    src-address-list=zabbix-hosts comment="Allow SNMP traps from Zabbix"
add chain=input action=drop protocol=udp dst-port=161,162 comment="Drop all other SNMP"

Create the address list

/ip firewall address-list
add list=zabbix-hosts address=10.0.10.50 comment="Zabbix Server"
add list=zabbix-hosts address=10.0.10.51 comment="Zabbix Proxy"

Optional: set SNMP source address on the router

/snmp set src-address=10.0.20.1

Set the source address to a management IP that Zabbix can reach. This helps when devices have many interfaces.

Create a MikroTik Host in Zabbix

Add the device as a host. Choose SNMP version. Apply templates. Test availability.

Add host and SNMP interface

Open Configuration → Hosts.
Click Create host.
Set Host name to the device FQDN or a clear label.
Set Visible name for clean dashboards.
Assign a Host group such as MikroTik or Branch Routers.
Under Interfaces, add an SNMP interface with the management IP.
Remove the default Agent interface if not used.

Set SNMP credentials using macros

For v2c, set {$SNMP_COMMUNITY} at the host or template level.
For v3, set:
- {$SNMP_SECNAME} = zbxv3
- {$SNMP_AUTHPROTOCOL} = SHA
- {$SNMP_AUTHPASSPHRASE} = <value>
- {$SNMP_PRIVPROTOCOL} = AES
- {$SNMP_PRIVPASSPHRASE} = <value>

Quick test with snmpwalk from the Zabbix server

# v2c example
snmpwalk -v2c -c ZBX-RO 10.0.20.1 1.3.6.1.2.1.1

# v3 example
snmpwalk -v3 -u zbxv3 -l authPriv -a SHA -A <auth-pass> -x AES -X <priv-pass> 10.0.20.1 1.3.6.1.2.1.1

Confirm availability in Zabbix

Open the host in Zabbix.
Check the Availability column. You should see a green SNMP icon.
If it is red, check routing, firewall rules, and credentials.

Zabbix Templates for MikroTik Devices

Templates save time. Templates standardize items, triggers, value maps, and discovery rules.

Template strategy

Use a base SNMP template for core metrics:
- System name, description, uptime
- CPU load and memory
- Temperature if the model supports it
- Interface discovery and traffic
Add role-specific templates:
- Routing metrics (BGP peers, OSPF neighbors) if enabled via SNMP
- Wireless metrics for CAPsMAN or AP roles
- QoS or queue metrics if needed
Keep templates modular. Link only what you need.

Import or create a template

Open Configuration → Templates.
Click Create template or Import.
Add discovery rules for interfaces using IF-MIB::ifName or ifDescr.
Add item prototypes for in/out octets, errors, discards.
Add trigger prototypes for link down or error rate.
Add graphs for bandwidth per interface.

Low-Level Discovery (LLD) for Interfaces, Queues, and VLANs

LLD creates items and triggers for each discovered entity. This cuts manual work.

Interface discovery rule

Key: discovery[{#IFNAME}] with SNMP OID based on IF-MIB
Filter out virtual, down, or unwanted interfaces with a regex.

Common OIDs for interfaces

ifIndex: 1.3.6.1.2.1.2.2.1.1
ifDescr: 1.3.6.1.2.1.2.2.1.2
ifName: 1.3.6.1.2.1.31.1.1.1.1
ifAdminStatus: 1.3.6.1.2.1.2.2.1.7
ifOperStatus: 1.3.6.1.2.1.2.2.1.8
ifHCInOctets: 1.3.6.1.2.1.31.1.1.1.6
ifHCOutOctets: 1.3.6.1.2.1.31.1.1.1.10
ifInErrors: 1.3.6.1.2.1.2.2.1.14
ifOutErrors: 1.3.6.1.2.1.2.2.1.20

Queue and QoS discovery

Many operators monitor simple and hierarchical queues.
RouterOS can expose queue stats via SNMP on some models.
Check for OIDs under 1.3.6.1.4.1.14988 if present.
If missing, script queue stats on the device and push them by trap or by Zabbix sender.

VLAN discovery

Use BRIDGE-MIB or Q-BRIDGE-MIB when supported.
Discover VLAN IDs and port memberships for large switches.

Items, Value Mapping, and Graphs

Items define what Zabbix collects. Value maps make values readable. Graphs help teams see trends fast.

Core items per host

System uptime
System name and description
CPU load (1 min or 5 min)
Free memory in bytes and percent
Temperature if the device exposes a sensor

Interface item prototypes

In octets (high-capacity counter)
Out octets (high-capacity counter)
In errors and out errors
Admin status and oper status
Speed if the device reports it

Value mapping examples

ifOperStatus:
- 1 → up
- 2 → down
- 3 → testing
- 4 → unknown
- 5 → dormant
- 6 → notPresent
- 7 → lowerLayerDown

Graph design tips

Use a stacked graph for in and out bandwidth on the same interface.
Show 95th percentile for capacity planning.
Show error and discard rates on a separate graph to avoid scale issues.
Create a dashboard widget that lists top interfaces by utilization.

Trigger Examples for Real Alerts

Alerts must be clear and useful. Avoid noise. Use severity that matches impact.

Interface down alert

Name: Interface {#IFNAME} is down
Expression: {TEMPLATE:ifOperStatus[{#IFINDEX}].last()}=2
Severity: High
Recovery: {TEMPLATE:ifOperStatus[{#IFINDEX}].last()}=1

High utilization alert

Name: Interface {#IFNAME} over 85% for 5m
Expression:
  avg(/TEMPLATE/ifHCInOctets[{#IFINDEX}],5m) * 8 > (ifSpeed[{#IFINDEX}] * 0.85)
  or
  avg(/TEMPLATE/ifHCOutOctets[{#IFINDEX}],5m) * 8 > (ifSpeed[{#IFINDEX}] * 0.85)
Severity: Warning

Error rate alert

Name: Interface {#IFNAME} error rate > 0.5% for 5m
Expression:
  (delta(/TEMPLATE/ifInErrors[{#IFINDEX}],5m) + delta(/TEMPLATE/ifOutErrors[{#IFINDEX}],5m))
  / (delta(/TEMPLATE/ifHCInOctets[{#IFINDEX}],5m) + delta(/TEMPLATE/ifHCOutOctets[{#IFINDEX}],5m)) * 100 > 0.5
Severity: Average

Device health alerts

CPU over 90% for 10 minutes
Free memory below 10% for 10 minutes
Temperature over a safe limit

Name: CPU high for 10m
Expression: avg(/TEMPLATE/cpu.load,10m)>90
Severity: High

Name: Memory low for 10m
Expression: min(/TEMPLATE/memory.free.percent,10m)<10
Severity: High

Macros and Mass Deployment

Macros keep credentials and thresholds consistent across many hosts.

Common macros for SNMP

{$SNMP_COMMUNITY} for v2c
{$SNMP_SECNAME}, {$SNMP_AUTHPROTOCOL}, {$SNMP_AUTHPASSPHRASE}
{$SNMP_PRIVPROTOCOL}, {$SNMP_PRIVPASSPHRASE}

Operational macros

{$IF.UTIL.WARN} and {$IF.UTIL.CRIT} for thresholds
{$IGNORE.INTERFACES} for LLD filters
{$MAINTENANCE.WINDOW} for schedule control via tags

Mass update workflow

Set macros at the template level.
Override at host or host group when needed.
Use discovery actions to assign templates at scale.

Zabbix Proxy and Distributed Sites

Use a proxy near remote sites to reduce latency and improve scale.

Benefits

Local SNMP polling reduces timeouts.
Data buffers at the proxy during WAN outages.
Central server stores history and runs alert logic.

Basic steps

Install a Zabbix Proxy at the site.
Open the proxy to the server on the required ports.
Point hosts at the proxy in the host configuration.

Performance Tuning and Template Design

Efficient design reduces load on devices and the Zabbix server.

Polling strategy

Use 1m or 2m for key items.
Use 5m or 10m for low-change values like system description.
Use bulk SNMP to reduce round trips where supported.

Template modularity

Split templates by role: base system, interfaces, wireless, routing.
Disable discovery for features you do not use.
Limit graph prototypes to essential interfaces.

History and trend storage

Keep short history for high-frequency items (e.g., 7–14 days).
Keep trends longer for capacity planning (e.g., 180–365 days).
Use preprocessing to convert counters to rates where needed.

Security Best Practices for SNMP and Access

Prefer SNMP v3 with authPriv.
Limit SNMP to management networks with ACLs.
Disable the default “public” community.
Use long passphrases and rotate them.
Use VPN or IPsec for remote branches.
Audit who can access Zabbix and MikroTik devices.
Log SNMP access attempts and review them.

Troubleshooting Guide and Common Pitfalls

SNMP appears down

Ping the device from the Zabbix server or proxy.
Verify firewall rules on the MikroTik and in any upstream firewall.
Run snmpwalk with the same version and credentials.
Check the RouterOS log for SNMP drop messages.
Confirm that the SNMP service is enabled.

SNMP v3 auth fails

Confirm the user name, auth protocol, and privacy protocol.
Check the engine ID on the router. Keep it unique per device.
Reset the v3 user if you change the engine ID.
Watch for hidden characters in passphrases when pasting.

LLD creates too many items

Filter by interface name pattern. Exclude bridges, tunnels, and virtual links if not needed.
Disable graph prototypes for less important interfaces.
Raise the discovery interval if the estate is large.

Bandwidth graphs look flat or wrong

Use high-capacity counters (ifHCInOctets and ifHCOutOctets) on fast links.
Set the correct interface speed to compute percent utilization.
Check for counter wraps on very old devices.

Traps do not reach Zabbix

Confirm that the trap daemon runs on the server or proxy.
Check firewall rules for UDP/162.
Verify the trap destination on the MikroTik.

High CPU on the router

Reduce polling frequency for heavy OIDs.
Disable unused LLD rules.
Consider a proxy closer to the device to cut SNMP retries.

Example diagnostic commands on RouterOS

# Check SNMP status
/snmp print

# Watch logs while testing
/system logging add topics=snmp
/log print follow

Automation with the Zabbix API and RouterOS Scripts

Automation reduces manual work and errors. Use the Zabbix API to add hosts and link templates. Use RouterOS scripts to standardize SNMP settings.

Add a host via the Zabbix API (curl example)

# Obtain an auth token
curl -s -X POST -H 'Content-Type: application/json' https://zabbix.example.com/api_jsonrpc.php -d '{
  "jsonrpc": "2.0",
  "method": "user.login",
  "params": { "user": "apiuser", "password": "apipass" },
  "id": 1
}'

# Use the token to create a host with an SNMP interface and link templates
curl -s -X POST -H 'Content-Type: application/json' https://zabbix.example.com/api_jsonrpc.php -d '{
  "jsonrpc":"2.0",
  "method":"host.create",
  "params":{
    "host":"mtk-rtr-branch01",
    "groups":[{"groupid":"12"}],
    "interfaces":[
      {
        "type":2, "main":1, "useip":1,
        "ip":"10.0.20.1", "dns":"", "port":"161"
      }
    ],
    "templates":[{"templateid":"10101"}],
    "macros":[
      {"macro":"{$SNMP_COMMUNITY}","value":"ZBX-RO"}
    ]
  },
  "auth":"<token>",
  "id":2
}'

RouterOS script to deploy SNMP v3

:local zuser "zbxv3"
:local apass "A-Strong-Auth-Password"
:local ppass "A-Strong-Priv-Password"

/snmp set enabled=yes
:if ([:len [/snmp user find name=$zuser]] = 0) do={
  /snmp user add name=$zuser auth-protocol=SHA auth-password=$apass \
    privacy-protocol=AES privacy-password=$ppass read-access=yes write-access=no
}

/snmp set trap-version=3
/snmp community set [find name="public"] disabled=yes

Discovery action to auto-link templates

Use ICMP or SNMP discovery on the management subnet.
Create an action to check for MikroTik system description.
Link the MikroTik template and set macros on match.

Operational Practices: Maintenance, Reporting, and SLAs

Maintenance windows

Define maintenance periods for planned changes.
Suppress alerts during the window to avoid noise.
Use host tags to group related devices.

Reporting

Send a weekly report with interface top talkers.
Show devices with high CPU or low memory.
Include incident counts and mean time to recover.

Capacity planning

Track 95th percentile per link per month.
Watch for steady growth over multiple months.
Plan upgrades before links saturate.

Integration with ticketing and chat

Send alerts to a ticket system with host, interface, and impact fields.
Send important alerts to chat with a link to graphs.
Include runbooks with each alert. Keep steps short and direct.

Step-by-Step Deployment Checklist

Document management IPs and hostnames.
Enable SNMP on MikroTik (v3 preferred).
Create a v3 user with auth and privacy.
Disable the default v2c community or restrict it.
Configure firewall rules for UDP/161 and UDP/162.
Set SNMP source address if the device has many interfaces.
Add the host in Zabbix with an SNMP interface.
Set macros for SNMP credentials.
Test with snmpwalk from the Zabbix server or proxy.
Link the base MikroTik template.
Enable LLD for interfaces and apply filters.
Review item and trigger prototypes.
Adjust polling intervals and history retention.
Verify graphs and top interfaces dashboards.
Set alert severities and escalation paths.
Schedule maintenance windows for cutovers.
Automate host addition with the API for scale.
Audit access and rotate SNMP credentials on a schedule.

Appendix: Useful OIDs, CLI, and Tools

Common OIDs (IF-MIB)

System name: 1.3.6.1.2.1.1.5.0
System uptime: 1.3.6.1.2.1.1.3.0
ifIndex: 1.3.6.1.2.1.2.2.1.1
ifDescr: 1.3.6.1.2.1.2.2.1.2
ifOperStatus: 1.3.6.1.2.1.2.2.1.8
ifHCInOctets: 1.3.6.1.2.1.31.1.1.1.6
ifHCOutOctets: 1.3.6.1.2.1.31.1.1.1.10

RouterOS quick reference

# Enable SNMP
/snmp set enabled=yes

# Create v2c community
/snmp community add name="ZBX-RO" addresses=10.0.10.50/32 read-access=yes

# Create v3 user
/snmp user add name="zbxv3" auth-protocol=SHA auth-password="A-Strong-Auth-Password" \
  privacy-protocol=AES privacy-password="A-Strong-Priv-Password" read-access=yes

# Set engine ID (optional)
/snmp set engine-id="0x0102030405060708"

# Secure firewall
/ip firewall address-list add list=zabbix-hosts address=10.0.10.50
/ip firewall filter add chain=input protocol=udp dst-port=161 src-address-list=zabbix-hosts action=accept
/ip firewall filter add chain=input protocol=udp dst-port=162 src-address-list=zabbix-hosts action=accept
/ip firewall filter add chain=input protocol=udp dst-port=161,162 action=drop

Linux SNMP tools

snmpget to query a single OID
snmpwalk to walk a tree
snmptranslate to convert names and OIDs
tcpdump udp port 161 to capture SNMP packets during tests

Zabbix useful paths

Configuration → Hosts to add devices
Configuration → Templates to manage templates
Monitoring → Hosts to review status
Monitoring → Problems to view active alerts
Administration → Proxies to manage proxies