SprintUG Engineering — Field Manual

Network Operations
& SNMP

From four screens on the wall to total network visibility

David Emiru Egwell — CTO
SprintUG Internet Limited
1.0 — 2025
What is a NOC SNMP Fundamentals MikroTik Hands-On Zabbix Integration Live Graphs
00
Foundation

What is a NOC?

Before we touch a single command, everyone in this room needs to understand what those four screens on the wall mean — and what you are all becoming part of.

The Network Operations Centre

A Network Operations Centre — NOC, pronounced "knock" — is the nerve centre of any serious telecommunications operation. It is the room, the system, and the team responsible for monitoring, managing, and maintaining a network 24 hours a day, seven days a week, 365 days a year.

Think of it this way: a hospital has an emergency room where doctors watch over critical patients in real time. The NOC is that emergency room — but for the network. Every router, every switch, every fibre link, every subscriber connection — all of it is visible from here, and all of it is the NOC team's responsibility.

visibility

Monitor

Watch every device on the network in real time. See traffic, CPU load, interface errors — before a customer even notices something is wrong.

notifications_active

Alert

Receive automatic alerts when thresholds are breached — a link goes down, a router reboots, disk space fills up — and act on them immediately.

build

Respond

Escalate, coordinate, and fix. The NOC is the first team a fault hits and the last to stand down. Every incident is logged, every resolution documented.

analytics

Report

Produce uptime reports, SLA compliance data, and capacity trends. The NOC turns raw network events into business intelligence.

The Four Screens on the Wall

Those four 55-inch screens are not decorations. Each one serves a purpose. A world-class NOC display typically divides its screens by function:

SprintUG NOC — Tanzania Operations Centre

Screen 1 — Network Topology & Alerts
24 Sites ONLINE
ACTIVE FAULTS: 0
Screen 2 — Live Traffic Graphs
38.2 Gbps
BACKBONE UTILISATION: 64%
Screen 3 — Subscriber Dashboard
1.2M Active
TICKETS OPEN: 12
Screen 4 — Zabbix Monitoring
3 WARNINGS
LAST SNMP POLL: 2s ago

Why the NOC Exists

SprintUG serves approximately 3 million subscribers across Uganda and Tanzania. Each one of those subscribers has an expectation: that the internet works. They do not call us when it works. They call us — loudly, and all at once — when it does not.

The NOC exists so that we know before they do. The goal is to detect, diagnose, and fix every network fault before a single subscriber opens a ticket. That is what separates a reactive helpdesk from a proactive operations centre.

The NOC Creed

"We see everything. We act immediately. We fix it before they feel it."
The moment you sit in this room, in front of these screens, that is your standard. Not nine-to-five — always. Because the network never sleeps, and neither does the NOC.

NOC Team Roles — Tanzania

NameRolePrimary Responsibility
IreneNOC AnalystFirst-level monitoring, alert triage, customer impact assessment
DennisNOC AnalystNetwork device health, interface monitoring, ticket creation
IbrahimSenior EngineerEscalations, backbone fault resolution, Zabbix administration
MsabiNOC EngineerSNMP configuration, MikroTik operations, reporting
01
Chapter One

Understanding SNMP

Simple Network Management Protocol. The language that network devices use to talk to your monitoring system. Once you understand this, you understand how the NOC actually sees the network.

The Big Picture

Every piece of network equipment you will ever touch — MikroTik routers, Juniper MX80s, Huawei OLTs, Cisco switches — has a tiny built-in database of information about itself. How much traffic is flowing through each interface? What is the CPU temperature? How long has it been running? Is the fan working?

SNMP is the protocol that lets you reach into any of those devices and read — or change — that database, from a single management station, across the entire network.

Zabbix Server
SNMP Manager
↙ ↓ ↘
MikroTik
192.168.88.1
Juniper MX80
Core Router
Huawei MA5800
OLT
UDP Port 161 (queries) · UDP Port 162 (traps) · All over your management VLAN

SNMP Versions — Which One Do We Use?

VersionSecurityUse Today?Notes
SNMPv1None — plain text community stringNoHistoric. Never use on production.
SNMPv2cCommunity string only — still plain textLab / InternalMost common in ISP environments. Fine on your management VLAN.
SNMPv3Authentication + encryption (SHA/AES)ProductionUse for anything internet-facing or multi-tenant.
SprintUG Standard

In this manual we use SNMPv2c with the community string SprintTZ-NOC for lab and internal practice. For production deployment on the backbone, you will migrate to SNMPv3. Your CTO will provide the auth credentials for production systems.

MIBs and OIDs — The Address System

Before you can query a device, you need to know what to ask for. SNMP organises all device information in a tree called the Management Information Base (MIB). Every single piece of data — the CPU load, each interface's speed, the system name — lives at a specific address in this tree called an Object Identifier (OID).

Think of it like GPS coordinates

An OID is just a path through a tree. 1.3.6.1.2.1.1.3.0 always means "how long has this device been running" — on any device, from any vendor, anywhere in the world. That universality is what makes SNMP powerful.

Essential OIDs You Will Use Every Day

OIDName (MIB)What it returns
1.3.6.1.2.1.1.1.0sysDescrFull device description string
1.3.6.1.2.1.1.3.0sysUpTimeHow long the device has been running (in timeticks)
1.3.6.1.2.1.1.5.0sysNameThe configured hostname
1.3.6.1.2.1.2.2.1.10.1ifInOctets.1Bytes received on interface 1
1.3.6.1.2.1.2.2.1.16.1ifOutOctets.1Bytes sent on interface 1
1.3.6.1.4.1.14988.1.1.3.1.0mtxrHlCpuTemperatureMikroTik CPU temperature
1.3.6.1.4.1.14988.1.1.1.1.0mtxrHlActiveFirmwareVersionMikroTik RouterOS version
1.3.6.1.2.1.25.3.3.1.2.1hrProcessorLoad.1CPU load percentage
MikroTik OID Prefix

All MikroTik-specific OIDs begin with 1.3.6.1.4.1.14988. That number, 14988, is MikroTik's Private Enterprise Number (PEN) — assigned by IANA. Every vendor has their own. Juniper is 2636, Cisco is 9.

The Three Operations — GET, SET, TRAP

SNMP has exactly three things it can do. Master these three and you understand the entire protocol.

Operation 1

GET

Manager → Agent → Manager

You ask. The device answers. You send a GET request to the device with an OID, and it returns the current value.

Used for: reading interface counters, CPU load, uptime, temperatures, link status — anything you want to read.

Like asking a colleague: "What is the current CPU load?" and getting a number back.
Operation 2

SET

Manager → Agent (writes)

You tell. The device does. You send a SET request with an OID and a new value, and the device changes its configuration.

Used for: changing system name, enabling/disabling interfaces, writing to writable MIB objects. Requires write community string.

Like telling a colleague: "Set the interface description to 'Uplink-Wingu'" and they do it.
Operation 3

TRAP

Agent → Manager (unsolicited)

The device tells you — without being asked. When something important happens (link down, reboot, threshold breach), the device fires a TRAP to your server.

This is how the NOC gets instant alerts. You do not poll every second — the device calls you.

Like a smoke alarm that goes off by itself — you did not ask it, but it tells you anyway.

How Polling Works

For GET operations (and GETNEXT, GETBULK), Zabbix uses a polling model: every N seconds it sends a UDP packet on port 161 to the device, asking for specific OIDs. The device responds immediately. Zabbix stores the result, calculates rates (e.g. bytes per second from interface counters), and graphs them.

For TRAPs, the device sends an unsolicited UDP packet to your server on port 162. Zabbix listens on 162 and processes incoming traps as events. This is used for critical alerts — link down, authentication failure, high temperature.

02
Chapter Two

SNMP on MikroTik

Hands on the keyboard now. We will configure SNMP on the MikroTik at 192.168.88.1, then query it from the command line to see GET, SET, and TRAP in real life.

Step 1 — Enable SNMP on the MikroTik

You can do this from WinBox, WebFig, or the terminal. We do it from the terminal — always from the terminal.

MikroTik RouterOS CLI — 192.168.88.1 
# SSH into your MikroTik first
ssh admin@192.168.88.1

# Enable the SNMP service
/snmp set enabled=yes

# Set the contact and location (shows in sysContact / sysLocation OIDs)
/snmp set contact="noc@sprinttz.co.tz" location="DermPlaza, Dar es Salaam"

# Add a read-only community string (this is the "password" for SNMP)
/snmp community add name=SprintTZ-NOC security=none read-access=yes write-access=no addresses=10.10.10.0/24

# IMPORTANT: Restrict to your management network only. Never open SNMP to 0.0.0.0/0

# Verify the configuration
/snmp print
      enabled: yes
      contact: noc@sprinttz.co.tz
     location: DermPlaza, Dar es Salaam
    trap-version: 2
    trap-community: SprintTZ-NOC

/snmp community print
 # NAME           ADDRESSES      SECURITY  READ-ACCESS  WRITE-ACCESS
 0 SprintTZ-NOC  10.10.10.0/24  none      yes          no

Configure TRAP Destination

Tell the MikroTik where to send its alerts (your Zabbix server IP):

MikroTik — TRAP Target Configuration 
# Tell MikroTik to send TRAPs to your Zabbix server
/snmp set trap-target=10.10.10.50 trap-version=2 trap-community=SprintTZ-NOC

# Confirm
/snmp print
  trap-target: 10.10.10.50
  trap-version: 2
  trap-community: SprintTZ-NOC

# 10.10.10.50 = your Zabbix server, listening on UDP 162

SNMP GET — Reading Values from the MikroTik

Now we query the device. From your Linux management machine (or Zabbix server), install the SNMP tools and start reading values:

Linux Management Station — Installing SNMP Tools 
# Ubuntu / Debian
sudo apt install snmp snmp-mibs-downloader -y
sudo download-mibs

# Enable MIB loading (optional, gives you human-readable names)
sudo sed -i 's/^mibs :/#mibs :/' /etc/snmp/snmp.conf

GET — System Information

snmpget — Reading MikroTik System Info 
# Basic syntax: snmpget -v VERSION -c COMMUNITY HOST OID

# Get the system description
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = STRING: RouterOS CHR 7.14.3 (c) 2024 MikroTik

# Get the system uptime
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.2.1.1.3.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (864273456) 100 days, 1:32:14.56

# Get the hostname
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.2.1.1.5.0
SNMPv2-MIB::sysName.0 = STRING: KILI-EDGE-01

# Get CPU load (percentage)
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.2.1.25.3.3.1.2.1
HOST-RESOURCES-MIB::hrProcessorLoad.1 = INTEGER: 14
# 14% CPU load

# Get free memory
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.2.1.25.2.3.1.6.65536
HOST-RESOURCES-MIB::hrStorageUsed.65536 = INTEGER: 14238

GETBULK — Get Everything at Once

snmpwalk / snmpbulkwalk — Enumerate the Whole MIB Tree 
# Walk the entire system subtree
snmpwalk -v2c -c SprintTZ-NOC 192.168.88.1 system
SNMPv2-MIB::sysDescr.0 = STRING: RouterOS CHR 7.14.3
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.14988.1
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (864273456)
SNMPv2-MIB::sysContact.0 = STRING: noc@sprinttz.co.tz
SNMPv2-MIB::sysName.0 = STRING: KILI-EDGE-01
SNMPv2-MIB::sysLocation.0 = STRING: DermPlaza, Dar es Salaam

# Walk all interfaces (ifTable)
snmpwalk -v2c -c SprintTZ-NOC 192.168.88.1 ifDescr
IF-MIB::ifDescr.1 = STRING: ether1
IF-MIB::ifDescr.2 = STRING: ether2
IF-MIB::ifDescr.3 = STRING: ether3
IF-MIB::ifDescr.4 = STRING: wlan1

# Get interface operational status (1=up, 2=down)
snmpwalk -v2c -c SprintTZ-NOC 192.168.88.1 ifOperStatus
IF-MIB::ifOperStatus.1 = INTEGER: up(1)
IF-MIB::ifOperStatus.2 = INTEGER: up(1)
IF-MIB::ifOperStatus.3 = INTEGER: down(2)
IF-MIB::ifOperStatus.4 = INTEGER: up(1)

# Get traffic counters for ether1
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 \
  ifInOctets.1 ifOutOctets.1
IF-MIB::ifInOctets.1 = Counter32: 4829384723
IF-MIB::ifOutOctets.1 = Counter32: 2913847291
# These are cumulative counters. Poll twice, subtract, divide by time = bps

MikroTik-Specific OIDs

MikroTik Enterprise MIB (OID prefix: 1.3.6.1.4.1.14988) 
# CPU Temperature
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.4.1.14988.1.1.3.1.0
MIKROTIK-MIB::mtxrHlCpuTemperature.0 = Gauge32: 52
# 52°C — healthy range for most MikroTik hardware

# Board Temperature
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.4.1.14988.1.1.3.9.0
MIKROTIK-MIB::mtxrHlBoardTemperature.0 = Gauge32: 48

# Voltage
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.4.1.14988.1.1.3.8.0
MIKROTIK-MIB::mtxrHlVoltage.0 = Gauge32: 240
# Value is in tenths of a volt → 240 = 24.0V

# Active Firmware Version
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.4.1.14988.1.1.7.4.0
MIKROTIK-MIB::mtxrRouterOSVersion.0 = STRING: 7.14.3

# Total registered wireless clients
snmpget -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.4.1.14988.1.1.1.3.1.5.1
MIKROTIK-MIB::mtxrWlApClientCount.1.1 = Gauge32: 23

SNMP SET — Writing Values to the MikroTik

⚠ Write Access Warning

SET operations modify live device configuration. Always use a separate write community string with a different name and restrict it to only your management station IP. Never use the same community string for reads and writes in production.

Enabling Write Community

MikroTik — Add Write Community 
# On the MikroTik: add a SEPARATE write community
/snmp community add name=SprintTZ-WRITE security=none read-access=yes write-access=yes addresses=10.10.10.50/32

# ONLY your Zabbix server (10.10.10.50) can write. Nothing else.

SET Examples

snmpset — Modifying MikroTik Configuration 
# Syntax: snmpset -v2c -c WRITE_COMMUNITY HOST OID TYPE VALUE
# Types: s=string  i=integer  u=unsigned  t=timeticks

# Change the system name (sysName)
snmpset -v2c -c SprintTZ-WRITE 192.168.88.1 \
  1.3.6.1.2.1.1.5.0 s "KILI-EDGE-01"
SNMPv2-MIB::sysName.0 = STRING: KILI-EDGE-01

# Change the system location
snmpset -v2c -c SprintTZ-WRITE 192.168.88.1 \
  1.3.6.1.2.1.1.6.0 s "DermPlaza Rack-03 U12, Dar es Salaam"
SNMPv2-MIB::sysLocation.0 = STRING: DermPlaza Rack-03 U12, Dar es Salaam

# Change the contact email
snmpset -v2c -c SprintTZ-WRITE 192.168.88.1 \
  1.3.6.1.2.1.1.4.0 s "noc@sprinttz.co.tz | +255 000 000 000"
SNMPv2-MIB::sysContact.0 = STRING: noc@sprinttz.co.tz | +255 000 000 000

# Verify all three were set
snmpwalk -v2c -c SprintTZ-NOC 192.168.88.1 system | grep -E 'Name|Location|Contact'
SNMPv2-MIB::sysContact.0 = STRING: noc@sprinttz.co.tz | +255 000 000 000
SNMPv2-MIB::sysName.0 = STRING: KILI-EDGE-01
SNMPv2-MIB::sysLocation.0 = STRING: DermPlaza Rack-03 U12, Dar es Salaam
What MikroTik Does Not Allow via SNMP SET

RouterOS restricts many configuration objects to read-only in the MIB. You cannot add firewall rules, routing entries, or user accounts via SNMP SET. For those, use the RouterOS API or SSH/Netconf. SNMP SET on MikroTik is mainly used for system identification fields — sysName, sysContact, sysLocation — and some interface administrative states.

SNMP TRAP — The MikroTik Calling You

Unlike GET and SET which you initiate, TRAPs are fired by the device. The MikroTik has built-in events that trigger SNMP TRAPs automatically. Here is how to receive and inspect them.

Listen for TRAPs on Your Management Machine

Linux — Running a TRAP Receiver 
# Start snmptrapd on your management station to receive traps
sudo snmptrapd -f -Lo -c /etc/snmp/snmptrapd.conf udp:162

# Or for quick debugging, use snmptrapd in print mode
sudo snmptrapd -f -Lo -On udp:162

# Now go to the MikroTik and send a test trap
# (From MikroTik terminal)
/tool snmp-get address=10.10.10.50 community=SprintTZ-NOC oid=1.3.6.1.2.1.1.1.0

What a TRAP Looks Like

When the MikroTik reboots, or an interface goes down, your trap receiver sees this on port 162:

SNMP TRAP — Interface Down Event (linkDown Trap) 
2025-11-14 23:47:02 192.168.88.1 [UDP: [192.168.88.1]:51234->[10.10.10.50]:162]
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (12834900) 1 day, 11:39:09.00
SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkDown
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifDescr.3 = STRING: ether3
IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifAdminStatus.3 = INTEGER: up(1)
IF-MIB::ifOperStatus.3 = INTEGER: down(2)

# Translation: ether3 was administratively UP but went operationally DOWN
# = cable pulled, SFP failure, or remote end went down

Common MikroTik TRAP Events

EventTrap OIDWhat it means for you
coldStart1.3.6.1.6.3.1.1.5.1Device rebooted from a cold state (power cycle). Investigate why.
warmStart1.3.6.1.6.3.1.1.5.2Device restarted its SNMP agent. Possible config reload.
linkDown1.3.6.1.6.3.1.1.5.3An interface went down. Critical — investigate immediately.
linkUp1.3.6.1.6.3.1.1.5.4An interface came back up. Often follows a linkDown.
authenticationFailure1.3.6.1.6.3.1.1.5.5Wrong community string used. Possible security incident.
TRAP vs Polling — When to Use Which

Use polling (GET) for continuous data like CPU%, bandwidth, temperature — things that change gradually. Use TRAPs for discrete events like link state changes, reboots, and authentication failures. Zabbix can handle both simultaneously on the same host.

Live SNMP Graphs — MikroTik at 192.168.88.1

This is what your NOC screens should look like. The data below simulates real SNMP polls from the MikroTik, updating every 2 seconds — exactly how Zabbix will display it.

KILI-EDGE-01
192.168.88.1
7.14.3
100d 1h 32m
14%
52°C
Polling
Interface Traffic — ether1 (Uplink to Wingu)
SNMP OID: ifInOctets.1 / ifOutOctets.1 — polled every 2s
LIVE
CPU Load %
OID: hrProcessorLoad.1
Temperature °C
OID: mtxrHlCpuTemperature.0
Interface Status — ifOperStatus
SNMP Walk: ifOperStatus (OID 1.3.6.1.2.1.2.2.1.8)
Bandwidth Utilisation — All Interfaces
Derived from ifInOctets + ifOutOctets counter deltas
03
Chapter Three

SNMP on Zabbix

Zabbix is the monitoring platform we run at SprintUG. It takes everything you just learned about SNMP and does it automatically — for every device on the network, every minute of every day — and puts the results on your NOC screens.

What Zabbix Does

schedule

Scheduled Polling

Every N seconds, Zabbix sends SNMP GET requests to every device and stores the result in its database automatically.

warning_amber

Triggers & Alerts

Define thresholds. If CPU > 85% for 5 minutes, page the engineer. If link goes down, sound the NOC alarm. All automatic.

bar_chart

Graphs & Dashboards

Historical graphs of every metric. Build custom dashboards for the NOC screens. SLA reports. Capacity planning data.

inventory_2

MIB Templates

Pre-built MikroTik, Juniper, Cisco, and Huawei templates. Add a device and Zabbix already knows what OIDs to query.

Adding Your MikroTik to Zabbix

Log into your Zabbix web interface and follow these steps. We assume Zabbix 6.x or 7.x is already installed on your server at 10.10.10.50.

A — Install Zabbix (if not done yet)

Ubuntu 24.04 — Zabbix 7.0 LTS Installation 
# Add Zabbix repository
wget https://repo.zabbix.com/zabbix/7.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_7.0-2+ubuntu24.04_all.deb
sudo dpkg -i zabbix-release_7.0-2+ubuntu24.04_all.deb
sudo apt update

# Install Zabbix server + agent + web frontend + SNMP support
sudo apt install -y zabbix-server-mysql zabbix-frontend-php \
  zabbix-apache-conf zabbix-sql-scripts zabbix-agent \
  snmpd snmp-mibs-downloader

# Configure MySQL database
mysql -u root -e "CREATE DATABASE zabbix CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;"
mysql -u root -e "CREATE USER 'zabbix'@'localhost' IDENTIFIED BY 'SprintTZ2025!';"
mysql -u root -e "GRANT ALL ON zabbix.* TO 'zabbix'@'localhost';"
zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql -uzabbix -p zabbix

# Edit /etc/zabbix/zabbix_server.conf
sudo sed -i 's/# DBPassword=/DBPassword=SprintTZ2025!/' /etc/zabbix/zabbix_server.conf

# Start services
sudo systemctl enable --now zabbix-server zabbix-agent apache2
● zabbix-server.service: active (running)
● zabbix-agent.service: active (running)

# Open browser: http://10.10.10.50/zabbix
# Default credentials: Admin / zabbix  (CHANGE IMMEDIATELY)

B — Configure Zabbix to Talk SNMP

Zabbix Server — SNMP Trap Receiver Setup 
# Install snmptrapd for receiving MikroTik traps
sudo apt install snmptrapd -y

# Edit /etc/snmp/snmptrapd.conf
sudo tee /etc/snmp/snmptrapd.conf <<EOF
authCommunity log,execute,net SprintTZ-NOC
traphandle default /usr/sbin/zabbix_trap_receiver.pl
EOF

# Edit /etc/default/snmptrapd
sudo sed -i 's/TRAPDRUN=no/TRAPDRUN=yes/' /etc/default/snmptrapd

# Start snmptrapd
sudo systemctl enable --now snmptrapd
● snmptrapd.service: active (running)
# Now Zabbix will receive and process MikroTik TRAPs automatically

C — Add the MikroTik Host in Zabbix UI

  1. 1
    Navigate to Configuration → Hosts → Create host In the Zabbix web interface, go to Configuration in the left menu, then Hosts, then click the blue "Create host" button in the top right corner.
  2. 2
    Fill in the Host tab
    Host Configuration Fields
    Host name:     KILI-EDGE-01
Visible name:  Kilimanjaro Edge Router — DermPlaza
Groups:        SprintTZ / MikroTik Routers
Interfaces:   [Add] → Type: SNMP
               IP address: 192.168.88.1
               Port: 161
               SNMP version: SNMPv2
               Community: {$SNMP_COMMUNITY}
               # Use a macro — define {$SNMP_COMMUNITY}=SprintTZ-NOC
               #   at Administration > General > Macros
  3. 3
    Assign the MikroTik Template In the Templates tab, type "MikroTik" in the search box. Select:
    Template Net MikroTik SNMP
    This built-in template contains 30+ pre-configured SNMP items for CPU, memory, interfaces, temperature, and more — all mapped to the correct OIDs automatically.
  4. 4
    Click Add, wait 30 seconds, check Latest Data After saving, go to Monitoring → Latest Data, filter by your host, and you should see data flowing in. If it shows NODATA, the community string or IP is wrong — recheck.

SNMP Items, Triggers, and Actions

An Item in Zabbix is a single SNMP polling job — one OID, one device, one metric. The MikroTik template creates about 40 items for you automatically. Here is how to create one manually so you understand the structure:

Creating a Custom SNMP Item

Zabbix — Custom SNMP Item Configuration 
# Go to Configuration → Hosts → KILI-EDGE-01 → Items → Create item

Name:          CPU Temperature
Type:          SNMP agent
Key:           snmp.cpu.temperature
SNMP OID:      1.3.6.1.4.1.14988.1.1.3.1.0
Host interface: 192.168.88.1:161
Type of info:  Numeric (unsigned)
Units:         °C
Update interval: 30s
History:       90d
Trends:        365d

# Preprocessing (MikroTik returns temperature as raw integer = degrees)
Preprocessing: None needed for this OID
# For OIDs that return in tenths (like voltage), add: Custom multiplier 0.1

Creating a Trigger (Alert Condition)

Zabbix — Trigger Configuration for High Temperature 
# Go to Items → CPU Temperature → Triggers tab → Create trigger

Name:          {HOST.NAME}: CPU temperature is critically high
Severity:      High
Expression:    last(/KILI-EDGE-01/snmp.cpu.temperature) > 70

# This fires when the last polled value exceeds 70°C

Recovery expression:  last(/KILI-EDGE-01/snmp.cpu.temperature) < 60
# Recovers (goes green) when temp drops below 60°C

# Common triggers you should set up for every MikroTik:
✓ CPU load > 85% for 5 minutes       → Average severity
✓ Interface ether1 linkDown TRAP      → High severity
✓ Temperature > 70°C                  → High severity
✓ Free memory < 20%                   → Warning
✓ Device unreachable (no SNMP reply)  → Disaster severity

Creating an Action (What Happens When a Trigger Fires)

1

Go to Configuration → Actions → Trigger actions → Create action

Name it "NOC Alert — MikroTik Fault". Set conditions to match the trigger severity and host group.

2

Set the Operations (what to do when alert fires)

Add operations: Send message to user group "NOC Team" via Email, and optionally via SMS or Telegram. The message template should include: {HOST.NAME} / {TRIGGER.NAME} / {TRIGGER.STATUS} / Time: {EVENT.DATE} {EVENT.TIME}

3

Set Recovery Operations

When the trigger recovers (returns to normal), send a "RESOLVED" message to the same group. This tells the NOC team the issue is cleared and they can close the ticket.

4

Set Escalations for long-running problems

If the problem is not acknowledged within 15 minutes, escalate to a senior engineer. If not resolved within 1 hour, escalate to the CTO. Zabbix handles this automatically through the escalation steps.

Useful Zabbix Expressions Reference

GoalExpressionMeaning
High CPUavg(/host/cpu.load,5m) > 80Average CPU over 5 minutes exceeds 80%
Interface downlast(/host/ifOperStatus[ether1]) = 2Interface is operationally down
No data (device offline)nodata(/host/snmp.cpu.temp,5m) = 1No SNMP response for 5 minutes
High bandwidthlast(/host/ifInOctets[ether1]) > 100000000Ingress bytes > 100 MB/s
High temperaturelast(/host/cpu.temp) > 70Temperature above 70°C

Building the NOC Dashboard

The final step — connecting everything to those four screens on the wall. A Zabbix dashboard is a collection of widgets: graphs, maps, problem lists, and gauges. Here is how to build one that belongs on a NOC screen.

  1. 1
    Go to Monitoring → Dashboards → Create dashboard Name it "SprintTZ NOC — Screen 4". Set the display period to "Last 1 hour" for graph widgets.
  2. 2
    Add a Problems widget (top priority) Widget type: Problem hosts. Filter: all host groups. Order by: Severity. This shows a live list of all active alerts. Put this in the top-left corner of the screen — it is the most important thing on the NOC display.
  3. 3
    Add Graph widgets for each critical device Widget type: Graph. Select your MikroTik host and choose the "Interface traffic" graph that was auto-created by the template. Add separate graphs for CPU load and temperature. Stack them down the right side of the screen.
  4. 4
    Add a Network Map Widget type: Map. Use the network topology map you built in Administration → General → Images. Zabbix automatically colours devices green (OK), orange (Warning), or red (Problem) based on their trigger states. This gives the NOC a geographic overview at a glance.
  5. 5
    Set the dashboard to kiosk mode and full-screen Press Ctrl + Shift + F (or use the dashboard menu → Kiosk mode). This hides the Zabbix navigation and shows only the dashboard content. Open this URL on Screen 4 and the browser will show it full-screen, auto-refreshing.
    Kiosk Mode URL
    http://10.10.10.50/zabbix/zabbix.php?action=dashboard.view&dashboardid=1&kiosk=1
NOC Display Rotation

For four screens showing different dashboards, set up a browser extension like "Tab Auto Refresh" or use a lightweight media player like chromium-browser --kiosk on a Raspberry Pi connected to each screen. You can rotate between dashboards with the ?page=N parameter in the Zabbix dashboard URL.

Quick Reference — SNMP Command Cheat Sheet

SNMP Engineer Cheat Sheet — SprintTZ NOC 
══════════════════════════════════════════════════════
  SNMP CHEAT SHEET — SprintUG NOC Engineers
══════════════════════════════════════════════════════

# ── GET ───────────────────────────────────────────
snmpget  -v2c -c SprintTZ-NOC 192.168.88.1 sysUpTime.0
snmpget  -v2c -c SprintTZ-NOC 192.168.88.1 sysName.0
snmpget  -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.2.1.25.3.3.1.2.1
snmpget  -v2c -c SprintTZ-NOC 192.168.88.1 1.3.6.1.4.1.14988.1.1.3.1.0

# ── WALK ──────────────────────────────────────────
snmpwalk -v2c -c SprintTZ-NOC 192.168.88.1 system
snmpwalk -v2c -c SprintTZ-NOC 192.168.88.1 ifDescr
snmpwalk -v2c -c SprintTZ-NOC 192.168.88.1 ifOperStatus
snmpwalk -v2c -c SprintTZ-NOC 192.168.88.1 interfaces

# ── BULK GET (faster for large tables) ───────────
snmpbulkwalk -v2c -c SprintTZ-NOC 192.168.88.1 ifTable

# ── SET ───────────────────────────────────────────
snmpset  -v2c -c SprintTZ-WRITE 192.168.88.1 sysName.0    s "NEW-NAME"
snmpset  -v2c -c SprintTZ-WRITE 192.168.88.1 sysLocation.0 s "Rack-03"

# ── TRAP RECEIVER ─────────────────────────────────
sudo snmptrapd -f -Lo -On udp:162
# Listen for incoming traps in foreground, print OIDs numerically

# ── OID QUICK REFERENCE ───────────────────────────
sysDescr      1.3.6.1.2.1.1.1.0
sysUpTime     1.3.6.1.2.1.1.3.0
sysName       1.3.6.1.2.1.1.5.0
ifDescr       1.3.6.1.2.1.2.2.1.2
ifOperStatus  1.3.6.1.2.1.2.2.1.8
ifInOctets    1.3.6.1.2.1.2.2.1.10
ifOutOctets   1.3.6.1.2.1.2.2.1.16
cpuLoad       1.3.6.1.2.1.25.3.3.1.2
mtxrCpuTemp   1.3.6.1.4.1.14988.1.1.3.1.0
mtxrROSVer    1.3.6.1.4.1.14988.1.1.7.4.0
══════════════════════════════════════════════════════
End of Manual — Your Homework

Before the next session: SSH into 192.168.88.1, enable SNMP with your own community string, and run at least five snmpget commands. Document each OID you query and the value it returns. Bring that list to the next session. If you can get Zabbix receiving data from the MikroTik before then — your name goes on the wall.

codeandcore
SprintUG Internet Limited · Engineering Knowledge Series · Crafted by daudithemechanic
profile.codeandcore.dev