Prometheus
Prometheus
Section titled “Prometheus”Prometheus is an open-source monitoring and alerting toolkit that collects and stores metrics as time-series data. Running it as a container on RouterOS lets you monitor your router and network infrastructure without a separate server.
The official prom/prometheus image supports ARM32, ARM64, and AMD64 architectures via a multi-arch manifest. Recommended minimum requirements are 256 MB RAM and 1 GB available storage for the container image and TSDB data.
Prerequisites
Section titled “Prerequisites”- RouterOS v7.4 or later
containerpackage installed- External storage device (USB, SATA, or NVMe recommended)
- Device mode with container support enabled
Container Mode
Section titled “Container Mode”Enable container support in device mode and reboot:
/system/device-mode/update container=yesAfter executing this command, confirm by pressing the reset button (or cold-rebooting x86 devices). The router must restart before container functionality is available.
Networking Configuration
Section titled “Networking Configuration”Create a dedicated bridge and veth interface for the Prometheus container:
/interface/bridge/add name=containers/ip/address/add address=172.18.0.1/24 interface=containers/interface/veth/add name=veth-prom address=172.18.0.2/24 gateway=172.18.0.1/interface/bridge/port/add bridge=containers interface=veth-prom/ip/firewall/nat/add chain=srcnat src-address=172.18.0.0/24 action=masqueradeIf you are already running another container on the 172.17.0.0/24 subnet, use a different subnet here (e.g., 172.18.0.0/24) to avoid overlap.
Port Forwarding
Section titled “Port Forwarding”Expose the Prometheus web UI and API to your LAN:
/ip/firewall/nat/add chain=dstnat in-interface-list=LAN protocol=tcp dst-port=9090 action=dst-nat to-addresses=172.18.0.2 to-ports=9090If your firewall forward chain default policy is drop, add an explicit accept rule:
/ip/firewall/filter/add chain=forward dst-address=172.18.0.2 protocol=tcp dst-port=9090 action=accept place-before=0Storage and Configuration
Section titled “Storage and Configuration”Prometheus requires a configuration file and a directory for its time-series database (TSDB). Create both on external storage:
/file/add name=disk1/prometheus/config type=directory/file/add name=disk1/prometheus/data type=directoryRegister the mounts:
/container/mounts/add name=prom-config src=disk1/prometheus/config dst=/etc/prometheus/container/mounts/add name=prom-data src=disk1/prometheus/data dst=/prometheusCreating the Configuration File
Section titled “Creating the Configuration File”Prometheus requires a prometheus.yml file before starting. Create a minimal configuration file on your router. You can upload a file via FTP/SCP, or use the RouterOS file editor:
global: scrape_interval: 15s
scrape_configs: - job_name: "prometheus" static_configs: - targets: ["localhost:9090"]Place this file at disk1/prometheus/config/prometheus.yml. A basic configuration like this makes Prometheus scrape itself, which is useful to verify the deployment is working. Add additional scrape targets as needed.
Set an optional timezone environment variable:
/container/envs/add list=prom-env key=TZ value=UTCPulling the Image
Section titled “Pulling the Image”Configure the registry and create the container. The cmd parameter passes startup flags directly to the Prometheus binary:
/container/config/set registry-url=https://registry-1.docker.io tmpdir=disk1/tmp/container/add \ remote-image=prom/prometheus:latest \ interface=veth-prom \ root-dir=disk1/prometheus/root \ mounts=prom-config,prom-data \ envlist=prom-env \ cmd="--config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus --web.listen-address=:9090" \ logging=yes \ start-on-boot=yesMonitor image extraction:
/container/printWait until status=stopped before starting the container.
Starting the Container
Section titled “Starting the Container”/container/start 0Verify the container is running:
/container/printThe status should change to status=running within a few seconds.
Accessing the Web UI
Section titled “Accessing the Web UI”Open a browser and navigate to http://<router-LAN-IP>:9090. The Prometheus expression browser loads, where you can run PromQL queries and inspect targets.
Check that the self-scrape target is healthy:
- Navigate to Status → Targets.
- The
prometheusjob should showUP.
Scraping RouterOS Metrics
Section titled “Scraping RouterOS Metrics”To collect RouterOS metrics in Prometheus, deploy an exporter alongside this container. Common options:
- mikrotik-exporter — exposes RouterOS metrics via SNMP or the API, scraped by Prometheus.
Add the exporter as a separate container with its own veth, then add a scrape config entry pointing to the exporter’s container IP and port.
Resource Usage
Section titled “Resource Usage”Prometheus resource consumption grows with the number of scraped targets and data retention period.
| Resource | Typical Usage (light load) |
|---|---|
| RAM | 100–300 MB |
| CPU | < 10% at idle |
| Storage | 100 MB image + TSDB data (varies by retention) |
Default TSDB retention is 15 days. Reduce it on storage-constrained devices by adding --storage.tsdb.retention.time=7d to the cmd parameter.
Container logs are accessible via:
/log print where topics~"container"Troubleshooting
Section titled “Troubleshooting”Container fails to start
Section titled “Container fails to start”Verify the prometheus.yml file exists and is valid YAML at disk1/prometheus/config/prometheus.yml. Prometheus exits immediately if the config file is missing or malformed. Check logs:
/container/set 0 logging=yes/container/start 0/log printPort 9090 not accessible
Section titled “Port 9090 not accessible”Confirm the container is running and the veth interface has an address:
/container/print/interface/veth/printCheck that the NAT rule and firewall forward rules are in place.
Verification
Section titled “Verification”Tested on staging-router-02, RouterOS 7.15.3 (stable), CHR. staging-router-01 was offline at time of validation.
Container package availability — The container package is a separate extra package and must be installed before any /container/* commands are available. A base RouterOS install returns syntax error for container commands.
Networking commands — All bridge, veth, IP address, bridge port, and NAT masquerade commands validated successfully:
[admin@staging-router-02] > /interface/veth/add name=veth-prom address=172.18.0.2/24 gateway=172.18.0.1[admin@staging-router-02] > /interface/veth/printFlags: X - disabled; R - running 0 R name="veth-prom" address=172.18.0.2/24 gateway=172.18.0.1 gateway6=""Storage directories — The /file/make-dir command does not exist in RouterOS 7.15.3. Use /file/add name=... type=directory instead (corrected above).
Container-specific commands — /container/*, /container/mounts/*, /container/envs/*, and /container/config/* require the container extra package to be installed. Enable container mode and install the package as described in Prerequisites before running these commands.
Related Information
Section titled “Related Information”- Container — core container feature documentation
- VETH — virtual ethernet interface details
- Diagnostics and Monitoring — RouterOS built-in monitoring tools