If you're interested, I did a write-up and released code for various pfSense non-SMTP checks with Nagios -- CPU, memory, pfSense services, VPN/IPSEC tunnels, interfaces, state table, firmware version, CPU temperature, system uptime, and more. The checks work on both Nagios Core and Nagios XI.
There is no mechanism to get that over SNMP currently.
It might be possible with NET-SNMP and an extend entry pointing to a custom script which fetches the connected users, or a custom command executed through a zabbix agent, but nothing exists out of the box.
Thanks for quick reply.
Do you have a documentation with custom commands i can execute on pfSense?
I would like to try this approach with "a custom commands executed through a zabbix agent"
Thanks a lot
I tried different modules and it made no difference. I did notice that the SG-4860's I have in the wild list their interfaces individually for assignment where as this SG-3100 (First one I've tried) seems to group them under mvneta. The SG-4860's don't have this snmpd notification in their logs. I wonder if there is a way to release the ports from this group and control the interfaces individually? Maybe then they would be listed as "configured"?
I am just going through the same snmp config.
I did a snmpwalk on my pfsense box and found this, hopefully when i convert this into an OID it will return the temps..
HOST-RESOURCES-MIB::hrDeviceDescr.104 = STRING: amdtemp0: AMD CPU On-Die Thermal Sensors
Hope this helps,
Not on 2.3.x, but on 2.4 we have a NET-SNMP package and you can make as many different communities as you like (with different access levels, too). Or even better, SNMPv3 authentication and encrypted transport.
While you might be able to fake that using it as a gateway with a monitor + SMTP notifications, realistically that's not feasible. The firewall isn't a monitoring system, you'd be better served by setting up a small monitoring system separate from the firewall (even something light like smokeping) to keep an eye on things like that for you.
Yep, agreed - you're absolutely right! I did try a custom command (manually edited /var/etc/snmpd.conf) - and the command does work, but it doesn't update on demand (just like you said), rather it executes on a preset / configured schedule. That may be OK though - is there a way to set the custom commands? If not, not a biggie - would just be handy.
Someone could write up a package for net-snmp.
It probably won't make it into base because of its required dependencies, though perhaps that can be trimmed as well.
Is this made any easier by the new architecture in 2.3? I can do pkg install net-snmp easily enough, no dependencies are installed at all.
nope, xen. Past pfsense versions I've ran in the exact same config had working 64 bit counters but a recent change in 2.3 made them go away. Plenty of other OS's running in VM's here have working 64 bit counters so I'm not sure how it would be a hypervisor issue
From the OpenNMS server, you can use the snmp-request tool in the $OPENNMS_HOME/bin directory.
For example, support that the IP address of the target node is 192.168.0.8, the community string is public, and the SNMP agent is enabled using the default port with SNMPv2, the command should look like this:
/opt/opennms/bin/snmp-request -c public -v 2c -Ow 192.168.0.8 .126.96.36.199.2.1.1
This is equivalent to execute an snmpwalk like this:
snmpwalk -One -v 2c -c public 10.0.0.1 system
I found the cause of the problem. I used a special character ("ß") in the SNMP location field which is not valid (I simply overlooked that error). However, I was able to enter it on the "Services: SNMP" page and it caused a hick-up in the configuration. I think it might be a good idea to check that only USASCII characters are used for sysLocation and sysContact.