Netgate snmp vs. net-snmp
-
Hey guys
Today I played around with the Netgate snmp service and the package net-snmp for pFsense. The normal function works fine, but unfortunately they have SNMP v2 only. I want to have it more secures with SNMP v3.
I figured out, that the net-snmp package sent's less OIDs than the pfSense function - in lines snmp 7070 vs. net-snmp 4465.
I think the SNMP modules like MibII are not loaded. How can I load them for the net-snmp package?
Greetz
Ovrld -
The built-in SNMP is
bsnmpdwhich has a dedicated pf module. That's the only set of OIDs which wouldn't be available withnet-snmpsince it doesn't have a module for pf info. There isn't a way to get that information innet-snmpnatively. -
@jimp said in Netgate snmp vs. net-snmp:
The built-in SNMP is bsnmpd which has a dedicated pf module. That's the only set of OIDs which wouldn't be available with net-snmp since it doesn't have a module for pf info. There isn't a way to get that information in net-snmp natively.
Thank you for answer - is there any possibility, that the integrated snmp function get an SNMP v3 support someday?
-
It's unlikely. There is support for it in the
bsnmpddaemon but since it's already fully implemented in thenet-snmp, there is not much motivation to work on the base version since it is not as capable asnet-snmpd(which may eventually replacebsnmpd) -
@jimp said in Netgate snmp vs. net-snmp:
It's unlikely. There is support for it in the bsnmpd daemon but since it's already fully implemented in the net-snmp, there is not much motivation to work on the base version since it is not as capable as net-snmpd (which may eventually replace bsnmpd)
I could be that I understand it wrong - but with snmp I can't have a secured connection and with net-snmp I have, but I can't have all modules loaded?
-
The only information not available in net-snmp is pf-related information, which is not a missing/not loaded module, it just isn't capable of reading it.
Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
Mhm I tried with check_mk and with snmp I got a lot of information like all virtual interfaces. With the net-snmp I got less information - no virtual interfaces. But it could be, that the virtual interfaces are stored in that pf-related information.
Edit
I have another question: With net-snmp I get information about the filesystem - with snmp not. Is it not possible for the snmp to read the information? -
@jimp said in Netgate snmp vs. net-snmp:
The only information not available in net-snmp is pf-related information, which is not a missing/not loaded module, it just isn't capable of reading it.
Is any changes in this situation?
-
No.
Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp said in Netgate snmp vs. net-snmp:
No.
Thank You for answering.
So, is this mean that Netgate company not see the SNMP monitoring (even on own-branded devices) as critical (because health of main firewall = health of all infrastructure of certain organizations) ?
P.S. BTW what system for real-time Monitoring You use for 5-10G pfSense connection?
-
There are two methods to get SNMP data.
pfdata is only available in one of them. It's not up to us to determine which SNMP packages supportpfdata, that's up to the authors of the SNMP daemons.We may eventually add SNMPv3 to bsnmpd if it's viable.
But at no time does any of that even come close to implying what you are trying to twist it to mean.
Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp ok, thank You for explaining.
-
@jimp P.S. BTW what system for real-time Monitoring You use for 5-10G pfSense device?
