Trobule with bsnmpd (using it for monitoring via Zabbix)

hrx

Hello everyone,

we have been observing problems for some time (in principle only since the upgrade of the customer firewalls we monitor to pfSense+ 24.03), which apparently either originate from the bsnmpd service or are at least related to it. We use bsnmpd to monitor the systems using Zabbix.

The problems are that Zabbix reports that there is not enough swap space available on the firewall (Zabbix problem message: ‘FreeBSD: Lack of free swap space on fqdn.of.firewall’).

If you then log in to such a firewall to find the cause, the following log entries are noticeable in the system log file:

<12>1 2024-09-16T04:34:51.158667+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.408771+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.409790+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.411472+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.413151+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.413938+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.417739+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.418613+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.419476+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.421209+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.422935+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.423696+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22: cannot open /etc/hosts.allow: Too many open files
<12>1 2024-09-16T04:34:51.427108+02:00 fqdn.of.firewall snmpd 33764 - - warning: /etc/hosts.allow, line 22:

When you restart the bsnmp service, the swap space utilisation normalises immediately, and the log entries shown above no longer appear.

As already mentioned, this issue does not occur on any firewall with a pfSense+ version <24.

Do you have any ideas on how to approach this? A temporary, scheduled restart of the service (how do you do that in the cleanest/best way?) would also be a workaround.

Thanks

keyser

@hrx It’s a known bug in BSNMPD that is causing this. I discovered it with the help of Netgate after the 24.03 release.

Unfortunately Netgate decided not to release a fix for this issue and instead wait for 23.08 - which is now massive delay’ed - and might be so until 2025. So you’ll have to live with it as it’s not a priority for Netgate :-(

https://forum.netgate.com/topic/188050/24-03-causes-sustained-rise-in-processes-count-and-memory-usage?_=1727700240401

hrx

@keyser Thanks for the pointer to the post! It's clear now that we'll have to wait until 24.08.

In the meantime, I'll set up a cron-controlled restart of bsnmpd on all monitored firewalls sigh :-)