Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Monitor interface status with SNMP and Nagios

    Scheduled Pinned Locked Moved SNMP
    4 Posts 4 Posters 8.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nathan.snow
      last edited by

      I've noticed that SNMP on pfSense isn't well documented and most articles have you running down rabbit holes chasing down MIBs or some other nonsense. So, I wanted to post my findings and let others chime in if I missed anything.

      My goal was to monitor the operational status of an interface using Nagios. Here's what I did:

      
      List MIBs using snmpwalk:
      
      [nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString 10.10.1.1
                                     ^     ^
                      Protocol version     Read Community STRING
                      pfSense uses 2c      This is set in pfSense
      
      You will get a lot of output but you mainly want these:
      
      IF-MIB::ifDescr.2 = STRING: em1
      IF-MIB::ifDescr.12 = STRING: pppoe1
      IF-MIB::ifDescr.13 = STRING: wan_stf
      IF-MIB::ifDescr.14 = STRING: ovpns2 S2S
      IF-MIB::ifDescr.15 = STRING: ovpns3 RAS
      IF-MIB::ifDescr.16 = STRING: ovpnc1 Proton
      
      IF-MIB::ifOperStatus.2 = INTEGER: up(1)
      IF-MIB::ifOperStatus.12 = INTEGER: dormant(5)
      IF-MIB::ifOperStatus.13 = INTEGER: dormant(5)
      IF-MIB::ifOperStatus.14 = INTEGER: up(1)
      IF-MIB::ifOperStatus.15 = INTEGER: up(1)
      IF-MIB::ifOperStatus.16 = INTEGER: down(2)
      
      Find the OID (add arg -O n):
      
      [nagios@nagios etc]$ snmpwalk -v 2c -O n -c CommunityString 10.10.1.1 IF-MIB::ifOperStatus
      .1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.2 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.3 = INTEGER: down(2)
      .1.3.6.1.2.1.2.2.1.8.4 = INTEGER: down(2)
      .1.3.6.1.2.1.2.2.1.8.5 = INTEGER: down(2)
      .1.3.6.1.2.1.2.2.1.8.6 = INTEGER: dormant(5)
      .1.3.6.1.2.1.2.2.1.8.7 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.8 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.9 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.10 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.11 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.12 = INTEGER: dormant(5)
      .1.3.6.1.2.1.2.2.1.8.13 = INTEGER: dormant(5)
      .1.3.6.1.2.1.2.2.1.8.14 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.15 = INTEGER: up(1)
      .1.3.6.1.2.1.2.2.1.8.16 = INTEGER: down(2)
      ^---------------------^
               |
              OIDs
      
      Display Status of OID/MIB:
      
      MIB:
      nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString 10.10.1.1 IF-MIB::ifOperStatus.2
      IF-MIB::ifOperStatus.2 = INTEGER: up(1)
      
      OID:
      [nagios@nagios etc]$ snmpwalk -v 2c -O n -c MIMIR-Technologies 172.177.1.1 .1.3.6.1.2.1.2.2.1.8.2
      .1.3.6.1.2.1.2.2.1.8.2 = INTEGER: up(1)
      
      Nagios service:
      The (-R [1345]) is regex for anything but 2, which is a down status)
      
      define service{
          use                             generic-service,srv-pnp
          host_name                       pfsense
          service_description             Interface: Outside [wan_stf]
          check_command                   check_snmp!-C CommunityString -o .1.3.6.1.2.1.2.2.1.8.13 -R "[1345]"
      }
      
      
      1 Reply Last reply Reply Quote 0
      • A
        Aunet
        last edited by

        Thanks, very useful :)

        1 Reply Last reply Reply Quote 0
        • B
          bpb21
          last edited by

          Have you done anything with the SNMP modules in the latest pfSense?
          Just curious, and thanks for your post!

          SNMP modules
          MibII
          Netgraph
          PF
          Host Resources
          UCD
          Regex

          1 Reply Last reply Reply Quote 0
          • D
            dhaselhorst
            last edited by

            If you're interested, I did a write-up and released code for various pfSense non-SMTP checks with Nagios -- CPU, memory, pfSense services, VPN/IPSEC tunnels, interfaces, state table, firmware version, CPU temperature, system uptime, and more. The checks work on both Nagios Core and Nagios XI.
            https://www.linuxincluded.com/monitoring-pfsense-with-nagios-xi-using-ssh-part-1/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.