Monitor interface status with SNMP and Nagios

nathan.snow

I've noticed that SNMP on pfSense isn't well documented and most articles have you running down rabbit holes chasing down MIBs or some other nonsense. So, I wanted to post my findings and let others chime in if I missed anything.

My goal was to monitor the operational status of an interface using Nagios. Here's what I did:

List MIBs using snmpwalk:

[nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString 10.10.1.1
                               ^     ^
                Protocol version     Read Community STRING
                pfSense uses 2c      This is set in pfSense

You will get a lot of output but you mainly want these:

IF-MIB::ifDescr.2 = STRING: em1
IF-MIB::ifDescr.12 = STRING: pppoe1
IF-MIB::ifDescr.13 = STRING: wan_stf
IF-MIB::ifDescr.14 = STRING: ovpns2 S2S
IF-MIB::ifDescr.15 = STRING: ovpns3 RAS
IF-MIB::ifDescr.16 = STRING: ovpnc1 Proton

IF-MIB::ifOperStatus.2 = INTEGER: up(1)
IF-MIB::ifOperStatus.12 = INTEGER: dormant(5)
IF-MIB::ifOperStatus.13 = INTEGER: dormant(5)
IF-MIB::ifOperStatus.14 = INTEGER: up(1)
IF-MIB::ifOperStatus.15 = INTEGER: up(1)
IF-MIB::ifOperStatus.16 = INTEGER: down(2)

Find the OID (add arg -O n):

[nagios@nagios etc]$ snmpwalk -v 2c -O n -c CommunityString 10.10.1.1 IF-MIB::ifOperStatus
.1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.2 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.3 = INTEGER: down(2)
.1.3.6.1.2.1.2.2.1.8.4 = INTEGER: down(2)
.1.3.6.1.2.1.2.2.1.8.5 = INTEGER: down(2)
.1.3.6.1.2.1.2.2.1.8.6 = INTEGER: dormant(5)
.1.3.6.1.2.1.2.2.1.8.7 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.8 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.9 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.10 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.11 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.12 = INTEGER: dormant(5)
.1.3.6.1.2.1.2.2.1.8.13 = INTEGER: dormant(5)
.1.3.6.1.2.1.2.2.1.8.14 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.15 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.16 = INTEGER: down(2)
^---------------------^
         |
        OIDs

Display Status of OID/MIB:

MIB:
nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString 10.10.1.1 IF-MIB::ifOperStatus.2
IF-MIB::ifOperStatus.2 = INTEGER: up(1)

OID:
[nagios@nagios etc]$ snmpwalk -v 2c -O n -c MIMIR-Technologies 172.177.1.1 .1.3.6.1.2.1.2.2.1.8.2
.1.3.6.1.2.1.2.2.1.8.2 = INTEGER: up(1)

Nagios service:
The (-R [1345]) is regex for anything but 2, which is a down status)

define service{
    use                             generic-service,srv-pnp
    host_name                       pfsense
    service_description             Interface: Outside [wan_stf]
    check_command                   check_snmp!-C CommunityString -o .1.3.6.1.2.1.2.2.1.8.13 -R "[1345]"
}

Aunet

Thanks, very useful :)

bpb21

Have you done anything with the SNMP modules in the latest pfSense?
Just curious, and thanks for your post!

SNMP modules
MibII
Netgraph
PF
Host Resources
UCD
Regex

dhaselhorst

If you're interested, I did a write-up and released code for various pfSense non-SMTP checks with Nagios -- CPU, memory, pfSense services, VPN/IPSEC tunnels, interfaces, state table, firmware version, CPU temperature, system uptime, and more. The checks work on both Nagios Core and Nagios XI.
https://www.linuxincluded.com/monitoring-pfsense-with-nagios-xi-using-ssh-part-1/