• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Monitor interface status with SNMP and Nagios

Scheduled Pinned Locked Moved SNMP
4 Posts 4 Posters 8.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nathan.snow
    last edited by Jul 29, 2017, 3:14 PM

    I've noticed that SNMP on pfSense isn't well documented and most articles have you running down rabbit holes chasing down MIBs or some other nonsense. So, I wanted to post my findings and let others chime in if I missed anything.

    My goal was to monitor the operational status of an interface using Nagios. Here's what I did:

    
    List MIBs using snmpwalk:
    
    [nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString 10.10.1.1
                                   ^     ^
                    Protocol version     Read Community STRING
                    pfSense uses 2c      This is set in pfSense
    
    You will get a lot of output but you mainly want these:
    
    IF-MIB::ifDescr.2 = STRING: em1
    IF-MIB::ifDescr.12 = STRING: pppoe1
    IF-MIB::ifDescr.13 = STRING: wan_stf
    IF-MIB::ifDescr.14 = STRING: ovpns2 S2S
    IF-MIB::ifDescr.15 = STRING: ovpns3 RAS
    IF-MIB::ifDescr.16 = STRING: ovpnc1 Proton
    
    IF-MIB::ifOperStatus.2 = INTEGER: up(1)
    IF-MIB::ifOperStatus.12 = INTEGER: dormant(5)
    IF-MIB::ifOperStatus.13 = INTEGER: dormant(5)
    IF-MIB::ifOperStatus.14 = INTEGER: up(1)
    IF-MIB::ifOperStatus.15 = INTEGER: up(1)
    IF-MIB::ifOperStatus.16 = INTEGER: down(2)
    
    Find the OID (add arg -O n):
    
    [nagios@nagios etc]$ snmpwalk -v 2c -O n -c CommunityString 10.10.1.1 IF-MIB::ifOperStatus
    .1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.2 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.3 = INTEGER: down(2)
    .1.3.6.1.2.1.2.2.1.8.4 = INTEGER: down(2)
    .1.3.6.1.2.1.2.2.1.8.5 = INTEGER: down(2)
    .1.3.6.1.2.1.2.2.1.8.6 = INTEGER: dormant(5)
    .1.3.6.1.2.1.2.2.1.8.7 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.8 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.9 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.10 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.11 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.12 = INTEGER: dormant(5)
    .1.3.6.1.2.1.2.2.1.8.13 = INTEGER: dormant(5)
    .1.3.6.1.2.1.2.2.1.8.14 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.15 = INTEGER: up(1)
    .1.3.6.1.2.1.2.2.1.8.16 = INTEGER: down(2)
    ^---------------------^
             |
            OIDs
    
    Display Status of OID/MIB:
    
    MIB:
    nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString 10.10.1.1 IF-MIB::ifOperStatus.2
    IF-MIB::ifOperStatus.2 = INTEGER: up(1)
    
    OID:
    [nagios@nagios etc]$ snmpwalk -v 2c -O n -c MIMIR-Technologies 172.177.1.1 .1.3.6.1.2.1.2.2.1.8.2
    .1.3.6.1.2.1.2.2.1.8.2 = INTEGER: up(1)
    
    Nagios service:
    The (-R [1345]) is regex for anything but 2, which is a down status)
    
    define service{
        use                             generic-service,srv-pnp
        host_name                       pfsense
        service_description             Interface: Outside [wan_stf]
        check_command                   check_snmp!-C CommunityString -o .1.3.6.1.2.1.2.2.1.8.13 -R "[1345]"
    }
    
    
    1 Reply Last reply Reply Quote 0
    • A
      Aunet
      last edited by Aug 29, 2017, 12:01 PM

      Thanks, very useful :)

      1 Reply Last reply Reply Quote 0
      • B
        bpb21
        last edited by Mar 8, 2018, 7:49 PM

        Have you done anything with the SNMP modules in the latest pfSense?
        Just curious, and thanks for your post!

        SNMP modules
        MibII
        Netgraph
        PF
        Host Resources
        UCD
        Regex

        1 Reply Last reply Reply Quote 0
        • D
          dhaselhorst
          last edited by Jun 19, 2018, 3:44 AM

          If you're interested, I did a write-up and released code for various pfSense non-SMTP checks with Nagios -- CPU, memory, pfSense services, VPN/IPSEC tunnels, interfaces, state table, firmware version, CPU temperature, system uptime, and more. The checks work on both Nagios Core and Nagios XI.
          https://www.linuxincluded.com/monitoring-pfsense-with-nagios-xi-using-ssh-part-1/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            [[user:consent.lead]]
            [[user:consent.not_received]]