Monitor interface status with SNMP and Nagios

nathan.snow · Jul 29, 2017, 3:14 PM

I've noticed that SNMP on pfSense isn't well documented and most articles have you running down rabbit holes chasing down MIBs or some other nonsense. So, I wanted to post my findings and let others chime in if I missed anything.

My goal was to monitor the operational status of an interface using Nagios. Here's what I did:


List MIBs using snmpwalk:

[nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString 10.10.1.1
                               ^     ^
                Protocol version     Read Community STRING
                pfSense uses 2c      This is set in pfSense

You will get a lot of output but you mainly want these:

IF-MIB::ifDescr.2 = STRING: em1
IF-MIB::ifDescr.12 = STRING: pppoe1
IF-MIB::ifDescr.13 = STRING: wan_stf
IF-MIB::ifDescr.14 = STRING: ovpns2 S2S
IF-MIB::ifDescr.15 = STRING: ovpns3 RAS
IF-MIB::ifDescr.16 = STRING: ovpnc1 Proton

IF-MIB::ifOperStatus.2 = INTEGER: up(1)
IF-MIB::ifOperStatus.12 = INTEGER: dormant(5)
IF-MIB::ifOperStatus.13 = INTEGER: dormant(5)
IF-MIB::ifOperStatus.14 = INTEGER: up(1)
IF-MIB::ifOperStatus.15 = INTEGER: up(1)
IF-MIB::ifOperStatus.16 = INTEGER: down(2)

Find the OID (add arg -O n):

[nagios@nagios etc]$ snmpwalk -v 2c -O n -c CommunityString 10.10.1.1 IF-MIB::ifOperStatus
.1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.2 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.3 = INTEGER: down(2)
.1.3.6.1.2.1.2.2.1.8.4 = INTEGER: down(2)
.1.3.6.1.2.1.2.2.1.8.5 = INTEGER: down(2)
.1.3.6.1.2.1.2.2.1.8.6 = INTEGER: dormant(5)
.1.3.6.1.2.1.2.2.1.8.7 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.8 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.9 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.10 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.11 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.12 = INTEGER: dormant(5)
.1.3.6.1.2.1.2.2.1.8.13 = INTEGER: dormant(5)
.1.3.6.1.2.1.2.2.1.8.14 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.15 = INTEGER: up(1)
.1.3.6.1.2.1.2.2.1.8.16 = INTEGER: down(2)
^---------------------^
         |
        OIDs

Display Status of OID/MIB:

MIB:
nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString 10.10.1.1 IF-MIB::ifOperStatus.2
IF-MIB::ifOperStatus.2 = INTEGER: up(1)

OID:
[nagios@nagios etc]$ snmpwalk -v 2c -O n -c MIMIR-Technologies 172.177.1.1 .1.3.6.1.2.1.2.2.1.8.2
.1.3.6.1.2.1.2.2.1.8.2 = INTEGER: up(1)

Nagios service:
The (-R [1345]) is regex for anything but 2, which is a down status)

define service{
    use                             generic-service,srv-pnp
    host_name                       pfsense
    service_description             Interface: Outside [wan_stf]
    check_command                   check_snmp!-C CommunityString -o .1.3.6.1.2.1.2.2.1.8.13 -R "[1345]"
}

Aunet · Aug 29, 2017, 12:01 PM

Thanks, very useful :)

bpb21 · Mar 8, 2018, 7:49 PM

Have you done anything with the SNMP modules in the latest pfSense?
Just curious, and thanks for your post!

SNMP modules
MibII
Netgraph
PF
Host Resources
UCD
Regex

dhaselhorst · Jun 19, 2018, 3:44 AM

If you're interested, I did a write-up and released code for various pfSense non-SMTP checks with Nagios -- CPU, memory, pfSense services, VPN/IPSEC tunnels, interfaces, state table, firmware version, CPU temperature, system uptime, and more. The checks work on both Nagios Core and Nagios XI.
https://www.linuxincluded.com/monitoring-pfsense-with-nagios-xi-using-ssh-part-1/