Monitor interface status with SNMP and Nagios

  • I've noticed that SNMP on pfSense isn't well documented and most articles have you running down rabbit holes chasing down MIBs or some other nonsense. So, I wanted to post my findings and let others chime in if I missed anything.

    My goal was to monitor the operational status of an interface using Nagios. Here's what I did:

    List MIBs using snmpwalk:
    [nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString
                                   ^     ^
                    Protocol version     Read Community STRING
                    pfSense uses 2c      This is set in pfSense
    You will get a lot of output but you mainly want these:
    IF-MIB::ifDescr.2 = STRING: em1
    IF-MIB::ifDescr.12 = STRING: pppoe1
    IF-MIB::ifDescr.13 = STRING: wan_stf
    IF-MIB::ifDescr.14 = STRING: ovpns2 S2S
    IF-MIB::ifDescr.15 = STRING: ovpns3 RAS
    IF-MIB::ifDescr.16 = STRING: ovpnc1 Proton
    IF-MIB::ifOperStatus.2 = INTEGER: up(1)
    IF-MIB::ifOperStatus.12 = INTEGER: dormant(5)
    IF-MIB::ifOperStatus.13 = INTEGER: dormant(5)
    IF-MIB::ifOperStatus.14 = INTEGER: up(1)
    IF-MIB::ifOperStatus.15 = INTEGER: up(1)
    IF-MIB::ifOperStatus.16 = INTEGER: down(2)
    Find the OID (add arg -O n):
    [nagios@nagios etc]$ snmpwalk -v 2c -O n -c CommunityString IF-MIB::ifOperStatus
    . = INTEGER: up(1)
    . = INTEGER: up(1)
    . = INTEGER: down(2)
    . = INTEGER: down(2)
    . = INTEGER: down(2)
    . = INTEGER: dormant(5)
    . = INTEGER: up(1)
    . = INTEGER: up(1)
    . = INTEGER: up(1)
    . = INTEGER: up(1)
    . = INTEGER: up(1)
    . = INTEGER: dormant(5)
    . = INTEGER: dormant(5)
    . = INTEGER: up(1)
    . = INTEGER: up(1)
    . = INTEGER: down(2)
    Display Status of OID/MIB:
    nagios@nagios etc]$ snmpwalk -v 2c -c CommunityString IF-MIB::ifOperStatus.2
    IF-MIB::ifOperStatus.2 = INTEGER: up(1)
    [nagios@nagios etc]$ snmpwalk -v 2c -O n -c MIMIR-Technologies .
    . = INTEGER: up(1)
    Nagios service:
    The (-R [1345]) is regex for anything but 2, which is a down status)
    define service{
        use                             generic-service,srv-pnp
        host_name                       pfsense
        service_description             Interface: Outside [wan_stf]
        check_command                   check_snmp!-C CommunityString -o . -R "[1345]"

  • Thanks, very useful :)

  • Have you done anything with the SNMP modules in the latest pfSense?
    Just curious, and thanks for your post!

    SNMP modules
    Host Resources

  • If you're interested, I did a write-up and released code for various pfSense non-SMTP checks with Nagios -- CPU, memory, pfSense services, VPN/IPSEC tunnels, interfaces, state table, firmware version, CPU temperature, system uptime, and more. The checks work on both Nagios Core and Nagios XI.

Log in to reply