First Time SNMP/NMS Set Up Questions

VirtuousVigor · Apr 9, 2019, 7:34 PM

Hello,

I have been reading the pfSense docs and book info on enabling and using SNMP to watch network behavior remotely like the diligent admin I am trying to become.

However, I seem not be understanding software that provides viewable access to SNMP, the NMS.

I can read how to set it up in our firewall but where is the info to then put the NMS application on my laptop so I can monitor outside of our LAN?

I apologize if this is obvious but I am aloof on what the NMS app is that completes the set up and where to obtain it to then get into the SNMP of our LAN and view the metrics remotely.

Thanks.

Grimson · Apr 9, 2019, 7:40 PM

NMS is just an abbreviation of Network Monitoring Software.

So google for "network monitoring software with SNMP support" compare the different results, choose one you like, read it's documentation and ask their support/forum if you need help with it.

johnpoz · Apr 9, 2019, 7:42 PM

NMS application?

I think your not grasping exactly what SNMP is.. There is no viewable access to snmp..

You can have an application poll via snmp to provide stats, etc.. Something like https://www.librenms.org/ or opennms, or zabbix which there are some packages for pfsense..

VirtuousVigor · Apr 9, 2019, 7:47 PM

@johnpoz So how does one monitor network behavior remotely ?

Is it not a combination of enabling SNMP in the firewall and then using a network monitoring software to view the data it pulls?

johnpoz · Apr 9, 2019, 7:50 PM

Your monitoring software normally would be local to where your network is - and then sure you could access this application remotely (better through a vpn)..

What exactly are you looking to monitor remotely.. You want up down notifications? You want to know if service X is down, or service Y is responding slowly?

VirtuousVigor · Apr 9, 2019, 8:06 PM

@johnpoz What you mentioned is what I prefer, the VPN tunnel to then just get the data from within our LAN firewall SNMP ,
however due to AT&T managed router, I have limitations that I am currently working on in order to get VPN working.

So in the meantime read this "The Simple Network Management Protocol (SNMP) daemon enables remote monitoring of some pfSense system parameters."

It is to monitor any of this honestly - "monitoring may be performed for network traffic, network flows, pf queues, and general system information such as CPU, memory, and disk usage " In addition to what you mentioned.

Agents coming in on the weekends, while I am at home, using the network.

johnpoz · Apr 9, 2019, 8:18 PM

And which software are you going to use, libre, openNMS, Nagios, MRTG, http://www.observium.org/ or something as basic as netdata

I have that running on my nas, to monitor my nas health

SNMP --- the P is the big part here, its a protocol... Like TCP is used for computers to talk to each other, it isn't the end thing.

When you query something via snmp - all your going to get back is a single data point for something.. You need the software to do all the queries to put together something you can look at how something is doing something over time, etc.

Have you checked out this hangout by Jim?
https://www.youtube.com/watch?v=CKPbIeiJ2AQ
https://www.slideshare.net/NetgateUSA/monitoring-pfsense-24-with-snmp-pfsense-hangout-march-2018

VirtuousVigor · Apr 9, 2019, 8:27 PM

@johnpoz John thanks a lot for the details....I actually had just gone to netgate library resources and started the SNMP Monitoring 2.4 video...I am thinking basic, like netdata, to assimilate it all and then display. Nothing overly complex or ornate.

I will watch the videos then attempt to get it all working.

Without a VPN tunnel this can be done correct?

johnpoz · Apr 9, 2019, 8:33 PM

You still need to pick a product to use! ;)

Yes you can always port forward whatever gui port your running your NMS on.. What are you going to run the nms on, a PC, a raspberry PI, a VM? You do understand this isn't going to be running on pfsense directly right!!

I wouldn't recommend that to be honest.. VPN would be better.

If all you want is netdata for pfsense, then
https://docs.netdata.cloud/packaging/installer/#pfsense

But to be honest I would not recommend that! Especially since seem to be like on step two of a 100 mile marathon learning walk on what is network monitoring and snmp..

VirtuousVigor · Apr 10, 2019, 2:16 PM

@johnpoz

Okay, since I am waiting for AT&T to allow port forwarding on our circuit for the OpenVPN I am trying to set up I can learn which product is best for entry level network monitoring and decide what product to use in the meantime.

I plan on running the nms from my work PC in the office as well as my personal PC from home, both are Windows machines.

I understand what you mean that I will not be running nms on pfSense directly, only enabling SNMP on it to then query the data from my selected nms gui on the PCs I am using to monitor the network correct?

So if netdata is too complex for my current understanding of this subject, do you recommend some other nms that is designed for a minimal and simplistic view and entry-level admin such as myself ?

johnpoz · Apr 10, 2019, 4:06 PM

So your going to run say https://www.paessler.com/prtg? Which is really the only one I know off the top of my head what would be windows.

If you do not allow port forwarding - how exactly would you access anything? Or even allow for snmp query over the internet?

VirtuousVigor · Apr 10, 2019, 4:34 PM

This post is deleted!