SNMP pf object missing (bsnmpd)

kiokoman · Apr 17, 2020, 11:51 AM

i was watching this video https://www.netgate.com/resources/videos/monitoring-pfsense-24-with-snmp.html
and i configured snmp with the MibII and PF modules
but i see no output about pf

location := "Home"
contact := "---------------"
read := "-------------"
system := 1     # pfSense
%snmpd
sysDescr                        = "pfSense pfSense.kiokoman.home 2.5.0-DEVELOPMENT pfSense FreeBSD 12.0-RELEASE-p10 amd64"
begemotSnmpdDebugDumpPdus       = 2
begemotSnmpdDebugSyslogPri      = 7
begemotSnmpdCommunityString.0.1 = $(read)
begemotSnmpdCommunityDisable    = 1
begemotSnmpdPortStatus.127.0.0.1.161 = 1
begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4

# These are bsnmp macros not php vars.
sysContact      = $(contact)
sysLocation     = $(location)
sysObjectId     = 1.3.6.1.4.1.12325.1.1.2.1.$(system)

snmpEnableAuthenTraps = 2
begemotSnmpdModulePath."mibII"  = "/usr/lib/snmp_mibII.so"
begemotSnmpdModulePath."pf"     = "/usr/lib/snmp_pf.so"

[2.5.0-DEVELOPMENT][root@pfSense.kiokoman.home]/root: snmpwalk -v2c -c ------ 127.0.0.1 | grep pf
SNMPv2-MIB::sysDescr.0 = STRING: pfSense pfSense.kiokoman.home 2.5.0-DEVELOPMENT pfSense FreeBSD 12.0-RELEASE-p10 amd64
SNMPv2-MIB::sysName.0 = STRING: pfSense.kiokoman.home
IF-MIB::ifDescr.5 = STRING: pflog0
IF-MIB::ifDescr.6 = STRING: pfsync0
IF-MIB::ifName.5 = STRING: pflog0
IF-MIB::ifName.6 = STRING: pfsync0

from the BEGEMOT-PF-MIB.txt
pfStatus OBJECT IDENTIFIER ::= { begemotPfObjects 1 }
pfCounter OBJECT IDENTIFIER ::= { begemotPfObjects 2 }
pfStateTable OBJECT IDENTIFIER ::= { begemotPfObjects 3 }
pfSrcNodes OBJECT IDENTIFIER ::= { begemotPfObjects 4 }
pfLimits OBJECT IDENTIFIER ::= { begemotPfObjects 5 }
pfTimeouts OBJECT IDENTIFIER ::= { begemotPfObjects 6 }
pfLogInterface OBJECT IDENTIFIER ::= { begemotPfObjects 7 }
pfInterfaces OBJECT IDENTIFIER ::= { begemotPfObjects 8 }
pfTables OBJECT IDENTIFIER ::= { begemotPfObjects 9 }
pfAltq OBJECT IDENTIFIER ::= { begemotPfObjects 10 }
pfLabels OBJECT IDENTIFIER ::= { begemotPfObjects 11 }

but none of this are available to me, am i missing somethig ?
same output for 2.4.5

viktor_g · Apr 17, 2020, 12:05 PM

@kiokoman maybe you didn't disable the net-snmp service?

# snmpwalk -v2c -c public 127.0.0.1 | grep pf
SNMPv2-MIB::sysDescr.0 = STRING: pfSense pfSenseZFS.pflab-spb.int 2.5.0-DEVELOPMENT pfSense FreeBSD 12.0-RELEASE-p10 amd64
SNMPv2-MIB::sysName.0 = STRING: pfSenseZFS.pflab-spb.int
IF-MIB::ifDescr.11 = STRING: pflog0
IF-MIB::ifDescr.12 = STRING: pfsync0
HOST-RESOURCES-MIB::hrStorageDescr.263 = STRING: UMA: pf mtags
HOST-RESOURCES-MIB::hrStorageDescr.264 = STRING: UMA: pf states
HOST-RESOURCES-MIB::hrStorageDescr.265 = STRING: UMA: pf state keys
HOST-RESOURCES-MIB::hrStorageDescr.266 = STRING: UMA: pf source nodes
HOST-RESOURCES-MIB::hrStorageDescr.267 = STRING: UMA: pf table entries
HOST-RESOURCES-MIB::hrStorageDescr.268 = STRING: UMA: pf table counters
HOST-RESOURCES-MIB::hrStorageDescr.269 = STRING: UMA: pf frags
HOST-RESOURCES-MIB::hrStorageDescr.270 = STRING: UMA: pf frag entries
HOST-RESOURCES-MIB::hrStorageDescr.271 = STRING: UMA: pf state scrubs
HOST-RESOURCES-MIB::hrStorageDescr.377 = STRING: MALLOC: pfs_nodes
HOST-RESOURCES-MIB::hrStorageDescr.378 = STRING: MALLOC: pfs_vncache
HOST-RESOURCES-MIB::hrStorageDescr.383 = STRING: MALLOC: tmpfs mount
HOST-RESOURCES-MIB::hrStorageDescr.384 = STRING: MALLOC: tmpfs name
HOST-RESOURCES-MIB::hrStorageDescr.557 = STRING: MALLOC: netgraph_bpf
HOST-RESOURCES-MIB::hrStorageDescr.607 = STRING: MALLOC: tcpfunc
HOST-RESOURCES-MIB::hrStorageDescr.627 = STRING: MALLOC: pfsync
HOST-RESOURCES-MIB::hrStorageDescr.628 = STRING: MALLOC: pf_temp
HOST-RESOURCES-MIB::hrStorageDescr.629 = STRING: MALLOC: pf_hash
HOST-RESOURCES-MIB::hrStorageDescr.630 = STRING: MALLOC: pf_ifnet
HOST-RESOURCES-MIB::hrStorageDescr.631 = STRING: MALLOC: pf_tag
HOST-RESOURCES-MIB::hrStorageDescr.632 = STRING: MALLOC: pf_altq
HOST-RESOURCES-MIB::hrStorageDescr.633 = STRING: MALLOC: pf_rule
HOST-RESOURCES-MIB::hrStorageDescr.634 = STRING: MALLOC: pf_osfp
HOST-RESOURCES-MIB::hrStorageDescr.635 = STRING: MALLOC: pf_table
HOST-RESOURCES-MIB::hrSWRunName.8 = STRING: "pf purge"
HOST-RESOURCES-MIB::hrSWRunParameters.1392 = STRING: "-q -f /etc/pfSense-devd.conf"
HOST-RESOURCES-MIB::hrSWRunParameters.18753 = STRING: "/usr/local/libexec/sshg-fw-pf"
HOST-RESOURCES-MIB::hrSWRunParameters.35352 = STRING: "pf"
HOST-RESOURCES-MIB::hrSWRunParameters.66140 = STRING: "-i pflog0 -p /var/run/filterlog.pid"
HOST-RESOURCES-MIB::hrSWInstalledName.1 = STRING: "FreeBSD: FreeBSD 12.0-RELEASE-p10 ce9563d5729(RELENG_2_5) pfSens"
IF-MIB::ifName.11 = STRING: pflog0
IF-MIB::ifName.12 = STRING: pfsync0

kiokoman · Apr 17, 2020, 12:28 PM

nope, it's not running and not even configured, i have installed it only to have snmpwalk

viktor_g · Apr 17, 2020, 12:32 PM

@kiokoman I found that you need to select Host Resources module too

kiokoman · Apr 17, 2020, 2:04 PM

yes, tnx victor you are right.
i think it should be mentioned or set it as mandatory like MibII ?

viktor_g · Apr 17, 2020, 2:04 PM

@kiokoman Please create redmine issue for this
https://docs.netgate.com/pfsense/en/latest/development/bug-reporting.html

viktor_g · Apr 17, 2020, 3:43 PM

Fix:
https://redmine.pfsense.org/issues/10470#note-1

kiokoman · Apr 17, 2020, 4:43 PM

nice !

kiokoman · Apr 17, 2020, 7:24 PM

ok i was at work and i didn't have the time to check this carefully, there is still a problem or i don't understand how it work, there is no data about pf or i don't understand how to grab it.
we only have the description
?

for example pfStatus OBJECT IDENTIFIER ::= { begemotPfObjects 1 }, this is still missing

uhm i found some info here http://www.circitor.fr/Mibs/Html/B/BEGEMOT-PF-MIB.php#begemotPf

if i do

snmpwalk -v2c -c public 127.0.0.1 1.3.6.1.4.1.12325.1.200

i see the data, so i suppose that pf stuff it's under

SNMPv2-SMI::enterprises.12325.1.200

maybe that patch is not needed @viktor_g

what i think is "pfStatus":
snmptranslate 1.3.6.1.4.1.12325.1.200.1.1
this translate to:
SNMPv2-SMI::enterprises.12325.1.200.1.1

so

snmpwalk -v2c -c public 127.0.0.1 1.3.6.1.4.1.12325.1.200.1.1
SNMPv2-SMI::enterprises.12325.1.200.1.1.1.0 = INTEGER: 1
SNMPv2-SMI::enterprises.12325.1.200.1.1.2.0 = Timeticks: (27057300) 3 days, 3:09:33.00
SNMPv2-SMI::enterprises.12325.1.200.1.1.3.0 = INTEGER: 1
SNMPv2-SMI::enterprises.12325.1.200.1.1.4.0 = STRING: "0xdce55c76"

i didn't noticed before but under the video there is a link with examples inside

https://www.netgate.com/assets/downloads/hangouts/201803 _ -_ pfSense_Hangout _ - _ mib-example.txt
(remove the spaces from the link, for some reason the forum remove one underscore without it)

A brief example of how a name is mapped to an OID using MIB files.
bla bla bla bla...

snmpget -M +/usr/share/snmp/mibs/ -v2c -c public 127.0.0.1 BEGEMOT-PF-MIB::pfStatusRunning.0

that's it ... the -M flag

[2.5.0-DEVELOPMENT][root@pfSense.kiokoman.home]/root: snmpget -M +/usr/share/snmp/mibs/ -v2c -c snmp-pfsense 127.0.0.1 BEGEMOT-PF-MIB::pfStatusRunning.0
BEGEMOT-PF-MIB::pfStatusRunning.0 = INTEGER: true(1)

and that is how you lose 6 hours on something because you don't see a f**ing link
well at least partially.. you always learn something new if you dig deeper

viktor_g · Apr 18, 2020, 5:09 AM

@kiokoman thank you for useful info!