NET-SNMP MRTG pfSense

tdowers

I used netgate SNMP service and MRTG to monitor and log pfsense pfilter sessions. However, when I switched to NET-SNMP in the Netgate to get the extended function to monitor temperature on each CPU, the pfsense OID 1.3.6.1.4.1.12325.1.200.1.3.1.0 stopped working. What is the MIB OID available in the NET-SNMP to get the pfsense sessions? The snmpwalk at OID 1.3.6.1.4.1.12325 results in 'unkown object'.

tdowers

@tdowers
Guess I answered my own question.
NET-SNMP MRTG pfsense============================================
So like the example someone supplied for temperatures, you do the same for the pfsense states table.
Best Practice for SNMP version with extended is version 3. This example is using version 2c for illustration.

create the shell script /root/pfsenseStsteEntries.sh:

ssh to firewall
select (8) Shell
you will be at /root
vi pfsenseStateEntries.sh
press i for insert
paste in the following

#!/bin/sh
pfctl -s info | /usr/bin/awk '/current entries/ {print $3;}'

press [escape key], then enter :wq , then press [enter key]
[esacpe key] to get out of insert mode, : is escape, w is write the file and q is quit.

then
chmod u+x pfsenseStateEntries.sh
chmod g+x pfsenseStateEntries.sh

Set it executable, and then use the line-by-line extended OID to access it.

Use the NET-SNMP package. On the Host Information tab, setup an Extended Command:

Type: extend
MIB: .1.3.6.1.4.1.8072.9999
Name: pfsenseStateEntries
Program: /root/pfsenseStateEntries.sh
Arguments: [none required for the script]

Then snmpwalk the mib to see all the values. Identify the values you need in MRTG.

tdowers@gemini:~$ snmpwalk -v2c -c [read community] 192.168.1.1 .1.3.6.1.4.1.8072.9999
iso.3.6.1.4.1.8072.9999.1.0 = INTEGER: 2
iso.3.6.1.4.1.8072.9999.2.1.2.8.103.101.116.116.101.109.112.115 = STRING: "/root/gettemps.sh"
iso.3.6.1.4.1.8072.9999.2.1.2.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = STRING: "/root/pfsenseStateEntries.sh"
iso.3.6.1.4.1.8072.9999.2.1.3.8.103.101.116.116.101.109.112.115 = ""
iso.3.6.1.4.1.8072.9999.2.1.3.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = ""
iso.3.6.1.4.1.8072.9999.2.1.4.8.103.101.116.116.101.109.112.115 = ""
iso.3.6.1.4.1.8072.9999.2.1.4.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = ""
iso.3.6.1.4.1.8072.9999.2.1.5.8.103.101.116.116.101.109.112.115 = INTEGER: 5
iso.3.6.1.4.1.8072.9999.2.1.5.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = INTEGER: 5
iso.3.6.1.4.1.8072.9999.2.1.6.8.103.101.116.116.101.109.112.115 = INTEGER: 1
iso.3.6.1.4.1.8072.9999.2.1.6.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = INTEGER: 1
iso.3.6.1.4.1.8072.9999.2.1.7.8.103.101.116.116.101.109.112.115 = INTEGER: 1
iso.3.6.1.4.1.8072.9999.2.1.7.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = INTEGER: 1
iso.3.6.1.4.1.8072.9999.2.1.20.8.103.101.116.116.101.109.112.115 = INTEGER: 4
iso.3.6.1.4.1.8072.9999.2.1.20.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = INTEGER: 4
iso.3.6.1.4.1.8072.9999.2.1.21.8.103.101.116.116.101.109.112.115 = INTEGER: 1
iso.3.6.1.4.1.8072.9999.2.1.21.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = INTEGER: 1
iso.3.6.1.4.1.8072.9999.3.1.1.8.103.101.116.116.101.109.112.115 = STRING: "28.0"
iso.3.6.1.4.1.8072.9999.3.1.1.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = STRING: "410"
iso.3.6.1.4.1.8072.9999.3.1.2.8.103.101.116.116.101.109.112.115 = STRING: "28.0
25.0
27.0
28.0"
iso.3.6.1.4.1.8072.9999.3.1.2.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = STRING: "410"
iso.3.6.1.4.1.8072.9999.3.1.3.8.103.101.116.116.101.109.112.115 = INTEGER: 4
iso.3.6.1.4.1.8072.9999.3.1.3.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = INTEGER: 1
iso.3.6.1.4.1.8072.9999.3.1.4.8.103.101.116.116.101.109.112.115 = INTEGER: 0
iso.3.6.1.4.1.8072.9999.3.1.4.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115 = INTEGER: 0
iso.3.6.1.4.1.8072.9999.4.1.2.8.103.101.116.116.101.109.112.115.1 = STRING: "28.0"
iso.3.6.1.4.1.8072.9999.4.1.2.8.103.101.116.116.101.109.112.115.2 = STRING: "25.0"
iso.3.6.1.4.1.8072.9999.4.1.2.8.103.101.116.116.101.109.112.115.3 = STRING: "27.0"
iso.3.6.1.4.1.8072.9999.4.1.2.8.103.101.116.116.101.109.112.115.4 = STRING: "28.0"
iso.3.6.1.4.1.8072.9999.4.1.2.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115.1 = STRING: "410"

MRTG cfg file entries:

Target[192.168.1.1.sessions]: .1.3.6.1.4.1.8072.9999.4.1.2.19.112.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115.1&.1.3.6.1.4.1.8072.9999.4.1.2.19.1
12.102.115.101.110.115.101.83.116.97.116.101.69.110.116.114.105.101.115.1:[read community]@192.168.1.1
SetEnv[192.168.1.1.sessions]: MRTG_INT_DESCR="States - Sessions"
MaxBytes[192.168.1.1.sessions]: 100000
Background[192.168.1.1.sessions]: #738AA6
AbsMax[192.168.1.1.sessions]: 1000000
Options[192.168.1.1.sessions]: gauge, growright, nolegend, noo
Title[192.168.1.1.sessions]: Firewall Sessions
PageTop[192.168.1.1.sessions]: <H1 align="center">Sessions</H1>
YLegend[192.168.1.1.sessions]: sessions 192.168.1.1.sessions
LegendI[192.168.1.1.sessions]: sessions:&nbsp
LegendO[192.168.1.1.sessions]: sessions:&nbsp
ShortLegend[192.168.1.1.sessions]: Count