Snmp with ipfw counter



  • Dear All,

    I have a little problem with pfsense snmp. Refering to
    http://www.devco.net/archives/2005/02/23/ipfw_rule_counters_via_snmpd.php
    there is a small script to count ipfw traffics. I've already add that script into /var/etc/snmpd.conf then chmod to 755 and restart bsnmpd service but there's error getting first OID in STG ( SNMP Traffic Grapher ).
    Here is the snmpd.conf

    
    location := "192.168.1.1"
    contact := "me@mymail"
    read := "public"
    # SNMP Trap support.
    traphost := 192.168.1.1
    trapport := 162
    trap := "public"
    
    system := 1     # pfSense
    %snmpd
    begemotSnmpdDebugDumpPdus       = 2
    begemotSnmpdDebugSyslogPri      = 7
    begemotSnmpdCommunityString.0.1 = $(read)
    begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
    begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
    begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
    begemotSnmpdCommunityDisable    = 1
    begemotSnmpdPortStatus.192.168.1.1.161 = 1
    begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
    begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
    
    # These are bsnmp macros not php vars.
    sysContact      = $(contact)
    sysLocation     = $(location)
    sysObjectId     = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
    
    snmpEnableAuthenTraps = 2
    begemotSnmpdModulePath."mibII"  = "/usr/lib/snmp_mibII.so"
    begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
    %netgraph
    begemotNgControlNodeName = "snmpd"
    begemotSnmpdModulePath."pf"     = "/usr/lib/snmp_pf.so"
    begemotSnmpdModulePath."hostres"     = "/usr/lib/snmp_hostres.so"
    
    exec .1.3.6.1.4.1.9999.1 ipfwCounters /bin/ipfwsnmp2.pl
    
    

    script for /bin/ipfwsnmp2.pl

    
    #!/usr/bin/perl
    #
    # See http://www.devco.net/archives/2005/02/23/ipfw_rule_counters_via_snmpd.php
    
    $ipfw = "/sbin/ipfw";
    $ipfwOptions = "show | grep count";
    
    @ipfw = `$ipfw $ipfwOptions`;
    
    $max = 0;
    
    foreach $rule (@ipfw) {
            if ($rule =~ /^(\d+)\s+\d+\s+(\d+)/) {
                    $rule = $1;
                    $bytes = $2;
    
                    $rule =~ s/^0+//;
    
                    if ($rule gt $max) {
                            $max = $rule;
                    }
    
                    $rules[$rule] = $bytes;
            }
    }
    
    for ($i = 1; $i <= $max; $i++) {
            if ($rules[$i]) {
                    print ("$rules[$i]\n");
            } else {
                    print ("0\n");
            }
    }
    
    

    FYI : when i installed in freebsd there is no error like in pfsense.

    Thanks for help.


  • Rebel Alliance Developer Netgate

    pfSense uses bsnmpd, not net-snmp, so it does not support the exec statement.



  • Thanks Jim for the reply,

    So pfsense uses bsnmpd, and then how to make that variable passes to snmp. I need that variable to be passed in order to count all the traffic ( or by rule ) by ipfw.

    Thanks


  • Rebel Alliance Developer Netgate

    You cannot pass a command to bsnmpd. It does not support that.

    The ipfw data may be listed, but I'm not sure what OID it might be under. It doesn't appear to be in any of bsnmpd's MIB files.


Log in to reply