OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: Rob2500 on July 01, 2020, 03:18:54 pm

Title: SNMP
Post by: Rob2500 on July 01, 2020, 03:18:54 pm

I haven't seen any posts regarding this topic. So maybe everything is clear to everyone except me.. ;-)

Here are my questions:
Does SNMPv3 require to configure Listen IPs, or is this only for SNMPv1?
Then I don't see where I can add trap destinations. Is this possible somehow?

Cheers,
Rob

Title: Re: SNMP
Post by: mimugmail on July 01, 2020, 04:21:57 pm

Traps are currently not supported, you can add a Feature request via GitHub Plugins repo

Title: Re: SNMP
Post by: baqwas on July 03, 2020, 04:58:21 am

Hello @mimugmail,

I tried the following command (to initiate a collection of MIBs that I could use subsequently for Nagios NRPE work):

$ snmpwalk -v1 -c public 192.168.1.1 1.3.6.1.2.1.1.6.0

and the response was:

Timeout: No Response from 192.168.1.1

I have enabled SNMP through OPNsense for the box. What else do I need to do to collect some sample data for further tests?

Thanks.

Title: Re: SNMP
Post by: mimugmail on July 03, 2020, 06:13:10 am

Allowed Port 161/udp on Firewall? Community is correct?

Title: Re: SNMP
Post by: baqwas on July 03, 2020, 01:56:34 pm

Hello @mimugmail,

Firewall rule is LAN <-> LAN wildcard for any port number. Double checked the community string too - it is correct. The Listen IP address is the one where the command is being typed. FWIW, the equivalent command in the same LAN gets me a boatload of data from a NetGear ProSafe switch with the top few (name, uptime and some traffic counts) are the MIBs of interest for a common dashboard view of the farm. Thanks.

Kind regards.

Title: Re: SNMP
Post by: mimugmail on July 03, 2020, 02:19:14 pm

Listen IP Address is the LAN IP of your firewall, correct?

Title: Re: SNMP
Post by: baqwas on July 03, 2020, 07:07:58 pm

Listen IP originally was 127.0.0.1. I changed it to that for the console terminal machine where snmpwalk was being typed. Upon reading your email I have both IP addresses (the console terminal as well as the OPNsense box). The error message remains the same:

Timeout: No Response from 192.168.1.1

Thanks.

Title: Re: SNMP
Post by: mimugmail on July 03, 2020, 08:13:15 pm

sockstat -4 | grep 161 via console please

Title: Re: SNMP
Post by: baqwas on July 03, 2020, 08:49:37 pm

Thx for the socksat suggestion. Let me install it, run it and get back to you later this evening.

Kind regards.

Title: Re: SNMP
Post by: baqwas on July 04, 2020, 04:59:15 am

Hello @mimugmail,

sockstat returns nothing - drops to command prompt on the succeeding line in the console window.

Something configured incorrectly on my OPNsense box?

Kind regards.

Title: Re: SNMP
Post by: mimugmail on July 04, 2020, 10:22:11 am

The snmpd is not running, please check the logs

Title: Re: SNMP
Post by: baqwas on July 05, 2020, 06:44:34 pm

Net-SNMP was configured previously on the OPNsense box and has been presumably operational since then. Pardon my ignorance. Do I need to init and start snmpd separately on the OPNsense box? Thanks.

Title: Re: SNMP
Post by: mimugmail on July 05, 2020, 08:18:12 pm

Net-snmp when enabled starts a process snmpd, but when you dont see port 161 via sockstat it's not running. So just check the logs for errors

Title: Re: SNMP
Post by: baqwas on July 05, 2020, 11:57:21 pm

You are absolutely correct! The OPNsense Dashboard clearly shows snmpd is not running - the service, associated with Net-SNMP, has the red square icon. In fact, it is the only one that is suspended in the list owing perhaps for some unknown operation on my part.

Clicking the adjacent right play icon has no effect. Something I need to figure out at my end. Issue resolved!!

Sorry that it turned out to be a basic newbie mistake but your patience and understanding is gratefully appreciated. Thanks a bunch again.

Kind regards.