OPNsense Forum
English Forums => General Discussion => Topic started by: Maarten on September 05, 2016, 11:00:11 am
-
Hi,
Is there an oid to check if there are updates available for the router?
Thanks, best regards,
Maarten
-
I am not aware of such an oid but you can use the API for that.
You can find a samples here:
https://docs.opnsense.org/development/how-tos/api.html
-
Hi Fabian,
Thank you, it's exactly what I need and more.
Best regards,
Maarten
-
Hi Maarten,
I've written a Python script to email when updates are available: https://forum.opnsense.org/index.php?topic=2032.0
Bart...
-
Thank you
-
Old topic, but i have a solution. Writing it down so i also have instructions myself, should i need it later ;)
I was also looking for something like this. I monitor various statistics of my OPNsense box over SNMP with PRTG Network Monitor (https://www.paessler.com/prtg/prtg-network-monitor).
A sensor to see if OPNsense has an update available was still on my wishlist. I managed to create one. Here's how i did it:
I found this (https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-opnsense-checkmk/blob/main/files/firmware_status.py) script a good base for monitoring if there is an update available. It seems like a clever way (grabbing version from release notes (being already downloaded every day at 10pm, see crontab -l) and comparing it to the running version.
I asked ChatGPT to help me create a script UpdateStatusSNMP.sh
#!/bin/sh
#
# Script inspired by https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-opnsense-checkmk/blob/main/files/firmware_status.py
#
installed_version=$(/usr/local/sbin/opnsense-version -v | cut -d'_' -f1)
# Fetch the most recent version from the changelog
most_recent_version=$(tail -n 2 /usr/local/opnsense/changelog/index.json | tr -d '\n' | grep -o '"version":"[^"]*' | awk -F '"' '{print $4}' | tail -n 1)
if [ "$installed_version" != "$most_recent_version" ]; then
update_available=true
else
update_available=false
fi
echo "$update_available"This will return true/false depending if there is an update available or not.
Don't forget to chmod +x UpdateStatusSNMP.sh to make it executable.
Then we add it to the SNMP values by putting the following line at the bottom of /usr/local/share/snmp/snmpd.conf
extend SystemUpdateAvailable /root/UpdateStatusSNMP.sh
Restart SNMPD with service snmpd restart
Now we have to find out which snmp OID we need to retrieve the value. We can do this with the command
snmpwalk -c public -v 2c 127.0.0.1 nsExtendOutLine
(You might have to change 127.0.0.1 to the IP's you have SNMP configured to listen on)
This will give the following output (if your system is up to date, otherwise it will be 'true'):
NET-SNMP-EXTEND-MIB::nsExtendOutLine."SystemUpdateAvailable".1 = STRING: false
Now we want to have the corresponding numerical OID so we can configure it in our SNMP software. First we need the base OID for the extended sensors, find it like this:
snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutLine
Result:
.1.3.6.1.4.1.8072.1.3.2.4.1.2
Then we can do an snmpwalk starting on that address, which will give us the (very long!) OID we can use:
snmpwalk -c public -v 2c -On 127.0.0.1 .1.3.6.1.4.1.8072.1.3.2.4.1.2
.1.3.6.1.4.1.8072.1.3.2.4.1.2.21.83.121.115.116.101.109.85.112.100.97.116.101.65.118.97.105.108.97.98.108.101.1 = STRING: false
I have this configured in PRTG as SNMP Custom String sensor and have it check every 24h. I have configured the sensor to go into warning state by putting 'false' in the value "Response Must Include (Warning Status If Not Included)"
Should you reboot OPNsense, the modification tosnmpd.conf will disappear and you have to put it back in. You can make it persistent by reconfiguring SNMP, see these (https://forum.opnsense.org/index.php?topic=35898.0) steps.