"
Old topic, but i have a solution. Writing it down so i also have instructions myself, should i need it later ;)
I was also looking for something like this. I monitor various statistics of my OPNsense box over SNMP with PRTG Network Monitor.
A sensor to see if OPNsense has an update available was still on my wishlist. I managed to create one. Here's how i did it:
I found this script a good base for monitoring if there is an update available. It seems like a clever way (grabbing version from release notes (being already downloaded every day at 10pm, see crontab -l) and comparing it to the running version.
I asked ChatGPT to help me create a script UpdateStatusSNMP.sh
This will return true/false depending if there is an update available or not.
Don't forget to chmod +x UpdateStatusSNMP.sh to make it executable.
Then we add it to the SNMP values by putting the following line at the bottom of /usr/local/share/snmp/snmpd.conf
Restart SNMPD with service snmpd restart
Now we have to find out which snmp OID we need to retrieve the value. We can do this with the command
(You might have to change 127.0.0.1 to the IP's you have SNMP configured to listen on)
This will give the following output (if your system is up to date, otherwise it will be 'true'):
NET-SNMP-EXTEND-MIB::nsExtendOutLine."SystemUpdateAvailable".1 = STRING: false
Now we want to have the corresponding numerical OID so we can configure it in our SNMP software. First we need the base OID for the extended sensors, find it like this:
Result:
.1.3.6.1.4.1.8072.1.3.2.4.1.2
Then we can do an snmpwalk starting on that address, which will give us the (very long!) OID we can use:
I have this configured in PRTG as SNMP Custom String sensor and have it check every 24h. I have configured the sensor to go into warning state by putting 'false' in the value "Response Must Include (Warning Status If Not Included)"
Should you reboot OPNsense, the modification tosnmpd.conf will disappear and you have to put it back in. You can make it persistent by reconfiguring SNMP, see these steps.
I was also looking for something like this. I monitor various statistics of my OPNsense box over SNMP with PRTG Network Monitor.
A sensor to see if OPNsense has an update available was still on my wishlist. I managed to create one. Here's how i did it:
I found this script a good base for monitoring if there is an update available. It seems like a clever way (grabbing version from release notes (being already downloaded every day at 10pm, see crontab -l) and comparing it to the running version.
I asked ChatGPT to help me create a script UpdateStatusSNMP.sh
Code (sh) Select
#!/bin/sh
#
# Script inspired by https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-opnsense-checkmk/blob/main/files/firmware_status.py
#
installed_version=$(/usr/local/sbin/opnsense-version -v | cut -d'_' -f1)
# Fetch the most recent version from the changelog
most_recent_version=$(tail -n 2 /usr/local/opnsense/changelog/index.json | tr -d '\n' | grep -o '"version":"[^"]*' | awk -F '"' '{print $4}' | tail -n 1)
if [ "$installed_version" != "$most_recent_version" ]; then
update_available=true
else
update_available=false
fi
echo "$update_available"This will return true/false depending if there is an update available or not.
Don't forget to chmod +x UpdateStatusSNMP.sh to make it executable.
Then we add it to the SNMP values by putting the following line at the bottom of /usr/local/share/snmp/snmpd.conf
Code Select
extend SystemUpdateAvailable /root/UpdateStatusSNMP.shRestart SNMPD with service snmpd restart
Now we have to find out which snmp OID we need to retrieve the value. We can do this with the command
Code Select
snmpwalk -c public -v 2c 127.0.0.1 nsExtendOutLine
(You might have to change 127.0.0.1 to the IP's you have SNMP configured to listen on)
This will give the following output (if your system is up to date, otherwise it will be 'true'):
NET-SNMP-EXTEND-MIB::nsExtendOutLine."SystemUpdateAvailable".1 = STRING: false
Now we want to have the corresponding numerical OID so we can configure it in our SNMP software. First we need the base OID for the extended sensors, find it like this:
Code Select
snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutLine
Result:
.1.3.6.1.4.1.8072.1.3.2.4.1.2
Then we can do an snmpwalk starting on that address, which will give us the (very long!) OID we can use:
Code Select
snmpwalk -c public -v 2c -On 127.0.0.1 .1.3.6.1.4.1.8072.1.3.2.4.1.2
.1.3.6.1.4.1.8072.1.3.2.4.1.2.21.83.121.115.116.101.109.85.112.100.97.116.101.65.118.97.105.108.97.98.108.101.1 = STRING: false
I have this configured in PRTG as SNMP Custom String sensor and have it check every 24h. I have configured the sensor to go into warning state by putting 'false' in the value "Response Must Include (Warning Status If Not Included)"
Should you reboot OPNsense, the modification tosnmpd.conf will disappear and you have to put it back in. You can make it persistent by reconfiguring SNMP, see these steps.
