Starting bsnmp OPNSense

[toshiiiiiiii]

Hello everyone,

I've been trying to figure out why I cannot start the bsnmpd service in opnsense. I have edited the /var/db/etcupdate/current/etc/snmpd.config and changed its configuration same as the configuration here https://nsrc.org/workshops/2014/caren-nsrc-dante/raw-attachment/wiki/Agenda/dns-enable-snmp-freebsd.htm

I am new using freeBSD, any replies would be greatly appreciated. I am trying to monitor the CPU, RAM usage, and bandwidth of my machine using opnNMS.

Thanks!

[bartjsmit]

It's enabled through a plugin. System, firmware, plugins

Bart...

[toshiiiiiiii]

I just can't seem to start the bsnmp service. When I use service bsnmpd onestart it just says Starting bsnmpd. And when I use service bsnmpd onestatus it says bsnmpd is not working. Here's my /var/db/etcupdate/current/etc/snmpd.config

Code: [Select]

# $FreeBSD$
#
# Example configuration file for bsnmpd(1).
#

#
# Set some common variables
#
location := "OpnSense"
contact := "toshi"
system := 1 # FreeBSD
traphost := 192.168.3.69
trapport := 162

#
# Set the SNMP engine ID.
#
# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
# this configuration file, an ID is assigned based on the value of the
# kern.hostid variable
# engine := 0x80:0x10:0x08:0x10:0x80:0x25
# snmpEngineID = $(engine)

# Change this!
read := "OpnSense"
# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
# string to enable write access.
write := "geheim"
trap := "mytrap"

#
# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
#

NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4

#
# Enumerations from SNMP-FRAMEWORK-MIB
#

# Security models
securityModelAny := 0
securityModelSNMPv1 := 1
securityModelSNMPv2c := 2
securityModelUSM := 3

# Message Processing models
MPmodelSNMPv1 := 0
MPmodelSNMPv2c := 1
MPmodelSNMPv3 := 3

# Security levels
noAuthNoPriv := 1
authNoPriv := 2
authPriv := 3


# SNMPv3 USM User definition
#
# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
# with a private password "bsnmptest", localized for the above engine ID.
#
#user1 := "bsnmp"
#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60

#
# Configuration
#
%snmpd
begemotSnmpdDebugDumpPdus = 2
begemotSnmpdDebugSyslogPri = 7

#
# Set the read and write communities.
#
# The default value of the community strings is NULL (note, that this is
# different from the empty string). This disables both read and write access.
# To enable read access only the read community string must be set. Setting
# the write community string enables both read and write access with that
# string.
#
# Be sure to understand the security implications of SNMPv2 - the community
# strings are readable on the wire!
#
begemotSnmpdCommunityString.0.1 = $(read)
# begemotSnmpdCommunityString.0.2 = $(write)
begemotSnmpdCommunityDisable = 1

# open standard SNMP ports
begemotSnmpdPortStatus.0.0.0.0.161 = 1

# open a unix domain socket
begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4

# send traps to the traphost
begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)

sysContact = $(contact)
sysLocation = $(location)
sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)

snmpEnableAuthenTraps = 2

#
# SNMPv3 User-based security module - must be loaded for SNMPv3 USM
#
#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"

#
# SNMPv3 USM User definition.
#

#%usm

#
# The following block creates a user with name "bsnmp" and sets privacy
# and encryption options to SHA256 message digests and AES encryption
# for this user.
#
# usmUserStatus.$(engine).$(user1) = 5
# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
# usmUserStatus.$(engine).$(user1) = 1
#

#
# The following block creates a user with name "public" with no authentication
# or encryption options.
#
# usmUserStatus.$(engine).$(read) = 5
# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
# usmUserStatus.$(engine).$(read) = 1
#

#
# SNMPv3 View-based Access Control module
#
#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"

#
# Definition of view-based access control entries.
#
#%vacm

# Definition of a SNMPv1 group
# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)

# Definition of SNMPv2 group
# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)

# Definition of SNMPv3 group with users "bsnmp" and "public"
# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
# vacmGroupName.$(securityModelUSM).$(user1) = $(write)
# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
# vacmGroupName.$(securityModelUSM).$(read) = $(write)

#
# The OID of the .iso.org.dod.internet subtree
#
 internetoid := .1
 internetoidlen := 4

#
# Definitions of two views
#
# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4

#
# Access control
#

#
# Read-only access for SNMPv1 users
#
# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"

#
# Read-write access for SNMPv2 users
#
# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"

#
# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
#
# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"

#
#Read-write-notify access to restricted for SNMPv3 USM users with authPriv
#
# vacmAccessStatus.$(write)."".3.$(authPriv) = 4
# vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted"
# vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
# vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"

#
# SNMPv3 Notification Targets
#
# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so"


#%target
# Send notifications to target tag "test"
# tag := "test"
# snmpNotifyRowStatus.$(tag) = 4
# snmpNotifyTag.$(tag) = $(tag)

# tagremote := "testremote"
# snmpNotifyRowStatus.$(tagremote) = 4
# snmpNotifyTag.$(tagremote) = $(tagremote)

#
# Specify the target parameters for the notifications - send with the credentials
# of user "bsnmp"
#
# snmpTargetParamsRowStatus.$(tag) = 5
# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
# snmpTargetParamsSecurityName.$(tag) = $(user1)
# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
# snmpTargetParamsRowStatus.$(tag) = 1

#
# Define the notifications' target address - port 162 on localhost
#
# snmpTargetAddrRowStatus.$(tag) = 5
# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
# snmpTargetAddrTagList.$(tag) = "test notification"
# snmpTargetAddrParams.$(tag) = $(tag)
# snmpTargetAddrRowStatus.$(tag) = 1

#
# Define the notifications' target address - port 162 on 10.0.0.1
#
# snmpTargetAddrRowStatus.$(tagremote) = 5
# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
# snmpTargetAddrTagList.$(tagremote) = $(tagremote)
# snmpTargetAddrParams.$(tagremote) = $(tag)
# snmpTargetAddrRowStatus.$(tagremote) = 1

#
# Load MIB-2 module
#
begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"

# Force a polling rate for the 64-bit interface counters in case
# the automatic computation is wrong (which may be the case if an interface
# announces the wrong bit rate via its MIB).
#%mibII
#begemotIfForcePoll = 2000


# Netgraph module
#
#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
#
#%netgraph
#begemotNgControlNodeName = "snmpd"

#
# LM75 Sensor module
#
#begemotSnmpdModulePath."lm75" = "/usr/lib/snmp_lm75.so"

#
# pf(4) module
#
#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"

#
# Host resources module
#  This requires the mibII module.
#
#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"

#
# Bridge module
#  This requires the mibII module.
#
#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"

#
# Wireless module
#  This requires the mibII module.
#
#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"


[franco]

There should be a system log... Are you using the plugin?

You cannot use "service bsnmpd ..." because that's not properly configured for the console. The GUI takes care of starting and stopping it properly. You should even see a status indicator on the SNMP Service page, the services diagnostics page or the services widget on the dashboard.


Cheers,
Franco