FreeBSD Packet Filter flow templates.

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

idle
Cacti User
Posts: 77
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

FreeBSD Packet Filter flow templates.

Post by idle »

Hi!
This is templates for monitoring FreeBSD Packet Filter flow statistics. Tested on cacti-0.8.6h.
Works only on snmp version above 1.

For now I'v wrote only templates for querying bytes in/out, but there is(in pf-mib) also a lot of other info(altq,states,tables,etc), so someone could easy improvement this.
Feedback is appreciated.
Attachments
pff.png
pff.png (35.18 KiB) Viewed 26149 times
pf_flow.xml
(2.05 KiB) Downloaded 2567 times
cacti_data_query_packet_filter_statistic.xml
(22.29 KiB) Downloaded 1711 times
cacti_data_template_packet_filter_statistic.xml
(8.32 KiB) Downloaded 1628 times
cacti_graph_template_bsd_packet_filter_flow.xml
(20.52 KiB) Downloaded 1981 times
Last edited by idle on Wed Jan 16, 2008 1:48 am, edited 3 times in total.
YoMarK
Cacti User
Posts: 89
Joined: Fri Feb 02, 2007 8:36 am
Location: Eindhoven/The Netherlands

Post by YoMarK »

Hello idle,

Looks great, but the data query looks for a pf_flow.xml.
Could you please include this file with you post?
Thank you!

--Mark
idle
Cacti User
Posts: 77
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

Post by idle »

Oops, I thought all templates exporting from cacti interface... somehow its not true...
Added.
YoMarK
Cacti User
Posts: 89
Joined: Fri Feb 02, 2007 8:36 am
Location: Eindhoven/The Netherlands

Post by YoMarK »

Seems to be working great! Thank you!

I'm using it now on a few pfSense firewalls.
dagonet
Cacti User
Posts: 90
Joined: Sat Oct 29, 2005 4:05 pm
Location: Wuerzburg

Re: FreeBSD Packet Filter flow templates.

Post by dagonet »

idle wrote:Hi!
This is templates for monitoring FreeBSD Packet Filter flow statistics. Tested on cacti-0.8.6h.
Image
Hi,
I have no Packetfilter mib for my FreeBSD. Where did you get yours? The mentioned pf-mib is just for OpenBSD.

Regards
Dagonet
idle
Cacti User
Posts: 77
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

Re: FreeBSD Packet Filter flow templates.

Post by idle »

dagonet wrote:Hi,
I have no Packetfilter mib for my FreeBSD. Where did you get yours? The mentioned pf-mib is just for OpenBSD.

Regards
Dagonet

Code: Select all

[idle@idle ~]#locate BEGEMOT-PF-MIB
/usr/local/share/snmp/mibs/BEGEMOT-PF-MIB.txt
/usr/share/snmp/mibs/BEGEMOT-PF-MIB.txt
/usr/src/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
[idle@idle ~]#uname -rs
FreeBSD 6.1-RELEASE
dagonet
Cacti User
Posts: 90
Joined: Sat Oct 29, 2005 4:05 pm
Location: Wuerzburg

Re: FreeBSD Packet Filter flow templates.

Post by dagonet »

Code: Select all

[idle@idle ~]#locate BEGEMOT-PF-MIB
/usr/local/share/snmp/mibs/BEGEMOT-PF-MIB.txt
/usr/share/snmp/mibs/BEGEMOT-PF-MIB.txt
/usr/src/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
[idle@idle ~]#uname -rs
FreeBSD 6.1-RELEASE
[/quote]
Thanks for your answer. So, as far as I can see, you are not using net-snmp but the bsnmpd of FreeBSD.

Dagonet
idle
Cacti User
Posts: 77
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

Re: FreeBSD Packet Filter flow templates.

Post by idle »

dagonet wrote:Thanks for your answer. So, as far as I can see, you are not using net-snmp but the bsnmpd of FreeBSD.

Dagonet
I'm using both.
I didn't found how to attach pf-mib to net-snmp, so I make it in a short/lazy way(although I guess there should be better one).
I'v bind bsnmpd to other port and setup snmp-proxy.
Following have to be done to make this work.
Edit /etc/snmp.config to change community string and port.

Code: Select all

read := "community" # community string
begemotSnmpdPortStatus.127.0.0.1.3408 = 1 # I choose 3408 for differ port.
begemotSnmpdModulePath."pf"     = "/usr/lib/snmp_pf.so" # uncomment for pf stats
Edit /usr/local/share/snmp/snmpd.conf to add proxy string:

Code: Select all

proxy -v 2c -c community localhost:3408 .1.3.6.1.4.1.12325
Restart bsnmpd, snmpd and check.
Good luck.
mike83
Posts: 1
Joined: Fri Sep 07, 2007 12:15 pm

Post by mike83 »

hi,

i get an error when running the poller

Code: Select all

# php poller.php
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.4.1.12325.1.200.1.8.2.1.7.4

Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.4.1.12325.1.200.1.8.2.1.10.4

Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.4.1.12325.1.200.1.8.2.1.8.4

Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.4.1.12325.1.200.1.8.2.1.9.4

OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.01 r:0.02
but when running snmpwalk it seems to work

Code: Select all

snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.12325.1.200.1.8.2.1.8.4
SNMPv2-SMI::enterprises.12325.1.200.1.8.2.1.8.4 = Counter64: 126119760
i used the proxy method mentioned above.
(running a freebsd 6.2 system)

thx, Mike

----
D'oh!
should use snmp v2 in cacti ...
sorry for bothering you :)
linvix
Posts: 4
Joined: Thu Oct 04, 2007 6:35 pm

help con pf on freebsd

Post by linvix »

Hello friends

I am trying to install your templates, and make it work, but did not get a result, when I want to create a plot, this is the message:

Data Query Debug Information
+ Running data query [10].
+ Found type = '3' [snmp query].
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pf_flow.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.4.1.12325.1.200.1.8.2.1'
+ No SNMP data returned
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pf_flow.xml'
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pf_flow.xml'
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pf_flow.xml'


My apology bad language, I am Cuban and used a translator
roylan
idle
Cacti User
Posts: 77
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

Re: help con pf on freebsd

Post by idle »

linvix wrote: + No SNMP data returned
Check that you are using snmp above version 1.
For FreeBSD PF-MIB available through bsnmpd agent, so if you are using any other(net-snmpd as everyone) you have to hook PF-MIB into snmp-agent that you are using.
Read above for details.
linvix
Posts: 4
Joined: Thu Oct 04, 2007 6:35 pm

help with pf y cacti

Post by linvix »

Hello.

Thank you for responding.

Estou using version 1 snmpd in cacti.
I read the instructions above but does not work for me.

Lso you attached files and snmp.config snmpd.conf, I ask whether this within your chances of the review ...

Thank you for help
Attachments
bsnmpd.tar
bsnmpd.config
(1.19 KiB) Downloaded 893 times
net-snmpd.tar
net-snmpd.conf
(2.03 KiB) Downloaded 861 times
idle
Cacti User
Posts: 77
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

Post by idle »

Comment out first occurrence of begemotSnmpdPortStatus option in your bsnmpd.conf, you have it twice. Restart bsnmpd, check that its listen correct port:

Code: Select all

[idle@idle ~]#sockstat -4l | grep bsnmpd
root     bsnmpd     1077  5  udp4   *:*                   *:*
root     bsnmpd     1077  7  udp4   127.0.0.1:3408        *:*
and check bsnmpd with snmpwalk:

Code: Select all

snmpwalk -v 2c -c <community> localhost:3408 .1.3.6.1.4.1.12325
then check snmpd, same way, without port:

Code: Select all

snmpwalk -v 2c -c <community> localhost .1.3.6.1.4.1.12325
When restarting both snmpd agents be careful - they trying to use same pid file. You have to manually edit one of them startup script, to fix it, or restart with command kill -HUP <pid>.
Last edited by idle on Wed Oct 17, 2007 12:29 am, edited 1 time in total.
linvix
Posts: 4
Joined: Thu Oct 04, 2007 6:35 pm

Thank you very much for your help, everything fuinciona very

Post by linvix »

Thank you very much for your help, everything fuinciona very well ..

roylan
fredde
Posts: 8
Joined: Sat Apr 02, 2005 3:27 am

Post by fredde »

i´m running 0.8.7b Debian
cant seem to import the pf_flow_167.xml doesent return anything after import.

also when i´m trying to create graphs i get this

Data Query [Packet Filter statistic]
Error in data query.

regards /F
Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests