FreeBSD Packet Filter flow templates.

Templates, scripts for templates, scripts and requests for templates.

Moderators: Moderators, Developers

Author
Message
idle
Cacti User
Posts: 76
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

FreeBSD Packet Filter flow templates.

#1 Post by idle » Thu Feb 01, 2007 5:13 am

Hi!
This is templates for monitoring FreeBSD Packet Filter flow statistics. Tested on cacti-0.8.6h.
Works only on snmp version above 1.

For now I'v wrote only templates for querying bytes in/out, but there is(in pf-mib) also a lot of other info(altq,states,tables,etc), so someone could easy improvement this.
Feedback is appreciated.
Attachments
pff.png
pff.png (35.18 KiB) Viewed 24460 times
pf_flow.xml
(2.05 KiB) Downloaded 2349 times
cacti_data_query_packet_filter_statistic.xml
(22.29 KiB) Downloaded 1643 times
cacti_data_template_packet_filter_statistic.xml
(8.32 KiB) Downloaded 1559 times
cacti_graph_template_bsd_packet_filter_flow.xml
(20.52 KiB) Downloaded 1895 times
Last edited by idle on Wed Jan 16, 2008 1:48 am, edited 3 times in total.

YoMarK
Cacti User
Posts: 78
Joined: Fri Feb 02, 2007 8:36 am
Location: Eindhoven/The Netherlands

#2 Post by YoMarK » Fri Feb 02, 2007 8:38 am

Hello idle,

Looks great, but the data query looks for a pf_flow.xml.
Could you please include this file with you post?
Thank you!

--Mark

idle
Cacti User
Posts: 76
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

#3 Post by idle » Fri Feb 02, 2007 9:25 am

Oops, I thought all templates exporting from cacti interface... somehow its not true...
Added.

YoMarK
Cacti User
Posts: 78
Joined: Fri Feb 02, 2007 8:36 am
Location: Eindhoven/The Netherlands

#4 Post by YoMarK » Fri Feb 02, 2007 8:31 pm

Seems to be working great! Thank you!

I'm using it now on a few pfSense firewalls.

dagonet
Cacti User
Posts: 89
Joined: Sat Oct 29, 2005 4:05 pm
Location: Wuerzburg

Re: FreeBSD Packet Filter flow templates.

#5 Post by dagonet » Sun Mar 11, 2007 7:38 am

idle wrote:Hi!
This is templates for monitoring FreeBSD Packet Filter flow statistics. Tested on cacti-0.8.6h.
Image
Hi,
I have no Packetfilter mib for my FreeBSD. Where did you get yours? The mentioned pf-mib is just for OpenBSD.

Regards
Dagonet

idle
Cacti User
Posts: 76
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

Re: FreeBSD Packet Filter flow templates.

#6 Post by idle » Mon Mar 12, 2007 2:56 am

dagonet wrote:Hi,
I have no Packetfilter mib for my FreeBSD. Where did you get yours? The mentioned pf-mib is just for OpenBSD.

Regards
Dagonet

Code: Select all

[[email protected] ~]#locate BEGEMOT-PF-MIB
/usr/local/share/snmp/mibs/BEGEMOT-PF-MIB.txt
/usr/share/snmp/mibs/BEGEMOT-PF-MIB.txt
/usr/src/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
[[email protected] ~]#uname -rs
FreeBSD 6.1-RELEASE

dagonet
Cacti User
Posts: 89
Joined: Sat Oct 29, 2005 4:05 pm
Location: Wuerzburg

Re: FreeBSD Packet Filter flow templates.

#7 Post by dagonet » Wed Mar 28, 2007 2:57 pm

Code: Select all

[[email protected] ~]#locate BEGEMOT-PF-MIB
/usr/local/share/snmp/mibs/BEGEMOT-PF-MIB.txt
/usr/share/snmp/mibs/BEGEMOT-PF-MIB.txt
/usr/src/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
[[email protected] ~]#uname -rs
FreeBSD 6.1-RELEASE
[/quote]
Thanks for your answer. So, as far as I can see, you are not using net-snmp but the bsnmpd of FreeBSD.

Dagonet

idle
Cacti User
Posts: 76
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

Re: FreeBSD Packet Filter flow templates.

#8 Post by idle » Thu Mar 29, 2007 1:38 am

dagonet wrote:Thanks for your answer. So, as far as I can see, you are not using net-snmp but the bsnmpd of FreeBSD.

Dagonet
I'm using both.
I didn't found how to attach pf-mib to net-snmp, so I make it in a short/lazy way(although I guess there should be better one).
I'v bind bsnmpd to other port and setup snmp-proxy.
Following have to be done to make this work.
Edit /etc/snmp.config to change community string and port.

Code: Select all

read := "community" # community string
begemotSnmpdPortStatus.127.0.0.1.3408 = 1 # I choose 3408 for differ port.
begemotSnmpdModulePath."pf"     = "/usr/lib/snmp_pf.so" # uncomment for pf stats
Edit /usr/local/share/snmp/snmpd.conf to add proxy string:

Code: Select all

proxy -v 2c -c community localhost:3408 .1.3.6.1.4.1.12325
Restart bsnmpd, snmpd and check.
Good luck.

mike83
Posts: 1
Joined: Fri Sep 07, 2007 12:15 pm

#9 Post by mike83 » Fri Sep 07, 2007 12:20 pm

hi,

i get an error when running the poller

Code: Select all

# php poller.php
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.4.1.12325.1.200.1.8.2.1.7.4

Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.4.1.12325.1.200.1.8.2.1.10.4

Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.4.1.12325.1.200.1.8.2.1.8.4

Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.4.1.12325.1.200.1.8.2.1.9.4

OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.00 r:0.02
OK u:0.00 s:0.01 r:0.02
but when running snmpwalk it seems to work

Code: Select all

snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.12325.1.200.1.8.2.1.8.4
SNMPv2-SMI::enterprises.12325.1.200.1.8.2.1.8.4 = Counter64: 126119760
i used the proxy method mentioned above.
(running a freebsd 6.2 system)

thx, Mike

----
D'oh!
should use snmp v2 in cacti ...
sorry for bothering you :)

linvix
Posts: 4
Joined: Thu Oct 04, 2007 6:35 pm

help con pf on freebsd

#10 Post by linvix » Sat Oct 13, 2007 10:18 am

Hello friends

I am trying to install your templates, and make it work, but did not get a result, when I want to create a plot, this is the message:

Data Query Debug Information
+ Running data query [10].
+ Found type = '3' [snmp query].
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pf_flow.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.4.1.12325.1.200.1.8.2.1'
+ No SNMP data returned
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pf_flow.xml'
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pf_flow.xml'
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pf_flow.xml'


My apology bad language, I am Cuban and used a translator
roylan

idle
Cacti User
Posts: 76
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

Re: help con pf on freebsd

#11 Post by idle » Mon Oct 15, 2007 12:44 am

linvix wrote: + No SNMP data returned
Check that you are using snmp above version 1.
For FreeBSD PF-MIB available through bsnmpd agent, so if you are using any other(net-snmpd as everyone) you have to hook PF-MIB into snmp-agent that you are using.
Read above for details.

linvix
Posts: 4
Joined: Thu Oct 04, 2007 6:35 pm

help with pf y cacti

#12 Post by linvix » Tue Oct 16, 2007 8:10 am

Hello.

Thank you for responding.

Estou using version 1 snmpd in cacti.
I read the instructions above but does not work for me.

Lso you attached files and snmp.config snmpd.conf, I ask whether this within your chances of the review ...

Thank you for help
Attachments
bsnmpd.tar
bsnmpd.config
(1.19 KiB) Downloaded 836 times
net-snmpd.tar
net-snmpd.conf
(2.03 KiB) Downloaded 808 times

idle
Cacti User
Posts: 76
Joined: Wed May 26, 2004 10:49 am
Location: Barcelona
Contact:

#13 Post by idle » Tue Oct 16, 2007 8:48 am

Comment out first occurrence of begemotSnmpdPortStatus option in your bsnmpd.conf, you have it twice. Restart bsnmpd, check that its listen correct port:

Code: Select all

[[email protected] ~]#sockstat -4l | grep bsnmpd
root     bsnmpd     1077  5  udp4   *:*                   *:*
root     bsnmpd     1077  7  udp4   127.0.0.1:3408        *:*
and check bsnmpd with snmpwalk:

Code: Select all

snmpwalk -v 2c -c <community> localhost:3408 .1.3.6.1.4.1.12325
then check snmpd, same way, without port:

Code: Select all

snmpwalk -v 2c -c <community> localhost .1.3.6.1.4.1.12325
When restarting both snmpd agents be careful - they trying to use same pid file. You have to manually edit one of them startup script, to fix it, or restart with command kill -HUP <pid>.
Last edited by idle on Wed Oct 17, 2007 12:29 am, edited 1 time in total.

linvix
Posts: 4
Joined: Thu Oct 04, 2007 6:35 pm

Thank you very much for your help, everything fuinciona very

#14 Post by linvix » Tue Oct 16, 2007 12:57 pm

Thank you very much for your help, everything fuinciona very well ..

roylan

fredde
Posts: 7
Joined: Sat Apr 02, 2005 3:27 am

#15 Post by fredde » Wed Apr 16, 2008 2:50 pm

i´m running 0.8.7b Debian
cant seem to import the pf_flow_167.xml doesent return anything after import.

also when i´m trying to create graphs i get this

Data Query [Packet Filter statistic]
Error in data query.

regards /F

Post Reply