Source: https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/app/opnsense_snmp?at=release/7.4
OPNsense by SNMP
Overview
Template for monitoring OPNsense by SNMP
Requirements
Zabbix version: 7.4 and higher.
Tested versions
This template has been tested on:
- OPNsense 22.1.9, 25.1
Configuration
Zabbix should be configured according to the instructions in the Templates out of the box section.
Setup
- Enable bsnmpd daemon by creating new config file "/etc/rc.conf.d/bsnmpd" with the following content: bsnmpd_enable="YES"
- Uncomment the following lines in "/etc/snmpd.config" file to enable required SNMP modules: begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
- Start bsnmpd daemon with the following command: /etc/rc.d/bsnmpd start
- Setup a firewall rule to get access from Zabbix proxy or Zabbix server by SNMP (https://docs.opnsense.org/manual/firewall.html).
- Link the template to a host.
Macros used
| Name | Description | Default |
|---|---|---|
| {$IF.ERRORS.WARN} | Threshold of error packets rate for warning trigger. Can be used with interface name as context. |
2 |
| {$IF.UTIL.MAX} | Threshold of interface bandwidth utilization for warning trigger in %. Can be used with interface name as context. |
90 |
| {$IFCONTROL} | Macro for operational state of the interface for link down trigger. Can be used with interface name as context. |
1 |
| {$NET.IF.IFADMINSTATUS.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
^.* |
| {$NET.IF.IFADMINSTATUS.NOT_MATCHES} | Ignore down(2) administrative status. |
^2$ |
| {$NET.IF.IFALIAS.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
.* |
| {$NET.IF.IFALIAS.NOT_MATCHES} | This macro is used in filters of network interfaces discovery rule. |
CHANGE_IF_NEEDED |
| {$NET.IF.IFDESCR.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
.* |
| {$NET.IF.IFDESCR.NOT_MATCHES} | This macro is used in filters of network interfaces discovery rule. |
CHANGE_IF_NEEDED |
| {$NET.IF.IFNAME.NOT_MATCHES} | This macro is used in filters of network interfaces discovery rule. |
(^pflog[0-9.]*$|^pfsync[0-9.]*$) |
| {$NET.IF.IFOPERSTATUS.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
^.*$ |
| {$NET.IF.IFOPERSTATUS.NOT_MATCHES} | Ignore notPresent(6). |
^6$ |
| {$NET.IF.IFTYPE.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
.* |
| {$NET.IF.IFTYPE.NOT_MATCHES} | This macro is used in filters of network interfaces discovery rule. |
CHANGE_IF_NEEDED |
| {$SNMP.TIMEOUT} | The time interval for SNMP availability trigger. |
5m |
| {$STATE.TABLE.UTIL.MAX} | Threshold of state table utilization trigger in %. |
90 |
| {$SOURCE.TRACKING.TABLE.UTIL.MAX} | Threshold of source tracking table utilization trigger in %. |
90 |
Items
| Name | Description | Type | Key and additional info |
|---|---|---|---|
| SNMP walk network interfaces | Discovering interfaces from IF-MIB. |
SNMP agent | net.if.walk |
| SNMP walk pf network interfaces | MIB: BEGEMOT-PF-MIB SNMP walk through pfInterfacesIfTable. The collected data used in network interfaces LLD for dependent item prototypes. |
SNMP agent | net.if.pf.walk Preprocessing
|
| SNMP walk software | MIB: HOST-RESOURCES-MIB SNMP walk through hrSWRunTable. The collected data used in dependent service status items. |
SNMP agent | opnsense.sw.walk Preprocessing
|
| SNMP walk pf counters | MIB: BEGEMOT-PF-MIB SNMP walk through pfCounter. The collected data used in dependent pf counter items. |
SNMP agent | opnsense.pf_counters.walk |
| SNMP agent availability | Availability of SNMP checks on the host. The value of this item corresponds to availability icons in the host list. Possible values: 0 - not available 1 - available 2 - unknown |
Zabbix internal | zabbix[host,snmp,available] |
| Packet filter running status | MIB: BEGEMOT-PF-MIB True if packet filter is currently enabled. |
SNMP agent | opnsense.pf.status |
| States table current | MIB: BEGEMOT-PF-MIB Number of entries in the state table. |
SNMP agent | opnsense.state.table.count |
| States table limit | MIB: BEGEMOT-PF-MIB Maximum number of 'keep state' rules in the ruleset. |
SNMP agent | opnsense.state.table.limit |
| States table utilization in % | Utilization of state table in %. |
Calculated | opnsense.state.table.pused |
| Source tracking table current | MIB: BEGEMOT-PF-MIB Number of entries in the source tracking table. |
SNMP agent | opnsense.source.tracking.table.count |
| Source tracking table limit | MIB: BEGEMOT-PF-MIB Maximum number of 'sticky-address' or 'source-track' rules in the ruleset. |
SNMP agent | opnsense.source.tracking.table.limit |
| Source tracking table utilization in % | Utilization of source tracking table in %. |
Calculated | opnsense.source.tracking.table.pused |
| DHCP server status | MIB: HOST-RESOURCES-MIB The status of DHCP server process. |
Dependent item | opnsense.dhcpd.status Preprocessing
|
| DNS server status | MIB: HOST-RESOURCES-MIB The status of DNS server process. |
Dependent item | opnsense.dns.status Preprocessing
|
| Web server status | MIB: HOST-RESOURCES-MIB The status of lighttpd process. |
Dependent item | opnsense.lighttpd.status Preprocessing
|
| Packets matched a filter rule | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
Dependent item | opnsense.packets.match Preprocessing
|
| Packets with bad offset | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
Dependent item | opnsense.packets.bad.offset Preprocessing
|
| Fragmented packets | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
Dependent item | opnsense.packets.fragment Preprocessing
|
| Short packets | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
Dependent item | opnsense.packets.short Preprocessing
|
| Normalized packets | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
Dependent item | opnsense.packets.normalize Preprocessing
|
| Packets dropped due to memory limitation | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
Dependent item | opnsense.packets.mem.drop Preprocessing
|
| Firewall rules count | MIB: BEGEMOT-PF-MIB The number of labeled filter rules on this system. |
SNMP agent | opnsense.rules.count |
Triggers
| Name | Description | Expression | Severity | Dependencies and additional info |
|---|---|---|---|---|
| OPNsense: No SNMP data collection | SNMP is not available for polling. Please check device connectivity and SNMP settings. |
max(/OPNsense by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0 |
Warning | |
| OPNsense: Packet filter is not running | Please check PF status. |
last(/OPNsense by SNMP/opnsense.pf.status)<>1 |
High | |
| OPNsense: State table usage is high | Please check the number of connections. |
min(/OPNsense by SNMP/opnsense.state.table.pused,#3)>{$STATE.TABLE.UTIL.MAX} |
Warning | |
| OPNsense: Source tracking table usage is high | Please check the number of sticky connections. |
min(/OPNsense by SNMP/opnsense.source.tracking.table.pused,#3)>{$SOURCE.TRACKING.TABLE.UTIL.MAX} |
Warning | |
| OPNsense: DHCP server is not running | Please check DHCP server settings. |
last(/OPNsense by SNMP/opnsense.dhcpd.status)=0 |
Average | |
| OPNsense: DNS server is not running | Please check DNS server settings. |
last(/OPNsense by SNMP/opnsense.dns.status)=0 |
Average | |
| OPNsense: Web server is not running | Please check lighttpd service status. |
last(/OPNsense by SNMP/opnsense.lighttpd.status)=0 |
Average |
LLD rule Network interfaces discovery
| Name | Description | Type | Key and additional info |
|---|---|---|---|
| Network interfaces discovery | Discovering interfaces from IF-MIB. |
Dependent item | opnsense.net.if.discovery Preprocessing
|
Item prototypes for Network interfaces discovery
| Name | Description | Type | Key and additional info |
|---|---|---|---|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound packets discarded | MIB: IF-MIB The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
Dependent item | net.if.in.discards[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound packets with errors | MIB: IF-MIB For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
Dependent item | net.if.in.errors[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Bits received | MIB: IF-MIB The total number of octets received on the interface, including framing characters. This object is a 64-bit version of ifInOctets. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
Dependent item | net.if.in[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound packets discarded | MIB: IF-MIB The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
Dependent item | net.if.out.discards[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound packets with errors | MIB: IF-MIB For packet-oriented interfaces, the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
Dependent item | net.if.out.errors[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Bits sent | MIB: IF-MIB The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of ifOutOctets.Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
Dependent item | net.if.out[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Speed | MIB: IF-MIB An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of |
Dependent item | net.if.speed[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Operational status | MIB: IF-MIB The current operational state of the interface. - The testing(3) state indicates that no operational packet scan be passed - If ifAdminStatus is down(2) then ifOperStatus should be down(2) - If ifAdminStatus is changed to up(1) then ifOperStatus should change to up(1) if the interface is ready to transmit and receive network traffic - It should change todormant(5) if the interface is waiting for external actions (such as a serial line waiting for an incoming connection) - It should remain in the down(2) state if and only if there is a fault that prevents it from going to the up(1) state - It should remain in the notPresent(6) state if the interface has missing(typically, hardware) components. |
Dependent item | net.if.status[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Interface type | MIB: IF-MIB The type of interface. Additional values for ifType are assigned by the Internet Assigned Numbers Authority (IANA), through updating the syntax of the IANAifType textual convention. |
Dependent item | net.if.type[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Rules references count | MIB: BEGEMOT-PF-MIB The number of rules referencing this interface. |
Dependent item | net.if.rules.refs[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv4 traffic passed | MIB: BEGEMOT-PF-MIB IPv4 bits per second passed coming in on this interface. |
Dependent item | net.if.in.pass.v4.bps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv4 traffic blocked | MIB: BEGEMOT-PF-MIB IPv4 bits per second blocked coming in on this interface. |
Dependent item | net.if.in.block.v4.bps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv4 traffic passed | MIB: BEGEMOT-PF-MIB IPv4 bits per second passed going out on this interface. |
Dependent item | net.if.out.pass.v4.bps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv4 traffic blocked | MIB: BEGEMOT-PF-MIB IPv4 bits per second blocked going out on this interface. |
Dependent item | net.if.out.block.v4.bps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv4 packets passed | MIB: BEGEMOT-PF-MIB The number of IPv4 packets passed coming in on this interface. |
Dependent item | net.if.in.pass.v4.pps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv4 packets blocked | MIB: BEGEMOT-PF-MIB The number of IPv4 packets blocked coming in on this interface. |
Dependent item | net.if.in.block.v4.pps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv4 packets passed | MIB: BEGEMOT-PF-MIB The number of IPv4 packets passed going out on this interface. |
Dependent item | net.if.out.pass.v4.pps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv4 packets blocked | MIB: BEGEMOT-PF-MIB The number of IPv4 packets blocked going out on this interface. |
Dependent item | net.if.out.block.v4.pps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv6 traffic passed | MIB: BEGEMOT-PF-MIB IPv6 bits per second passed coming in on this interface. |
Dependent item | net.if.in.pass.v6.bps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv6 traffic blocked | MIB: BEGEMOT-PF-MIB IPv6 bits per second blocked coming in on this interface. |
Dependent item | net.if.in.block.v6.bps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv6 traffic passed | MIB: BEGEMOT-PF-MIB IPv6 bits per second passed going out on this interface. |
Dependent item | net.if.out.pass.v6.bps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv6 traffic blocked | MIB: BEGEMOT-PF-MIB IPv6 bits per second blocked going out on this interface. |
Dependent item | net.if.out.block.v6.bps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv6 packets passed | MIB: BEGEMOT-PF-MIB The number of IPv6 packets passed coming in on this interface. |
Dependent item | net.if.in.pass.v6.pps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv6 packets blocked | MIB: BEGEMOT-PF-MIB The number of IPv6 packets blocked coming in on this interface. |
Dependent item | net.if.in.block.v6.pps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv6 packets passed | MIB: BEGEMOT-PF-MIB The number of IPv6 packets passed going out on this interface. |
Dependent item | net.if.out.pass.v6.pps[{#SNMPINDEX}] Preprocessing
|
| Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv6 packets blocked | MIB: BEGEMOT-PF-MIB The number of IPv6 packets blocked going out on this interface. |
Dependent item | net.if.out.block.v6.pps[{#SNMPINDEX}] Preprocessing
|
Trigger prototypes for Network interfaces discovery
| Name | Description | Expression | Severity | Dependencies and additional info |
|---|---|---|---|---|
| OPNsense: Interface [{#IFNAME}({#IFALIAS})]: High input error rate | It recovers when it is below 80% of the |
min(/OPNsense by SNMP/net.if.in.errors[{#SNMPINDEX}],5m)>{$IF.ERRORS.WARN:"{#IFNAME}"} |
Warning | Depends on:
|
| OPNsense: Interface [{#IFNAME}({#IFALIAS})]: High inbound bandwidth usage | The utilization of the network interface is close to its estimated maximum bandwidth. |
(avg(/OPNsense by SNMP/net.if.in[{#SNMPINDEX}],15m)>({$IF.UTIL.MAX:"{#IFNAME}"}/100)*last(/OPNsense by SNMP/net.if.speed[{#SNMPINDEX}])) and last(/OPNsense by SNMP/net.if.speed[{#SNMPINDEX}])>0 |
Warning | Depends on:
|
| OPNsense: Interface [{#IFNAME}({#IFALIAS})]: High output error rate | It recovers when it is below 80% of the |
min(/OPNsense by SNMP/net.if.out.errors[{#SNMPINDEX}],5m)>{$IF.ERRORS.WARN:"{#IFNAME}"} |
Warning | Depends on:
|
| OPNsense: Interface [{#IFNAME}({#IFALIAS})]: High outbound bandwidth usage | The utilization of the network interface is close to its estimated maximum bandwidth. |
(avg(/OPNsense by SNMP/net.if.out[{#SNMPINDEX}],15m)>({$IF.UTIL.MAX:"{#IFNAME}"}/100)*last(/OPNsense by SNMP/net.if.speed[{#SNMPINDEX}])) and last(/OPNsense by SNMP/net.if.speed[{#SNMPINDEX}])>0 |
Warning | Depends on:
|
| OPNsense: Interface [{#IFNAME}({#IFALIAS})]: Ethernet has changed to lower speed than it was before | This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Acknowledge to close the problem manually. |
change(/OPNsense by SNMP/net.if.speed[{#SNMPINDEX}])<0 and last(/OPNsense by SNMP/net.if.speed[{#SNMPINDEX}])>0 and ( last(/OPNsense by SNMP/net.if.type[{#SNMPINDEX}])=6 or last(/OPNsense by SNMP/net.if.type[{#SNMPINDEX}])=7 or last(/OPNsense by SNMP/net.if.type[{#SNMPINDEX}])=11 or last(/OPNsense by SNMP/net.if.type[{#SNMPINDEX}])=62 or last(/OPNsense by SNMP/net.if.type[{#SNMPINDEX}])=69 or last(/OPNsense by SNMP/net.if.type[{#SNMPINDEX}])=117 ) and (last(/OPNsense by SNMP/net.if.status[{#SNMPINDEX}])<>2) |
Info | Depends on:
|
| OPNsense: Interface [{#IFNAME}({#IFALIAS})]: Link down | This trigger expression works as follows: |
{$IFCONTROL:"{#IFNAME}"}=1 and (last(/OPNsense by SNMP/net.if.status[{#SNMPINDEX}])=2) |
Average |
Feedback
Please report any issues with the template at https://support.zabbix.com
You can also provide feedback, discuss the template, or ask for help at ZABBIX forums
