OpenBSD SNMP MIBs
- SNMP Introduction
- Packet Filter MIB
- Kernel Sensors MIB
- CARP MIB
- Download
- Installation
- Usage
- Credits
- Third-Party Tools
- References
The following SNMP MIBs and the accompying code that extend the net-snmp daemon allow administrators to query information from various OpenBSD subsystems. Currently, stats can be queried from:
- Packet Filter
- The kernel sensors framework
- Common Address Redundancy Protocol (CARP)
As reported on the ports@ mailing list, there were some changes in OpenBSD 4.4 with respect to kmem which had some negative impact on net-snmp. The IF-MIB reports zero interfaces and I also noticed that HOST-RESOURCES-MIB::hrSystemProcesses.0 does not even show up. As per this thread on the ports@ mailing list, the Net-SNMP port in -current has been patched and works nicely. The 4.4 MIBs will work with the -current port.
OpenBSD 4.4 has been released. The MIBs for 4.3 work without modification on 4.4. There are no new features in this release.
May 15, 2008:
MIB for OpenBSD 4.3 was uploaded. No functional change, just an update to keep up with changes in the OS. For anyone doing CARP load balancing, with the changes present in 4.3, you will not be able to see the status of your carp nodes using the MIB; the MIB will only show you the status/advskew/advbase of the main CARP interface.
Please support the OpenBSD project by ordering CDs, T-shirts or posters.
SNMP Introduction
SNMP is the Simple Network Management Protocol. It's used to manage nodes (routers, switches, servers, etc) on an IP network. SNMP allows an administrator to query the current status of a node, collect data for analysis and historical reasons, and to make configuration changes to the node. SNMP also has provisions for a node to send an alarm or a "trap" to a central monitoring station to alert the administrator to possible trouble.
When the node being monitored is a router or firewall, some of the more commonly monitored objects include:
- Interface bytes per second
- Interface packets per second
- Bytes passed/blocked
- Packets passed/blocked
- CPU usage
- Memory usage
- State table size
The list of objects that can be monitored by SNMP is stored in a Management Information Base, or MIB. The MIB defines the name of the object, its data type (integer, string, etc) and the object's location within the MIB heirarchy.
Packet Filter MIB
The PF MIB allows for the querying of objects relating to OpenBSD's Packet Filter firewall software. The following information can be queried from the MIB:
- General info (is PF enabled, the runtime, the hostid)
- Packet counters
- State table counters
- Log interface counters
- Source track counters
- Memory limits
- Protocol timeouts
- Interface stats (number of rules, number of states, bytes passed/blocked, packets passed/blocked, etc)
- Table stats (number of addresses, evaluations, bytes passed/blocked, packets passed/blocked, etc)
- Table content stats (bytes passed/blocked and packets passed/blocked for each address/network within a table)
- Filter rule label counters
- This feature was contributed by Sven Ingebright Ulland <SvenI.Ulland..iu.hio.no>
- pfsync(4) protocol counters
The limitations of the MIB:
- No support for anchors
- No support for any ALTQ/queueing statistics
The MIB tree can be viewed here: PF MIB
tree
A sample walk of the MIB can be seen here: PF
MIB walk
Kernel Sensors MIB
The Kernel Sensors MIB allows for querying information from the OpenBSD kernel sensors. The kernel sensors provide data from various environmental sensors, disk drives, etc.
The MIB reports data in much the same way as the "sysctl hw.sensors" command does.
The MIB tree can be viewed here:
Sensors MIB tree
A sample walk of the MIB can be seen here:
Sensors MIB walk
CARP MIB
The CARP MIB allows for querying the status of carp(4) interfaces. It can be used to determine how many CARP groups are configured on a node, what their state is, and the various operational settings of the CARP group, including advskew, advbase and the carpdev.
The limitations of the MIB:
- The value of the CARP demote counter associated with interface groups is not handled.
- The IP address(es) assigned to the CARP interface is not returned. This can be queried in the ifTable.
- When doing load balancing via CARP, the "carpnodes" are not shown via the MIB.
The MIB tree can be viewed here:
CARP MIB tree
A sample walk of the MIB can be seen here:
CARP MIB walk
Download
The MIBs are available as a patch to the OpenBSD net-snmp port.
- OpenBSD 4.4: obsd-mibs44.tar
- OpenBSD 4.3: obsd-mibs43.tar
- OpenBSD 4.2: obsd-mibs42.tar
- OpenBSD 4.1: obsd-mibs41.tar
- OpenBSD 4.0: obsd-mibs40.tar
Earlier releases only included the PF MIB. These are listed below.
- OpenBSD 4.0: pf-mib40.tar
- OpenBSD 3.9: pf-mib39.tar
- OpenBSD 3.8: pf-mib38.tar
- OpenBSD 3.7: pf-mib37.tar
The pf-mib39 release is backwards compatible with OpenBSD 3.8, however the diff will not apply cleanly to the OpenBSD 3.8 net-snmp port. You will have to resolve any failures by hand.
The OLD, ucd-snmp patch is still available here: pf-mib-ucd.diff. This diff works with ucd-snmp 4.2.6 on OpenBSD 3.5 and 3.6.
Installation
Perform these steps to install the MIB:
- Retrieve the net-snmp port from the OpenBSD ports system
- See http://www.openbsd.org/faq/faq15.html#PortsFetch for details
- Extract the patch tarball
- Apply the included patch
- Build and install the port
Example:
# cd /usr/ports/net/net-snmp
# ftp http://www.packetmischief.ca/openbsd/snmp/obsd-mibsXX.tar
# tar xf obsd-mibsXX.tar
# patch < obsd-mibs.diff
# make install
The MIBs are now installed as part of the net-snmp port.
Usage
The path to the MIBs is .1.3.6.1.4.1.64512 which translates to iso.org.dod.internet.private.enterprises.openBSD. 64512 is a somewhat arbitrarily chosen number that is not currently assigned.
To see what objects are available in the MIB you can either walk the MIB using an SNMP client...
# snmpwalk -v2c -c community host OPENBSD-PF-MIB::pfMIBObjects
# snmpwalk -v2c -c community host OPENBSD-SENSORS-MIB::sensorsMIBObjects
# snmpwalk -v2c -c community host OPENBSD-CARP-MIB::carpMIBObjects
... or you can view the tree:
# snmptranslate -Tp -OS OPENBSD-PF-MIB::pfMIBObjects
# snmptranslate -Tp -OS OPENBSD-SENSORS-MIB::sensorsMIBObjects
# snmptranslate -Tp -OS OPENBSD-CARP-MIB::carpMIBObjects
To query an object in the MIB, find the path to the object you want and append it to .enterprises.openBSD. For example, if you wanted to query the running object, you would determine its path to be pfMIBObjects.info.running.0. Note the 0 (zero) on the end; it is important, so don't omit it. Next you need to tell your snmp client to load the MIB so that it's able to translate the above path to the numeric path. The sequence looks like this:
# export MIBS="+/usr/local/share/snmp/mibs/OPENBSD-PF-MIB.txt"
# snmpget -v2c -c community host \
.enterprises.openBSD.pfMIBObjects.info.running.0
enterprises.openBSD.pfMIBObjects.info.running.0 = true(1)
The output from the snmpget is shown in bold.
To use the MIB with MRTG, you must explicitly load both MIB files in mrtg.cfg:
LoadMIBs: /usr/local/share/snmp/mibs/OPENBSD-BASE-MIB.txt, \
/usr/local/share/snmp/mibs/OPENBSD-PF-MIB.txt \
/usr/local/share/snmp/mibs/OPENBSD-SENSORS-MIB.txt \
/usr/local/share/snmp/mibs/OPENBSD-CARP-MIB.txt
You can then refer to each object you wish to query without including the entire path. For example, to graph the number of in/out IPv4 bytes on the log interface, specify the target like this:
Target[logif_bytes]: ipBytesIn.0&ipBytesOut.0:community@host:::::2
NOTE the 2 at the end! This tells MRTG to use SNMPv2 which is necessary when querying objects that use the Counter64 datatype. Refer to the snmpwalk output for which objects use that datatype, or just use SNMPv2 for each query.
Example MRTG Graphs
Colours[_]: BLUE#6495ED,PURPLE#DA70D6,DARK GREEN#006600,VIOLET#ff00ff,BLACK#000000
XSize[_]: 350
YSize[_]: 100
# pf number of states (openBSD.pfMIBObjects.stateTable.count.0)
Target[pf_states]: .1.3.6.1.4.1.64512.1.3.1.0&.1.3.6.1.4.1.64512.1.3.1.0:public@host
Title[pf_states]: Packet Filter States
LegendI[pf_states]: States
LegendO[pf_states]:
Legend1[pf_states]: States
Legend2[pf_states]:
YLegend[pf_states]: Num States
ShortLegend[pf_states]:
Options[pf_states]: nopercent, growright, integer, gauge, noo
MaxBytes[pf_states]: 10000
WithPeak[pf_states]: dw
PageTop[pf_states]: pf states
# pf interface counters - em0 pass packets
Target[em0_passpkts]: .1.3.6.1.4.1.64512.1.8.128.1.6.1&.1.3.6.1.4.1.64512.1.8.128.1.10.1:public@host:::::2
Title[em0_passpkts]: Packet Filter Passed Packets
LegendI[em0_passpkts]: In
LegendO[em0_passpkts]: Out
Legend1[em0_passpkts]: In
Legend2[em0_passpkts]: Out
YLegend[em0_passpkts]: Packets
ShortLegend[em0_passpkts]: pps
Options[em0_passpkts]: nopercent, growright, integer
MaxBytes[em0_passpkts]: 100000000
PageTop[em0_passpkts]: pf passed packets
# pf interface counters - em0 block packets
Target[em0_blockpkts]: .1.3.6.1.4.1.64512.1.8.128.1.8.1&.1.3.6.1.4.1.64512.1.8.128.1.12.1:public@host:::::2
Title[em0_blockpkts]: Packet Filter Blocked Packets
LegendI[em0_blockpkts]: In
LegendO[em0_blockpkts]: Out
Legend1[em0_blockpkts]: In
Legend2[em0_blockpkts]: Out
YLegend[em0_blockpkts]: Packets
ShortLegend[em0_blockpkts]: pps
Options[em0_blockpkts]: nopercent, growright, integer
MaxBytes[em0_blockpkts]: 100000000
PageTop[em0_blockpkts]: pf blocked packets
Third-Party Tools
Below is a list of tools that others have written to take advantage of the MIBs available here. If you want something added here, please contact me.
| Description | Author | Link |
|---|---|---|
| Nagios check_pf_carp. Generates alarms for CARP hosts that are not in MASTER state. | Brian A. Seklecki | Click |
Credits
The following people have contributed by writing code, reporting bugs, offering suggestions, or sending alchohol :-)
- Sven Ingebrigt Ulland (PF-MIB: labels support)
- Brian A. Seklecki
- Bryan Kaplan
- Bill Cameron
- Clint Byrum
Thank you for your contributions.
References
- RFC 1157 - Simple Network Management Protocol (SNMP)
- RFC 1441 - Introduction to version 2 of the Internet-standard Network Management Framework
- RFC 2578 - Structure of Management Information Version 2 (SMIv2)
- Net-SNMP
- Multi-Router Traffic Grapher (MRTG)
- SMI Network Management Private Enterprise Codes
- SNMP Link