On 2015-01-12, Frédéric URBAN <[email protected]> wrote: > Hi guys, > > I'm trying to find a way to get pf stats (ie: return of pfctl -si) > outside of the host to be sure that pf states count are under a certain > value. Usually I use snmp on other *Nix based OS but with snmpd(8) i'm > unable to achieve this (PF-MIB looks unpopulated).
Using snmpd from the base OS (*not* net-snmp): $ snmpwalk [hostname] enterprises.openBSD.pfMIBObjects OPENBSD-PF-MIB::pfRunning.0 = INTEGER: true(1) OPENBSD-PF-MIB::pfRuntime.0 = Timeticks: (15808100) 1 day, 19:54:41.00 1/100th of a Second OPENBSD-PF-MIB::pfDebug.0 = INTEGER: err(3) OPENBSD-PF-MIB::pfHostid.0 = STRING: "0x08fb74f1" OPENBSD-PF-MIB::pfCntMatch.0 = Counter64: 228441 OPENBSD-PF-MIB::pfCntBadOffset.0 = Counter64: 0 OPENBSD-PF-MIB::pfCntFragment.0 = Counter64: 0 [...snip...] The MIBo description files are in /usr/share/snmp/mibs and can be copied to another system. > I agree snmp is a old > and unsecure protocol so any other solution will fit aswell. snmpd supports SNMPv3 which isn't so bad.
