dani
/
pfsense-zabbix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
249 Commits 1 Branch 0 Tags 363 KiB
PHP 100%
Go to file
Daniel Berteaud 918c58dfab Fix status logic for disabled services 2023-12-08 13:46:07 +01:00
zabbix4 Added Zabbix 4 Templates 2021-07-19 22:22:31 +02:00
zabbix5 Start working on pfSense Plus releases 2023-02-26 13:11:06 +01:00
zabbix6 Updated template files 2023-02-26 17:20:16 +01:00
.gitignore Start working on pfSense Plus releases 2023-02-26 13:11:06 +01:00
LICENSE Create LICENSE 2019-12-12 16:53:12 +01:00
README.md Update README 2023-12-08 13:34:00 +01:00
pfsense_zbx.php Fix status logic for disabled services 2023-12-08 13:46:07 +01:00
pfsense_zbx_rc.php Fix Speedtest variable initialization 2023-03-14 16:54:26 +01:00

README.md

pfSense Zabbix Template

This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data. This is forked from https://github.com/rbicelli/pfsense-zabbix-template for FWS needs

Tested with pfSense 2.5.x, Zabbix 4.0, Zabbix 5.0, Zabbix 6.0

What it does

Template pfSense Active

  • Network interface Discovery and Monitoring with User Assigned Names
  • Gateway Discovery and Monitoring (Gateway Status/RTT)
  • OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status)
  • OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status)
  • CARP Monitoring (Global CARP State)
  • Basic Service Discovery and Monitoring (Service Status)
  • pfSense Version/Update Available
  • Packages Update Available

Template pfSense Active: OpenVPN Server User Auth

  • Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode
  • Monitoring of Client Parameters (Bytes sent/received, Connection Time...)

Template pfSense Active: IPsec

  • Discovery of IPsec Site-to-Site tunnels
  • Monitoring tunnel status (Phase 1 and Phase 2)

Template pfSense Active: Speedtest

  • Discovery of WAN Interfaces
  • Perform speed tests and collect metrics

Configuration

First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts).

From Diagnostics/Command Prompt input this one-liner:

mkdir /root/zabbix
curl --create-dirs -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php

Then, setup the system version cronjob with:

/usr/local/bin/php /root/scripts/pfsense_zbx.php sysversion_cron

Then install package "Zabbix Agent 5" (or "Zabbix Agent 6") on your pfSense Box

In Advanced Features-> User Parameters

UserParameter=pfsense.states.max,grep "limit states" /tmp/rules.limits | cut -f4 -d ' '
UserParameter=pfsense.states.current,grep "current entries" /tmp/pfctl_si_out | tr -s ' ' | cut -f4 -d ' '
UserParameter=pfsense.mbuf.current,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f1
UserParameter=pfsense.mbuf.cache,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f2
UserParameter=pfsense.mbuf.max,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f4
UserParameter=pfsense.discovery[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php discovery $1
UserParameter=pfsense.value[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php $1 $2 $3

You need to allow zabbix user to exec /usr/local/bin/sudo /usr/local/bin/php /root/zabbix* without password with sudo

Also increase the Timeout value at least to 5, otherwise some checks will fail.

Then import xml templates in Zabbix and add your pfSense hosts.

If you are running a redundant CARP setup you should adjust the macro {$EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.

Possible values are:

  • 0: Disabled
  • 1: Master
  • 2: Backup

This is useful when monitoring services which could stay stopped on CARP Backup Member.

Setup Speedtest

For running speedtests on WAN interfaces you have to install the speedtest package.

From Diagnostics/Command Prompt input this commands:

pkg update && pkg install -y py38-speedtest-cli

Speedtest python package could be broken at the moment, so you could need an extra step, only if manually executing speedtest results in an error: download the latest version from package author's github repo.

curl -Lo /usr/local/lib/python3.8/site-packages/speedtest.py https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py

For testing if speedtest is installed properly you can try it:

/usr/local/bin/speedtest

Then, setup the cronjob with:

/url/local/bin/php /root/scripts/pfsense_zbx.php speedtest_cron

Remember that you will need to install the package on every pfSense upgrade.

Speedtest template creates a cron job and check for entry everytime Zabbix requests its items. If you want to uninstall the cron jobs simply run, from Diagnostics/Command Prompt:

/url/local/bin/php /root/scripts/pfsense_zbx.php cron_cleanup

NOTE: When used in multiple gateways scenario, speedtest results are OK only with default gateway. This is a known behavior that must be fixed upstream.

Credits

Keenton Zabbix Template for Zabbix Agent freeBSD part.