dani
/
pfsense-zabbix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

This commit is contained in:
Daniel Berteaud 2023-12-08 11:30:27 +01:00
parent 89fb337ff0 8c37f43c98
commit 2e5c4f8bd2
16 changed files with 7705 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.backup
*.orig

66
README.md
View File

@ -4,14 +4,14 @@ This is a pfSense active template for Zabbix, based on Standard Agent and a php
This is forked from https://github.com/rbicelli/pfsense-zabbix-template for FWS needs
Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0
Tested with pfSense 2.5.x, Zabbix 4.0, Zabbix 5.0, Zabbix 6.0
## What it does
**Template pfSense Active**
- Network interface Discovery and Monitoring with User Assigned Names
- Gateway Discovery and Monitoring (Gateway Status/RTT)
- Gateway Discovery and Monitoring (Gateway Status/RTT)
- OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status)
- OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status)
- CARP Monitoring (Global CARP State)
@ -28,21 +28,35 @@ Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0
- Discovery of IPsec Site-to-Site tunnels
- Monitoring tunnel status (Phase 1 and Phase 2)
**Template pfSense Active: Speedtest**
- Discovery of WAN Interfaces
- Perform speed tests and collect metrics
## Configuration
First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts).
For example, from pfSense shell:
From **Diagnostics/Command Prompt** input this one-liner:
```bash
<<<<<<< HEAD
mkdir /root/zabbix
curl -o /root/zabbix/pfsense_zbx.php https://git.fws.fr/fws/pfsense-zabbix/raw/branch/master/pfsense_zbx.php
=======
curl --create-dirs -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php
>>>>>>> upstream/master
```
Then install package "Zabbix Agent 4" on your pfSense Box
Then, setup the system version cronjob with:
```bash
/usr/local/bin/php /root/scripts/pfsense_zbx.php sysversion_cron
```
Then install package "Zabbix Agent 5" (or "Zabbix Agent 6") on your pfSense Box
In Advanced Features-> User Parameters
@ -56,7 +70,11 @@ UserParameter=pfsense.discovery[*],/usr/local/bin/sudo /usr/local/bin/php /root/
UserParameter=pfsense.value[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php $1 $2 $3
```
<<<<<<< HEAD
_You need to allow zabbix user to exec /usr/local/bin/sudo /usr/local/bin/php /root/zabbix* without password with sudo_
=======
_Please note that **AllowRoot=1** option is required in order to correctly execute OpenVPN checks and others._
>>>>>>> upstream/master
Also increase the **Timeout** value at least to **5**, otherwise some checks will fail.
@ -72,6 +90,46 @@ Possible values are:
This is useful when monitoring services which could stay stopped on CARP Backup Member.
## Setup Speedtest
For running speedtests on WAN interfaces you have to install the speedtest package.
From **Diagnostics/Command Prompt** input this commands:
```bash
pkg update && pkg install -y py38-speedtest-cli
```
Speedtest python package could be broken at the moment, so you could need an extra step, *only if manually executing speedtest results in an error*: download the latest version from package author's github repo.
```bash
curl -Lo /usr/local/lib/python3.8/site-packages/speedtest.py https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
```
For testing if speedtest is installed properly you can try it:
```bash
/usr/local/bin/speedtest
```
Then, setup the cronjob with:
```bash
/url/local/bin/php /root/scripts/pfsense_zbx.php speedtest_cron
```
Remember that you will need to install the package on *every* pfSense upgrade.
Speedtest template creates a cron job and check for entry everytime Zabbix requests its items. If you want to uninstall the cron jobs simply run, from **Diagnostics/Command Prompt**:
```bash
/url/local/bin/php /root/scripts/pfsense_zbx.php cron_cleanup
```
**NOTE**: When used in multiple gateways scenario, speedtest results are OK only with default gateway. This is a known behavior that must be fixed upstream.
## Credits
[Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part.

662
pfsense_zbx.php
View File

@ -1,12 +1,18 @@
<?php
/***
pfsense_zbx.php - pfSense Zabbix Interface
Version 1.0.2 - 2021-01-18
Version 1.1.1 - 2021-10-24
Written by Riccardo Bicelli <r.bicelli@gmail.com>
This program is licensed under Apache 2.0 License
*/
//Some Useful defines
define('SPEEDTEST_INTERVAL', 8); //Speedtest Interval (in hours)
define('CRON_TIME_LIMIT', 300); // Time limit in seconds of speedtest and sysinfo
define('DEFAULT_TIME_LIMIT', 30); // Time limit in seconds otherwise
require_once('globals.inc');
require_once('functions.inc');
require_once('config.inc');
@ -26,7 +32,6 @@ require_once('pkg-utils.inc');
//For DHCP
//Testing function, for template creating purpose
function pfz_test(){
$line = "-------------------\n";
@ -90,40 +95,139 @@ function pfz_test(){
// Interface Discovery
// Improved performance
function pfz_interface_discovery() {
function pfz_interface_discovery($is_wan=false,$is_cron=false) {
$ifdescrs = get_configured_interface_with_descr(true);
$ifaces = get_interface_arr();
$ifcs=array();
$json_string = '[';
$if_ret=array();
$json_string = '{"data":[';
foreach ($ifdescrs as $ifname => $ifdescr){
$ifinfo = get_interface_info($ifname);
$ifinfo["description"] = $ifdescr;
$ifcs[$ifname] = $ifinfo;
}
$ifcs[$ifname] = $ifinfo;
}
foreach ($ifaces as $hwif) {
$json_string .= '{"{#IFNAME}":"' . $hwif . '"';
$ifdescr = $hwif;
$has_gw = false;
$is_vpn = false;
$has_public_ip = false;
foreach($ifcs as $ifc=>$ifinfo){
if ($ifinfo["hwif"] == $hwif){
$ifdescr = $ifinfo["description"];
if (array_key_exists("gateway",$ifinfo)) $has_gw=true;
// Issue #81 - https://stackoverflow.com/a/13818647/15093007
if (filter_var($ifinfo["ipaddr"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) $has_public_ip=true;
if (strpos($ifinfo["if"],"ovpn")!==false) $is_vpn=true;
break;
}
}
$json_string .= ',"{#IFDESCR}":"' . $ifdescr . '"';
$json_string .= '},';
if ( ($is_wan==false) || (($is_wan==true) && (($has_gw==true) || ($has_public_ip==true)) && ($is_vpn==false)) ) {
$if_ret[]=$hwif;
$json_string .= '{"{#IFNAME}":"' . $hwif . '"';
$json_string .= ',"{#IFDESCR}":"' . $ifdescr . '"';
$json_string .= '},';
}
}
$json_string = rtrim($json_string,",");
$json_string .= "]";
if ($is_cron) return $if_ret;
echo $json_string;
}
//Interface Speedtest
function pfz_interface_speedtest_value($ifname, $value){
$tvalue = explode(".", $value);
if (count($tvalue)>1) {
$value = $tvalue[0];
$subvalue = $tvalue[1];
}
//If the interface has a gateway is considered WAN, so let's do the speedtest
$filename = "/tmp/speedtest-$ifname";
if (file_exists($filename)) {
$speedtest_data = json_decode(file_get_contents($filename), true) ?? [];
if (array_key_exists($value, $speedtest_data)) {
if ($subvalue == false)
echo $speedtest_data[$value];
else
echo $speedtest_data[$value][$subvalue];
}
}
}
// This is supposed to run via cron job
function pfz_speedtest_cron(){
require_once("services.inc");
$ifdescrs = get_configured_interface_with_descr(true);
$ifaces = get_interface_arr();
$pf_interface_name='';
$subvalue=false;
$ifcs = pfz_interface_discovery(true, true);
foreach ($ifcs as $ifname) {
foreach ($ifdescrs as $ifn => $ifd){
$ifinfo = get_interface_info($ifn);
if($ifinfo['hwif']==$ifname) {
$pf_interface_name = $ifn;
break;
}
}
pfz_speedtest_exec($ifname, $ifinfo['ipaddr']);
}
}
//installs a cron job for speedtests
function pfz_speedtest_cron_install($enable=true){
//Install Cron Job
$command = "/usr/local/bin/php " . __FILE__ . " speedtest_cron";
install_cron_job($command, $enable, $minute = "*/15", "*", "*", "*", "*", "root", true);
}
// 2023-02-26:
// Fixed issue #127
function pfz_speedtest_exec ($ifname, $ipaddr){
$filename = "/tmp/speedtest-$ifname";
$filetemp = "$filename.tmp";
$filerun = "/tmp/speedtest-run";
// Issue #82
// Sleep random delay in order to avoid problem when 2 pfSense on the same Internet line
sleep (rand ( 1, 90));
if ( (time()-filemtime($filename) > SPEEDTEST_INTERVAL * 3600) || (file_exists($filename)==false) ) {
// file is older than SPEEDTEST_INTERVAL
if ( (time()-filemtime($filerun) > 180 ) ) @unlink($filerun);
if (file_exists($filerun)==false) {
touch($filerun);
$st_command = "/usr/local/bin/speedtest --secure --source $ipaddr --json > $filetemp";
exec ($st_command);
rename($filetemp,$filename);
@unlink($filerun);
}
}
return true;
}
// OpenVPN Server Discovery
function pfz_openvpn_get_all_servers(){
$servers = openvpn_get_active_servers();
@ -161,7 +265,7 @@ function pfz_openvpn_servervalue($server_id,$valuekey){
$value = $server[$valuekey];
if ($valuekey=="status") {
if ( ($server['mode']=="server_user") || ($server['mode']=="server_tls_user") || ($server['mode']=="server_tls") ){
if ($value=="") $value="server_user_listening";
if ($value=="") $value="server_user_listening";
} else if ($server['mode']=="p2p_tls"){
// For p2p_tls, ensure we have one client, and return up if it's the case
if ($value=="")
@ -202,16 +306,19 @@ function pfz_openvpn_server_userdiscovery(){
$json_string = '[';
foreach ($servers as $server){
if ( ($server['mode']=='server_user') || ($server['mode']=='server_tls_user') ) {
if (is_array($server['conns'])) {
if ( ($server['mode']=='server_user') || ($server['mode']=='server_tls_user') || ($server['mode']=='server_tls') ) {
if (is_array($server['conns'])) {
$name = trim(preg_replace('/\w{3}(\d)?\:\d{4,5}/i', '', $server['name']));
foreach($server['conns'] as $conn) {
$json_string .= '{"{#SERVERID}":"' . $server['vpnid'] . '"';
$json_string .= ',"{#SERVERNAME}":"' . $name . '"';
$json_string .= ',"{#UNIQUEID}":"' . $server['vpnid'] . '+' . $conn['common_name'] . '"';
$json_string .= ',"{#USERID}":"' . $conn['common_name'] . '"';
$json_string .= '},';
$common_name = pfz_replacespecialchars($conn['common_name']);
$json_string .= '{"{#SERVERID}":"' . $server['vpnid'] . '"';
$json_string .= ',"{#SERVERNAME}":"' . $name . '"';
$json_string .= ',"{#UNIQUEID}":"' . $server['vpnid'] . '+' . $common_name . '"';
$json_string .= ',"{#USERID}":"' . $conn['common_name'] . '"';
$json_string .= '},';
}
}
}
@ -226,6 +333,7 @@ function pfz_openvpn_server_userdiscovery(){
// Get OpenVPN User Connected Value
function pfz_openvpn_server_uservalue($unique_id, $valuekey, $default=""){
$unique_id = pfz_replacespecialchars($unique_id,true);
$atpos=strpos($unique_id,'+');
$server_id = substr($unique_id,0,$atpos);
$user_id = substr($unique_id,$atpos+1);
@ -262,6 +370,20 @@ function pfz_openvpn_clientdiscovery() {
echo $json_string;
}
function pfz_replacespecialchars($inputstr,$reverse=false){
$specialchars = ",',\",`,*,?,[,],{,},~,$,!,&,;,(,),<,>,|,#,@,0x0a";
$specialchars = explode(",",$specialchars);
$resultstr = $inputstr;
for ($n=0;$n<count($specialchars);$n++){
if ($reverse==false)
$resultstr = str_replace($specialchars[$n],'%%' . $n . '%',$resultstr);
else
$resultstr = str_replace('%%' . $n . '%',$specialchars[$n],$resultstr);
}
return ($resultstr);
}
function pfz_openvpn_clientvalue($client_id, $valuekey, $default="none"){
$clients = openvpn_get_active_clients();
@ -327,8 +449,8 @@ function pfz_service_value($name,$value){
//List of service which are stopped on CARP Slave.
//For now this is the best way i found for filtering out the triggers
//Waiting for a way in Zabbix to use Global Regexp in triggers with items discovery
$stopped_on_carp_slave = array("haproxy","openvpn.","openvpn");
$stopped_on_carp_slave = array("haproxy","radvd","openvpn.","openvpn","avahi");
foreach ($services as $service){
$namecfr = $service["name"];
$carpcfr = $service["name"];
@ -352,31 +474,33 @@ function pfz_service_value($name,$value){
$status = get_service_status($service);
if ($status=="") $status = 0;
echo $status;
break;
return;
case "name":
echo $namecfr;
break;
return;
case "enabled":
if (is_service_enabled($service['name']))
echo 1;
else
echo 0;
break;
return;
case "run_on_carp_slave":
if (in_array($carpcfr,$stopped_on_carp_slave))
echo 0;
else
echo 1;
break;
default:
return;
default:
echo $service[$value];
break;
return;
}
}
}
echo 0;
}
@ -411,9 +535,14 @@ function pfz_gw_value($gw, $valuekey) {
$gws = return_gateways_status(true);
if(array_key_exists($gw,$gws)) {
$value = $gws[$gw][$valuekey];
if ($valuekey=="status")
if ($valuekey=="status") {
//Issue #70: Gateway Forced Down
if ($gws[$gw]["substatus"]<>"none")
$value = $gws[$gw]["substatus"];
$value = pfz_valuemap("gateway.status", $value);
echo $value;
}
echo $value;
}
}
@ -441,8 +570,7 @@ function pfz_ipsec_discovery_ph1(){
}
function pfz_ipsec_ph1($ikeid,$valuekey){
function pfz_ipsec_ph1($ikeid,$valuekey){
// Get Value from IPsec Phase 1 Configuration
// If Getting "disabled" value only check item presence in config array
@ -538,28 +666,45 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){
require_once("ipsec.inc");
global $config;
init_config_arr(array('ipsec', 'phase1'));
$a_phase1 = &$config['ipsec']['phase1'];
$conmap = array();
foreach ($a_phase1 as $ph1ent) {
if (function_exists('get_ipsecifnum')) {
if (get_ipsecifnum($ph1ent['ikeid'], 0)) {
$cname = "con" . get_ipsecifnum($ph1ent['ikeid'], 0);
} else {
$cname = "con{$ph1ent['ikeid']}00000";
}
} else{
$cname = ipsec_conid($ph1ent);
}
$conmap[$cname] = $ph1ent['ikeid'];
}
$status = ipsec_list_sa();
$ipsecconnected = array();
$carp_status = pfz_carp_status(false);
//Phase-Status match borrowed from status_ipsec.php
if (is_array($status)) {
//Phase-Status match borrowed from status_ipsec.php
if (is_array($status)) {
foreach ($status as $l_ikeid=>$ikesa) {
if(isset($ikesa['con-id'])){
if (isset($ikesa['con-id'])) {
$con_id = substr($ikesa['con-id'], 3);
}else{
$con_id = filter_var($l_ikeid, FILTER_SANITIZE_NUMBER_INT);
} else {
$con_id = filter_var($ikeid, FILTER_SANITIZE_NUMBER_INT);
}
$con_name = "con" . $con_id;
if ($ikesa['version'] == 1) {
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
$ph1idx = $conmap[$con_name];
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
if (!ipsec_ikeid_used($con_id)) {
// probably a v2 with split connection then
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
$ph1idx = $conmap[$con_name];
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
$ipsecconnected[$con_id] = $ph1idx = $con_id;
@ -570,7 +715,7 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){
// Asking for Phase2 Status Value
foreach ($ikesa['child-sas'] as $childsas) {
if ($childsas['reqid']==$reqid) {
if ($childsas['state'] == 'REKEYED') {
if (strtolower($childsas['state']) == 'rekeyed') {
//if state is rekeyed go on
$tmp_value = $childsas[$valuekey];
} else {
@ -587,20 +732,56 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){
}
}
}
switch($valuekey) {
case 'state':
$value = pfz_valuemap('ipsec.state', strtolower($tmp_value));
if ($carp_status != 0)
$value = $value + (10 * ($carp_status-1));
if ($carp_status!=0) $value = $value + (10 * ($carp_status-1));
break;
default:
$value = $tmp_value;
break;
}
// print_r($ikesa);
return $value;
}
// Temperature sensors Discovery
function pfz_temperature_sensors_discovery(){
$json_string = '{"data":[';
$sensors = [];
exec("sysctl -a | grep temperature | cut -d ':' -f 1", $sensors, $code);
if ($code != 0) {
echo "";
return;
} else {
foreach ($sensors as $sensor) {
$json_string .= '{"{#SENSORID}":"' . $sensor . '"';
$json_string .= '},';
}
}
$json_string = rtrim($json_string,",");
$json_string .= "]}";
echo $json_string;
}
// Temperature sensor get value
function pfz_get_temperature($sensorid){
exec("sysctl '$sensorid' | cut -d ':' -f 2", $value, $code);
if ($code != 0 or count($value)!=1) {
echo "";
return;
} else {
echo trim($value[0]);
}
}
function pfz_carp_status($echo = true){
@ -652,6 +833,182 @@ function pfz_carp_status($echo = true){
}
// DHCP Checks (copy of status_dhcp_leases.php, waiting for pfsense 2.5)
function pfz_remove_duplicate($array, $field) {
foreach ($array as $sub) {
$cmp[] = $sub[$field];
}
$unique = array_unique(array_reverse($cmp, true));
foreach ($unique as $k => $rien) {
$new[] = $array[$k];
}
return $new;
}
// Get DHCP Arrays (copied from status_dhcp_leases.php, waiting for pfsense 2.5, in order to use system_get_dhcpleases();)
function pfz_dhcp_get($valuekey) {
require_once("config.inc");
$leasesfile = "{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases";
$awk = "/usr/bin/awk";
/* this pattern sticks comments into a single array item */
$cleanpattern = "'{ gsub(\"#.*\", \"\");} { gsub(\";\", \"\"); print;}'";
/* We then split the leases file by } */
$splitpattern = "'BEGIN { RS=\"}\";} {for (i=1; i<=NF; i++) printf \"%s \", \$i; printf \"}\\n\";}'";
/* stuff the leases file in a proper format into a array by line */
@exec("/bin/cat {$leasesfile} 2>/dev/null| {$awk} {$cleanpattern} | {$awk} {$splitpattern}", $leases_content);
$leases_count = count($leases_content);
@exec("/usr/sbin/arp -an", $rawdata);
$leases = [];
$pools = [];
$i = 0;
$l = 0;
$p = 0;
foreach ($leases_content as $lease) {
/* split the line by space */
$data = explode(" ", $lease);
/* walk the fields */
$f = 0;
$fcount = count($data);
/* with less than 20 fields there is nothing useful */
if ($fcount < 20) {
$i++;
continue;
}
while ($f < $fcount) {
switch ($data[$f]) {
case "failover":
$pools[$p]['name'] = trim($data[$f+2], '"');
$pools[$p]['name'] = "{$pools[$p]['name']} (" . convert_friendly_interface_to_friendly_descr(substr($pools[$p]['name'], 5)) . ")";
$pools[$p]['mystate'] = $data[$f+7];
$pools[$p]['peerstate'] = $data[$f+14];
$pools[$p]['mydate'] = $data[$f+10];
$pools[$p]['mydate'] .= " " . $data[$f+11];
$pools[$p]['peerdate'] = $data[$f+17];
$pools[$p]['peerdate'] .= " " . $data[$f+18];
$p++;
$i++;
continue 3;
case "lease":
$leases[$l]['ip'] = $data[$f+1];
$leases[$l]['type'] = $dynamic_string;
$f = $f+2;
break;
case "starts":
$leases[$l]['start'] = $data[$f+2];
$leases[$l]['start'] .= " " . $data[$f+3];
$f = $f+3;
break;
case "ends":
if ($data[$f+1] == "never") {
// Quote from dhcpd.leases(5) man page:
// If a lease will never expire, date is never instead of an actual date.
$leases[$l]['end'] = gettext("Never");
$f = $f+1;
} else {
$leases[$l]['end'] = $data[$f+2];
$leases[$l]['end'] .= " " . $data[$f+3];
$f = $f+3;
}
break;
case "tstp":
$f = $f+3;
break;
case "tsfp":
$f = $f+3;
break;
case "atsfp":
$f = $f+3;
break;
case "cltt":
$f = $f+3;
break;
case "binding":
switch ($data[$f+2]) {
case "active":
$leases[$l]['act'] = $active_string;
break;
case "free":
$leases[$l]['act'] = $expired_string;
$leases[$l]['online'] = $offline_string;
break;
case "backup":
$leases[$l]['act'] = $reserved_string;
$leases[$l]['online'] = $offline_string;
break;
}
$f = $f+1;
break;
case "next":
/* skip the next binding statement */
$f = $f+3;
break;
case "rewind":
/* skip the rewind binding statement */
$f = $f+3;
break;
case "hardware":
$leases[$l]['mac'] = $data[$f+2];
/* check if it's online and the lease is active */
if (in_array($leases[$l]['ip'], $arpdata_ip)) {
$leases[$l]['online'] = $online_string;
} else {
$leases[$l]['online'] = $offline_string;
}
$f = $f+2;
break;
case "client-hostname":
if ($data[$f+1] <> "") {
$leases[$l]['hostname'] = preg_replace('/"/', '', $data[$f+1]);
} else {
$hostname = gethostbyaddr($leases[$l]['ip']);
if ($hostname <> "") {
$leases[$l]['hostname'] = $hostname;
}
}
$f = $f+1;
break;
case "uid":
$f = $f+1;
break;
}
$f++;
}
$l++;
$i++;
/* slowly chisel away at the source array */
array_shift($leases_content);
}
/* remove duplicate items by mac address */
if (count($leases) > 0) {
$leases = pfz_remove_duplicate($leases, "ip");
}
if (count($pools) > 0) {
$pools = pfz_remove_duplicate($pools, "name");
asort($pools);
}
switch ($valuekey){
case "pools":
return $pools;
break;
case "failover":
return $failover;
break;
case "leases":
default:
return $leases;
}
}
function pfz_dhcpfailover_discovery(){
//System functions regarding DHCP Leases will be available in the upcoming release of pfSense, so let's wait
require_once("system.inc");
@ -671,6 +1028,29 @@ function pfz_dhcpfailover_discovery(){
echo $json_string;
}
function pfz_dhcp_check_failover(){
// Check DHCP Failover Status
// Returns number of failover pools which state is not normal or
// different than peer state
$failover = pfz_dhcp_get("failover");
$ret = 0;
foreach ($failover as $f){
if ( ($f["mystate"]!="normal") || ($f["mystate"]!=$f["peerstate"])) {
$ret++;
}
}
return $ret;
}
function pfz_dhcp($section, $valuekey=""){
switch ($section){
case "failover":
echo pfz_dhcp_check_failover();
break;
default:
}
}
//Packages
function pfz_packages_uptodate(){
require_once("pkg-utils.inc");
@ -687,40 +1067,152 @@ function pfz_packages_uptodate(){
return $ret;
}
function pfz_sysversion_cron_install($enable=true){
//Install Cron Job
$command = "/usr/local/bin/php " . __FILE__ . " systemcheck_cron";
install_cron_job($command, $enable, $minute = "0", "9,21", "*", "*", "*", "root", true);
}
// System information takes a long time to get on slower systems.
// So it is saved via a cronjob.
function pfz_sysversion_cron (){
$filename = "/tmp/sysversion.json";
$upToDate = pfz_packages_uptodate();
$sysVersion = get_system_pkg_version();
$sysVersion["packages_update"] = $upToDate;
$sysVersionJson = json_encode($sysVersion);
if (file_exists($filename)) {
if ((time()-filemtime($filename) > CRON_TIME_LIMIT ) ) {
@unlink($filename);
}
}
if (file_exists($filename)==false) {
touch($filename);
file_put_contents($filename, $sysVersionJson);
}
return true;
}
//System Information
function pfz_get_system_value($section){
$filename = "/tmp/sysversion.json";
if(file_exists($filename)) {
$sysVersion = json_decode(file_get_contents($filename), true);
} else {
if($section == "new_version_available") {
echo "0";
} else {
echo "error: cronjob not installed. Run \"php pfsense_zbx.php sysversion_cron\"";
}
}
switch ($section){
case "version":
echo( get_system_pkg_version()['version']);
echo( $sysVersion['version']);
break;
case "installed_version":
echo( get_system_pkg_version()['installed_version']);
echo($sysVersion['installed_version']);
break;
case "new_version_available":
$pkgver = get_system_pkg_version();
if ($pkgver['version']==$pkgver['installed_version'])
if ($sysVersion['version']==$sysVersion['installed_version'])
echo "0";
else
echo "1";
break;
case "packages_update":
echo pfz_packages_uptodate();
echo $sysVersion["packages_update"];
break;
}
}
//S.M.A.R.T Status
// Taken from /usr/local/www/widgets/widgets/smart_status.widget.php
function pfz_get_smart_status(){
$devs = get_smart_drive_list();
$status = 0;
foreach ($devs as $dev) { ## for each found drive do
$smartdrive_is_displayed = true;
$dev_ident = exec("diskinfo -v /dev/$dev | grep ident | awk '{print $1}'"); ## get identifier from drive
$dev_state = trim(exec("smartctl -H /dev/$dev | awk -F: '/^SMART overall-health self-assessment test result/ {print $2;exit}
/^SMART Health Status/ {print $2;exit}'")); ## get SMART state from drive
switch ($dev_state) {
case "PASSED":
case "OK":
//OK
$status=0;
break;
case "":
//Unknown
$status=2;
return $status;
break;
default:
//Error
$status=1;
return $status;
break;
}
}
echo $status;
}
// Certificats validity date
function pfz_get_cert_date($valuekey){
global $config;
// Contains a list of refs that were revoked and should not be considered
$revoked_cert_refs = [];
foreach ($config["crl"] as $crl) {
foreach ($crl["cert"] as $revoked_cert) {
$revoked_cert_refs[] = $revoked_cert["refid"];
}
}
$value = 0;
foreach (array("cert", "ca") as $cert_type) {
switch ($valuekey){
case "validFrom.max":
foreach ($config[$cert_type] as $cert) {
if ( ! in_array($cert['refid'], $revoked_cert_refs) ) {
$certinfo = openssl_x509_parse(base64_decode($cert["crt"]));
if ($value == 0 or $value < $certinfo['validFrom_time_t']) $value = $certinfo['validFrom_time_t'];
}
}
break;
case "validTo.min":
foreach ($config[$cert_type] as $cert) {
if ( ! in_array($cert['refid'], $revoked_cert_refs) ) {
$certinfo = openssl_x509_parse(base64_decode($cert["crt"]));
if ($value == 0 or $value > $certinfo['validTo_time_t']) $value = $certinfo['validTo_time_t'];
}
}
break;
}
}
echo $value;
}
// File is present
function pfz_file_exists($filename) {
if (file_exists($filename))
echo "1";
else
echo "0";
}
// Value mappings
// Each value map is represented by an associative array
function pfz_valuemap($valuename, $value, $default="0"){
switch ($valuename){
switch ($valuename){
case "openvpn.server.status":
$valuemap = array(
"down" => "0",
"up" => "1",
"connected (success)" => "1",
"none" => "2",
"reconnecting; ping-restart" => "3",
"waiting" => "4",
@ -730,6 +1222,7 @@ function pfz_valuemap($valuename, $value, $default="0"){
case "openvpn.client.status":
$valuemap = array(
"up" => "1",
"connected (success)" => "1",
"down" => "0",
"none" => "0",
"reconnecting; ping-restart" => "2");
@ -746,6 +1239,7 @@ function pfz_valuemap($valuename, $value, $default="0"){
case "gateway.status":
$valuemap = array(
"online" => "0",
"none" => "0",
"loss" => "1",
"highdelay" => "2",
@ -797,9 +1291,11 @@ function pfz_valuemap($valuename, $value, $default="0"){
}
if (array_key_exists($value, $valuemap))
return $valuemap[$value];
if (is_array($valuemap)) {
$value = strtolower($value);
if (array_key_exists($value, $valuemap))
return $valuemap[$value];
}
return $default;
}
@ -809,6 +1305,9 @@ function pfz_discovery($section){
case "gw":
pfz_gw_discovery();
break;
case "wan":
pfz_interface_discovery(true);
break;
case "openvpn_server":
pfz_openvpn_serverdiscovery();
break;
@ -833,11 +1332,23 @@ function pfz_discovery($section){
case "dhcpfailover":
pfz_dhcpfailover_discovery();
break;
}
case "temperature_sensors":
pfz_temperature_sensors_discovery();
break;
}
}
//Main Code
switch (strtolower($argv[1])){
$mainArgument = strtolower($argv[1]);
if(substr($mainArgument, -4, 4) == "cron") {
// A longer time limit for cron tasks.
set_time_limit(CRON_TIME_LIMIT);
} else {
// Set a timeout to prevent a blocked call from stopping all future calls.
set_time_limit(DEFAULT_TIME_LIMIT);
}
switch ($mainArgument){
case "discovery":
pfz_discovery($argv[2]);
break;
@ -847,6 +1358,10 @@ switch (strtolower($argv[1])){
case "gw_status":
pfz_gw_rawstatus();
break;
case "if_speedtest_value":
pfz_speedtest_cron_install();
pfz_interface_speedtest_value($argv[2],$argv[3]);
break;
case "openvpn_servervalue":
pfz_openvpn_servervalue($argv[2],$argv[3]);
break;
@ -868,6 +1383,10 @@ switch (strtolower($argv[1])){
case "if_name":
pfz_get_if_name($argv[2]);
break;
case "sysversion_cron":
pfz_sysversion_cron_install();
pfz_sysversion_cron();
break;
case "system":
pfz_get_system_value($argv[2]);
break;
@ -877,6 +1396,29 @@ switch (strtolower($argv[1])){
case "ipsec_ph2":
pfz_ipsec_ph2($argv[2],$argv[3]);
break;
case "dhcp":
pfz_dhcp($argv[2],$argv[3]);
break;
case "file_exists":
pfz_file_exists($argv[2]);
break;
case "speedtest_cron":
pfz_speedtest_cron_install();
pfz_speedtest_cron();
break;
case "cron_cleanup":
pfz_speedtest_cron_install(false);
pfz_sysversion_cron_install(false);
break;
case "smart_status":
pfz_get_smart_status();
break;
case "cert_date":
pfz_get_cert_date($argv[2]);
break;
case "temperature":
pfz_get_temperature($argv[2]);
break;
default:
pfz_test();
}

1571
pfsense_zbx_rc.php Normal file
View File

File diff suppressed because it is too large Load Diff

112
template_pfsense_active.xml → zabbix4/template_pfsense_active.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>4.0</version>
<date>2021-01-18T15:00:52Z</date>
<date>2021-07-04T19:16:51Z</date>
<groups>
<group>
<name>Templates/Network Devices</name>
@ -21,9 +21,6 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
</group>
</groups>
<applications>
<application>
<name>CARP</name>
</application>
<application>
<name>CPU</name>
</application>
@ -33,6 +30,9 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<application>
<name>Gateways</name>
</application>
<application>
<name>HA</name>
</application>
<application>
<name>Memory</name>
</application>
@ -271,7 +271,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>CARP</name>
<name>HA</name>
</application>
</applications>
<valuemap>
@ -745,7 +745,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>CARP</name>
<name>HA</name>
</application>
</applications>
<valuemap>
@ -774,6 +774,65 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<verify_host>0</verify_host>
<master_item/>
</item>
<item>
<name>DHCP Failover Pool Problems</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[dhcp,failover]</key>
<delay>120s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>This value indicates, in a HA scenario, if DHCP failover pool partners are out of sync.</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>HA</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<master_item/>
</item>
<item>
<name>Gateway Status Raw</name>
<type>7</type>
@ -2466,7 +2525,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire en cours d'utilisation par les processus</description>
<description>Memory used by processes</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -2645,7 +2704,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire utilisée pour mettre des données en cache</description>
<description>amount of memory used to cache data</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -2704,7 +2763,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire complètement libre et prête a être utilisée directement.</description>
<description>amount of memory completely free and ready to be used directly.</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -2763,7 +2822,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire qui contient des données qui ne sont plus utilisées (peut être directement libéré si besoin)</description>
<description>amount of memory that contains data that is no longer used (can be directly freed if needed)</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -3065,7 +3124,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire utilisée par le kernel, ne peut être ni déchargée en swap, ni compressée.</description>
<description>amount of memory used by the kernel, can neither be unloaded in swap, nor compressed.</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -4420,14 +4479,21 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<filter>
<evaltype>0</evaltype>
<formula/>
<conditions/>
<conditions>
<condition>
<macro>{#SERVICE}</macro>
<value>@pfSense service names for discovery</value>
<operator>8</operator>
<formulaid>A</formulaid>
</condition>
</conditions>
</filter>
<lifetime>30d</lifetime>
<description/>
<item_prototypes>
<item_prototype>
<name>Service {#DESCRIPTION} enabled on CARP Slave</name>
<type>0</type>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[service_value,{#SERVICE},run_on_carp_slave]</key>
@ -4489,7 +4555,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
</item_prototype>
<item_prototype>
<name>Service {#DESCRIPTION} Status</name>
<type>0</type>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[service_value,{#SERVICE},status]</key>
@ -5254,6 +5320,22 @@ or&#13;
<dependencies/>
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:pfsense.value[carp_status].last()}&gt;2</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>DHCP Failover Problems on {HOST.NAME}</name>
<correlation_mode>0</correlation_mode>
<correlation_tag/>
<url>https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html</url>
<status>0</status>
<priority>4</priority>
<description>One or more DHCP Pools are experiencing failover problems. This could potentially cause other problems in yourr network.</description>
<type>0</type>
<manual_close>0</manual_close>
<dependencies/>
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:system.uname.diff(0)}&gt;0</expression>
<recovery_mode>0</recovery_mode>
@ -5392,7 +5474,7 @@ or&#13;
<url/>
<status>0</status>
<priority>1</priority>
<description>Notify of new version of packages are available</description>
<description>New version of packages are available</description>
<type>0</type>
<manual_close>0</manual_close>
<dependencies/>

205
template_pfsense_active_ipsec.xml → zabbix4/template_pfsense_active_ipsec.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>4.0</version>
<date>2021-01-18T15:02:45Z</date>
<date>2021-01-18T21:30:16Z</date>
<groups>
<group>
<name>Templates/Network Devices</name>
@ -504,188 +504,6 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<lifetime>30d</lifetime>
<description>Discovery of IPsec Phase 2</description>
<item_prototypes>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Byte Received</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph2,{#EXTID},status.bytes-in]</key>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units>b</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Tunnel Phase 2 Protocol</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Byte Sent</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph2,{#EXTID},status.bytes-out]</key>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units>b</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Tunnel Phase 2 Protocol</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Status</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph2,{#EXTID},status]</key>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Tunnel Phase 2 Protocol</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Phase 2 Status</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Enabled</name>
<type>7</type>
@ -1025,27 +843,6 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Phase 2 Status</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Down</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>Installed</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>Rekeyed</newvalue>
</mapping>
<mapping>
<value>10</value>
<newvalue>Down on CARP Secondary</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Protocol</name>
<mappings>

0
template_pfsense_active_ovpn_user.xml → zabbix4/template_pfsense_active_ovpn_user.xml
View File

332
zabbix4/template_pfsense_active_speedtest.xml Normal file
View File

@ -0,0 +1,332 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>4.0</version>
<date>2021-07-05T15:51:20Z</date>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<templates>
<template>
<template>pfSense Active Speedtest</template>
<name>pfSense Active: Speedtest</name>
<description>Extension for pfSense Active Template.&#13;
Executes Speedtests on WAN Interfaces.&#13;
&#13;
Requires pfsense_zbx.php installed to pfSense Box.&#13;
Version 1.0.5&#13;
&#13;
https://github.com/rbicelli/pfsense-zabbix-template</description>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<items/>
<discovery_rules>
<discovery_rule>
<name>WAN Interfaces</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[wan]</key>
<delay>300s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<filter>
<evaltype>0</evaltype>
<formula/>
<conditions/>
</filter>
<lifetime>30d</lifetime>
<description>Discover WAN Interfaces</description>
<item_prototypes>
<item_prototype>
<name>Speedtest Download on {#IFDESCR}</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[if_speedtest_value,{#IFNAME},download]</key>
<delay>3600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>0</value_type>
<allowed_hosts/>
<units>bps</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Download speed determined by Ookla Speedtest package</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>Speedtest Ping on {#IFDESCR}</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[if_speedtest_value,{#IFNAME},ping]</key>
<delay>3600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>0</value_type>
<allowed_hosts/>
<units>ms</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Ping determined by Ookla Speedtest package</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>Speedtest Upload on {#IFDESCR}</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[if_speedtest_value,{#IFNAME},upload]</key>
<delay>3600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>0</value_type>
<allowed_hosts/>
<units>bps</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Ping determined by Ookla Speedtest package</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
</item_prototypes>
<trigger_prototypes/>
<graph_prototypes>
<graph_prototype>
<name>Speedtest metrics on {#IFDESCR}</name>
<width>900</width>
<height>200</height>
<yaxismin>0.0000</yaxismin>
<yaxismax>100.0000</yaxismax>
<show_work_period>1</show_work_period>
<show_triggers>1</show_triggers>
<type>0</type>
<show_legend>1</show_legend>
<show_3d>0</show_3d>
<percent_left>0.0000</percent_left>
<percent_right>0.0000</percent_right>
<ymin_type_1>0</ymin_type_1>
<ymax_type_1>0</ymax_type_1>
<ymin_item_1>0</ymin_item_1>
<ymax_item_1>0</ymax_item_1>
<graph_items>
<graph_item>
<sortorder>0</sortorder>
<drawtype>0</drawtype>
<color>199C0D</color>
<yaxisside>0</yaxisside>
<calc_fnc>7</calc_fnc>
<type>0</type>
<item>
<host>pfSense Active Speedtest</host>
<key>pfsense.value[if_speedtest_value,{#IFNAME},download]</key>
</item>
</graph_item>
<graph_item>
<sortorder>1</sortorder>
<drawtype>0</drawtype>
<color>FFFF00</color>
<yaxisside>0</yaxisside>
<calc_fnc>7</calc_fnc>
<type>0</type>
<item>
<host>pfSense Active Speedtest</host>
<key>pfsense.value[if_speedtest_value,{#IFNAME},upload]</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<drawtype>0</drawtype>
<color>0040FF</color>
<yaxisside>0</yaxisside>
<calc_fnc>7</calc_fnc>
<type>0</type>
<item>
<host>pfSense Active Speedtest</host>
<key>pfsense.value[if_speedtest_value,{#IFNAME},ping]</key>
</item>
</graph_item>
</graph_items>
</graph_prototype>
</graph_prototypes>
<host_prototypes/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
</discovery_rule>
</discovery_rules>
<httptests/>
<macros/>
<templates/>
<screens/>
</template>
</templates>
</zabbix_export>

2150
zabbix5/template_pfsense_active.xml Normal file
View File

File diff suppressed because it is too large Load Diff

301
zabbix5/template_pfsense_active_ipsec.xml Normal file
View File

@ -0,0 +1,301 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>5.0</version>
<date>2021-07-12T10:36:28Z</date>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<templates>
<template>
<template>Template pfSense Active IPsec</template>
<name>pfSense Active: IPsec</name>
<description>Extension for pfSense Active Template.&#13;
Monitor IPsec VPN.&#13;
&#13;
Requires pfsense_zbx.php installed to pfSense Box.&#13;
Version 1.0.2&#13;
&#13;
https://github.com/rbicelli/pfsense-zabbix-template</description>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<discovery_rules>
<discovery_rule>
<name>IPsec Phase 1 Discovery</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.discovery[ipsec_ph1]</key>
<delay>1200s</delay>
<description>Discovery of IPsec Phase 1</description>
<item_prototypes>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Tunnel Enabled</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph1,{#IKEID},disabled]</key>
<delay>120s</delay>
<description>IPsec Phase 1 Tunnel Mode</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Enabled</name>
</valuemap>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} IKE Type</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph1,{#IKEID},iketype]</key>
<delay>600s</delay>
<description>IPsec Phase 1 IKE Type</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec IKE Type</name>
</valuemap>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Tunnel Mode</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph1,{#IKEID},mode]</key>
<delay>600s</delay>
<description>IPsec Phase 1 Tunnel Mode</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Tunnel Mode</name>
</valuemap>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Protocol</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph1,{#IKEID},protocol]</key>
<delay>600s</delay>
<description>IPsec Phase 1 Protocol</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Protocol</name>
</valuemap>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Remote Gateway</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph1,{#IKEID},remote-gateway]</key>
<delay>600s</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<description>IPsec Phase 1 Remote Gateway</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Phase 1 Status</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph1,{#IKEID},status]</key>
<delay>60s</delay>
<description>IPsec Phase 1 Tunnel Mode</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Phase 1 Status</name>
</valuemap>
</item_prototype>
</item_prototypes>
<trigger_prototypes>
<trigger_prototype>
<expression>{Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},disabled].last()}=0 and {Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},status].last()}&lt;&gt;1 and {Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},status].last()}&lt;10</expression>
<name>IPsec Tunnel {#IKEID} ({#NAME}) Not Connected</name>
<priority>HIGH</priority>
<description>IPsec Phase 1 is not connected.</description>
</trigger_prototype>
</trigger_prototypes>
</discovery_rule>
<discovery_rule>
<name>IPsec Phase 2 Discovery</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.discovery[ipsec_ph2]</key>
<delay>1200s</delay>
<description>Discovery of IPsec Phase 2</description>
<item_prototypes>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Enabled</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph2,{#UNIQID},disabled]</key>
<delay>120s</delay>
<description>IPsec Tunnel Phase 2 Protocol</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Enabled</name>
</valuemap>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Life Time</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph2,{#UNIQID},lifetime]</key>
<delay>600s</delay>
<units>s</units>
<description>IPsec Tunnel Phase 2 Life Time</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Mode</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph2,{#UNIQID},mode]</key>
<delay>600s</delay>
<description>IPsec Tunnel Phase 2 Mode</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Protocol</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[ipsec_ph2,{#UNIQID},protocol]</key>
<delay>600s</delay>
<description>IPsec Tunnel Phase 2 Protocol</description>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Phase 2 Protocol</name>
</valuemap>
</item_prototype>
</item_prototypes>
</discovery_rule>
</discovery_rules>
</template>
</templates>
<value_maps>
<value_map>
<name>pfSense IPsec Enabled</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Yes</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>No</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec IKE Type</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Auto</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>IKE v1</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>IKE v2</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Phase 1 Status</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Down</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>Established</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>Connecting</newvalue>
</mapping>
<mapping>
<value>10</value>
<newvalue>Down on CARP Secondary</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Phase 2 Protocol</name>
<mappings>
<mapping>
<value>1</value>
<newvalue>ESP</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>AH</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Protocol</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Dual Stack (IPv4 &amp; IPv6)</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>IPv4</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>IPv6</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Tunnel Mode</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Main</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>Aggressive</newvalue>
</mapping>
</mappings>
</value_map>
</value_maps>
</zabbix_export>

168
zabbix5/template_pfsense_active_ovpn_user.xml Normal file
View File

@ -0,0 +1,168 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>5.0</version>
<date>2021-07-12T10:37:03Z</date>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<templates>
<template>
<template>Template pfSense Active OpenVPN Server User Auth</template>
<name>pfSense Active: OpenVPN Server User Auth</name>
<description>Extension for pfSense Active Template.&#13;
Monitor client Connections of OpenVPN Server.&#13;
&#13;
Requires pfsense_zbx.php installed to pfSense Box.&#13;
Version 1.0.2&#13;
&#13;
https://github.com/rbicelli/pfsense-zabbix-template</description>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<discovery_rules>
<discovery_rule>
<name>OpenVPN User Auth Connected Clients Discovery</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.discovery[openvpn_server_user]</key>
<delay>60s</delay>
<description>Discovery of clients connected to OpenVPN Server in User Auth Mode</description>
<item_prototypes>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Received</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_recv]</key>
<delay>60s</delay>
<trends>0</trends>
<units>bytes</units>
<description>Client Bytes Received</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Sent</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_sent]</key>
<delay>60s</delay>
<trends>0</trends>
<units>bytes</units>
<description>Client Bytes Sent</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Connection Time</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},connect_time_unix]</key>
<delay>60s</delay>
<trends>0</trends>
<units>unixtime</units>
<description>Client Connect Time</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Remote Host</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},remote_host]</key>
<delay>60s</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<description>Remote Host</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: User Name</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},user_name]</key>
<delay>60s</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<description>Client User Name</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address (IPv6)</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr6]</key>
<delay>60s</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<description>IPv6 Address assigned from OpenVPN Server</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr]</key>
<delay>60s</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<description>IP Address assigned from OpenVPN Server</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Client ID</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},client_id]</key>
<delay>60s</delay>
<trends>0</trends>
<description>Client ID</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Peer ID</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},peer_id]</key>
<delay>60s</delay>
<trends>0</trends>
<description>Peer ID</description>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
</item_prototype>
</item_prototypes>
</discovery_rule>
</discovery_rules>
</template>
</templates>
</zabbix_export>

119
zabbix5/template_pfsense_active_speedtest.xml Normal file
View File

@ -0,0 +1,119 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>5.0</version>
<date>2021-07-12T10:37:45Z</date>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<templates>
<template>
<template>pfSense Active Speedtest</template>
<name>pfSense Active: Speedtest</name>
<description>Extension for pfSense Active Template.&#13;
Executes Speedtests on WAN Interfaces.&#13;
&#13;
Requires pfsense_zbx.php installed to pfSense Box.&#13;
Version 1.0.5&#13;
&#13;
https://github.com/rbicelli/pfsense-zabbix-template</description>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<discovery_rules>
<discovery_rule>
<name>WAN Interfaces</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.discovery[wan]</key>
<delay>6h</delay>
<description>Discover WAN Interfaces</description>
<item_prototypes>
<item_prototype>
<name>Speedtest Download on {#IFDESCR}</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[if_speedtest_value,{#IFNAME},download]</key>
<delay>30m</delay>
<value_type>FLOAT</value_type>
<units>bps</units>
<description>Download speed determined by Ookla Speedtest package</description>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>Speedtest Ping on {#IFDESCR}</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[if_speedtest_value,{#IFNAME},ping]</key>
<delay>30m</delay>
<value_type>FLOAT</value_type>
<units>ms</units>
<description>Ping determined by Ookla Speedtest package</description>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
</item_prototype>
<item_prototype>
<name>Speedtest Upload on {#IFDESCR}</name>
<type>ZABBIX_ACTIVE</type>
<key>pfsense.value[if_speedtest_value,{#IFNAME},upload]</key>
<delay>30m</delay>
<value_type>FLOAT</value_type>
<units>bps</units>
<description>Ping determined by Ookla Speedtest package</description>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
</item_prototype>
</item_prototypes>
<graph_prototypes>
<graph_prototype>
<name>Speedtest metrics on {#IFDESCR}</name>
<graph_items>
<graph_item>
<color>199C0D</color>
<calc_fnc>ALL</calc_fnc>
<item>
<host>pfSense Active Speedtest</host>
<key>pfsense.value[if_speedtest_value,{#IFNAME},download]</key>
</item>
</graph_item>
<graph_item>
<sortorder>1</sortorder>
<color>FFFF00</color>
<calc_fnc>ALL</calc_fnc>
<item>
<host>pfSense Active Speedtest</host>
<key>pfsense.value[if_speedtest_value,{#IFNAME},upload]</key>
</item>
</graph_item>
<graph_item>
<sortorder>2</sortorder>
<color>0040FF</color>
<calc_fnc>ALL</calc_fnc>
<item>
<host>pfSense Active Speedtest</host>
<key>pfsense.value[if_speedtest_value,{#IFNAME},ping]</key>
</item>
</graph_item>
</graph_items>
</graph_prototype>
</graph_prototypes>
</discovery_rule>
</discovery_rules>
</template>
</templates>
</zabbix_export>

1809
zabbix6/pfsense_active.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

247
zabbix6/pfsense_active_ipsec.yaml Normal file
View File

@ -0,0 +1,247 @@
zabbix_export:
version: '6.0'
date: '2023-02-26T13:19:29Z'
groups:
-
uuid: 4918b88734c54bd094cff7585b5d71fc
name: 'Templates/Network Devices'
templates:
-
uuid: 7b956a3e6aa1464781b38a854872a1c6
template: 'Template pfSense Active IPsec'
name: 'pfSense Active: IPsec'
description: |
Extension for pfSense Active Template.
Monitor IPsec VPN.
Requires pfsense_zbx.php installed to pfSense Box.
Version 1.0.2
https://github.com/rbicelli/pfsense-zabbix-template
groups:
-
name: 'Templates/Network Devices'
discovery_rules:
-
uuid: e7526169245d49a6aa6afbcacaa02b18
name: 'IPsec Phase 1 Discovery'
type: ZABBIX_ACTIVE
key: 'pfsense.discovery[ipsec_ph1]'
delay: 1200s
description: 'Discovery of IPsec Phase 1'
item_prototypes:
-
uuid: 04d6b1d0a32949bfa96cf503f60b6c53
name: 'IPsec Tunnel {#IKEID} {#NAME} Tunnel Enabled'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph1,{#IKEID},disabled]'
delay: 120s
description: 'IPsec Phase 1 Tunnel Mode'
valuemap:
name: 'pfSense IPsec Enabled'
tags:
-
tag: Application
value: IPsec
-
uuid: 810da7b475df4d738c702f373771092e
name: 'IPsec Tunnel {#IKEID} {#NAME} IKE Type'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph1,{#IKEID},iketype]'
delay: 600s
description: 'IPsec Phase 1 IKE Type'
valuemap:
name: 'pfSense IPsec IKE Type'
tags:
-
tag: Application
value: IPsec
-
uuid: 47b54bc4a08e464b839bcfd5106ec5a9
name: 'IPsec Tunnel {#IKEID} {#NAME} Tunnel Mode'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph1,{#IKEID},mode]'
delay: 600s
description: 'IPsec Phase 1 Tunnel Mode'
valuemap:
name: 'pfSense IPsec Tunnel Mode'
tags:
-
tag: Application
value: IPsec
-
uuid: a404f5d20988445d8777758b95b02076
name: 'IPsec Tunnel {#IKEID} {#NAME} Protocol'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph1,{#IKEID},protocol]'
delay: 600s
description: 'IPsec Phase 1 Protocol'
valuemap:
name: 'pfSense IPsec Protocol'
tags:
-
tag: Application
value: IPsec
-
uuid: ce0d2464361e41018fdd1831db1ec4b3
name: 'IPsec Tunnel {#IKEID} {#NAME} Remote Gateway'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph1,{#IKEID},remote-gateway]'
delay: 600s
trends: '0'
value_type: TEXT
description: 'IPsec Phase 1 Remote Gateway'
tags:
-
tag: Application
value: IPsec
-
uuid: 34d7e2395d8b43ec9c0267664be27881
name: 'IPsec Tunnel {#IKEID} {#NAME} Phase 1 Status'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph1,{#IKEID},status]'
delay: 60s
description: 'IPsec Phase 1 Tunnel Mode'
valuemap:
name: 'pfSense IPsec Phase 1 Status'
tags:
-
tag: Application
value: IPsec
trigger_prototypes:
-
uuid: d675635e19aa4cd7a7202e983cbe4ce6
expression: 'last(/Template pfSense Active IPsec/pfsense.value[ipsec_ph1,{#IKEID},disabled])=0 and last(/Template pfSense Active IPsec/pfsense.value[ipsec_ph1,{#IKEID},status])<>1 and last(/Template pfSense Active IPsec/pfsense.value[ipsec_ph1,{#IKEID},status])<10'
name: 'IPsec Tunnel {#IKEID} ({#NAME}) Not Connected'
priority: HIGH
description: 'IPsec Phase 1 is not connected.'
-
uuid: fa934077cae64a049e68e2130e5e1e84
name: 'IPsec Phase 2 Discovery'
type: ZABBIX_ACTIVE
key: 'pfsense.discovery[ipsec_ph2]'
delay: 1200s
description: 'Discovery of IPsec Phase 2'
item_prototypes:
-
uuid: 1857b124103c4f08b5ed962259fcbe06
name: 'IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Enabled'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph2,{#UNIQID},disabled]'
delay: 120s
description: 'IPsec Tunnel Phase 2 Protocol'
valuemap:
name: 'pfSense IPsec Enabled'
tags:
-
tag: Application
value: IPsec
-
uuid: 3ac7d6d1be034a3db8afad18791b43aa
name: 'IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Life Time'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph2,{#UNIQID},lifetime]'
delay: 600s
units: s
description: 'IPsec Tunnel Phase 2 Life Time'
tags:
-
tag: Application
value: IPsec
-
uuid: dfbae3fe2bcd45f3ac38c6ea0df5d250
name: 'IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Mode'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph2,{#UNIQID},mode]'
delay: 600s
description: 'IPsec Tunnel Phase 2 Mode'
tags:
-
tag: Application
value: IPsec
-
uuid: 794565a046ff447ca8ad3a7597ee52f5
name: 'IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Protocol'
type: ZABBIX_ACTIVE
key: 'pfsense.value[ipsec_ph2,{#UNIQID},protocol]'
delay: 600s
description: 'IPsec Tunnel Phase 2 Protocol'
valuemap:
name: 'pfSense IPsec Phase 2 Protocol'
tags:
-
tag: Application
value: IPsec
valuemaps:
-
uuid: fb66440f3f454b36ae5c5d7b015529a1
name: 'pfSense IPsec Enabled'
mappings:
-
value: '0'
newvalue: 'Yes'
-
value: '1'
newvalue: 'No'
-
uuid: 7077365285f14733a55edd9ade5fdfcb
name: 'pfSense IPsec IKE Type'
mappings:
-
value: '0'
newvalue: Auto
-
value: '1'
newvalue: 'IKE v1'
-
value: '2'
newvalue: 'IKE v2'
-
uuid: a7a80f8152804c6f882898ca7378c403
name: 'pfSense IPsec Phase 1 Status'
mappings:
-
value: '0'
newvalue: Down
-
value: '1'
newvalue: Established
-
value: '2'
newvalue: Connecting
-
value: '10'
newvalue: 'Down on CARP Secondary'
-
uuid: 55e4705203cf4b5996dcd6e10cd508b9
name: 'pfSense IPsec Phase 2 Protocol'
mappings:
-
value: '1'
newvalue: ESP
-
value: '2'
newvalue: AH
-
uuid: b72cdb06faec4f9492913ba820677370
name: 'pfSense IPsec Protocol'
mappings:
-
value: '0'
newvalue: 'Dual Stack (IPv4 & IPv6)'
-
value: '1'
newvalue: IPv4
-
value: '2'
newvalue: IPv6
-
uuid: 864f6d2be4c544cf8fe38b9a619363b5
name: 'pfSense IPsec Tunnel Mode'
mappings:
-
value: '0'
newvalue: Main
-
value: '1'
newvalue: Aggressive

147
zabbix6/pfsense_active_openvpn_userauth.yaml Normal file
View File

@ -0,0 +1,147 @@
zabbix_export:
version: '6.0'
date: '2023-02-26T13:19:53Z'
groups:
-
uuid: 4918b88734c54bd094cff7585b5d71fc
name: 'Templates/Network Devices'
templates:
-
uuid: 6a1ef5e767cc4aba85c0d1712972eeb2
template: 'Template pfSense Active OpenVPN Server User Auth'
name: 'pfSense Active: OpenVPN Server User Auth'
description: |
Extension for pfSense Active Template.
Monitor client Connections of OpenVPN Server.
Requires pfsense_zbx.php installed to pfSense Box.
Version 1.0.2
https://github.com/rbicelli/pfsense-zabbix-template
groups:
-
name: 'Templates/Network Devices'
discovery_rules:
-
uuid: bae30f6a683e407aa9eeafbf9edb9179
name: 'OpenVPN User Auth Connected Clients Discovery'
type: ZABBIX_ACTIVE
key: 'pfsense.discovery[openvpn_server_user]'
delay: 60s
description: 'Discovery of clients connected to OpenVPN Server in User Auth Mode'
item_prototypes:
-
uuid: 272166157ee4456b887e7df305167c2d
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Received'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_recv]'
delay: 60s
trends: '0'
units: bytes
description: 'Client Bytes Received'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'
-
uuid: 1acfb6c10d4d4a8d97281f37e757d3bf
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Sent'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_sent]'
delay: 60s
trends: '0'
units: bytes
description: 'Client Bytes Sent'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'
-
uuid: 5f779a0e03b84be19030766d6fcffd92
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: Connection Time'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue,{#UNIQUEID},connect_time_unix]'
delay: 60s
trends: '0'
units: unixtime
description: 'Client Connect Time'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'
-
uuid: 40b0a64862a44a99a33581b916ad6467
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: Remote Host'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue,{#UNIQUEID},remote_host]'
delay: 60s
trends: '0'
value_type: TEXT
description: 'Remote Host'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'
-
uuid: 8e1b6f2d8397483d8a2768babd93a1a7
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: User Name'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue,{#UNIQUEID},user_name]'
delay: 60s
trends: '0'
value_type: TEXT
description: 'Client User Name'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'
-
uuid: 0329f5bf3fb94bdaa30c0e412bc337f8
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address (IPv6)'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr6]'
delay: 60s
trends: '0'
value_type: TEXT
description: 'IPv6 Address assigned from OpenVPN Server'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'
-
uuid: 1c21ccdd3bf14aa3b8b65986b5317f6a
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr]'
delay: 60s
trends: '0'
value_type: TEXT
description: 'IP Address assigned from OpenVPN Server'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'
-
uuid: 15192106b2164e0e9df447ba330007db
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: Client ID'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},client_id]'
delay: 60s
trends: '0'
description: 'Client ID'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'
-
uuid: de719e75d02440fe96c987bd5ddcb367
name: 'OpenVPN Server {#SERVERNAME}, Client {#USERID}: Peer ID'
type: ZABBIX_ACTIVE
key: 'pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},peer_id]'
delay: 60s
trends: '0'
description: 'Peer ID'
tags:
-
tag: Application
value: 'OpenVPN Server Clients'

97
zabbix6/pfsense_active_speedtest.yaml Normal file
View File

@ -0,0 +1,97 @@
zabbix_export:
version: '6.0'
date: '2023-02-26T13:20:29Z'
groups:
-
uuid: 4918b88734c54bd094cff7585b5d71fc
name: 'Templates/Network Devices'
templates:
-
uuid: 1c7cba22540d4c10a5ee14c2b25223ca
template: 'pfSense Active Speedtest'
name: 'pfSense Active: Speedtest'
description: |
Extension for pfSense Active Template.
Executes Speedtests on WAN Interfaces.
Requires pfsense_zbx.php installed to pfSense Box.
Version 1.0.5
https://github.com/rbicelli/pfsense-zabbix-template
groups:
-
name: 'Templates/Network Devices'
discovery_rules:
-
uuid: 40288914aa9742adb93120c367263690
name: 'WAN Interfaces'
type: ZABBIX_ACTIVE
key: 'pfsense.discovery[wan]'
delay: 300s
description: 'Discover WAN Interfaces'
item_prototypes:
-
uuid: a79d28cf3f3b4981b59f571117e64d24
name: 'Speedtest Download on {#IFDESCR}'
type: ZABBIX_ACTIVE
key: 'pfsense.value[if_speedtest_value,{#IFNAME},download]'
delay: 3600s
value_type: FLOAT
units: bps
description: 'Download speed determined by Ookla Speedtest package'
tags:
-
tag: Application
value: 'Network interfaces'
-
uuid: 52b640fcdf484b538f85bf32d2afbcf3
name: 'Speedtest Ping on {#IFDESCR}'
type: ZABBIX_ACTIVE
key: 'pfsense.value[if_speedtest_value,{#IFNAME},ping]'
delay: 3600s
value_type: FLOAT
units: ms
description: 'Ping determined by Ookla Speedtest package'
tags:
-
tag: Application
value: 'Network interfaces'
-
uuid: 4bd063f24e554832b59bfa2231d53bf1
name: 'Speedtest Upload on {#IFDESCR}'
type: ZABBIX_ACTIVE
key: 'pfsense.value[if_speedtest_value,{#IFNAME},upload]'
delay: 3600s
value_type: FLOAT
units: bps
description: 'Ping determined by Ookla Speedtest package'
tags:
-
tag: Application
value: 'Network interfaces'
graph_prototypes:
-
uuid: 74cdea0b8136495496bb90593bd78a59
name: 'Speedtest metrics on {#IFDESCR}'
graph_items:
-
sortorder: '1'
color: 199C0D
calc_fnc: ALL
item:
host: 'pfSense Active Speedtest'
key: 'pfsense.value[if_speedtest_value,{#IFNAME},download]'
-
sortorder: '2'
color: FFFF00
calc_fnc: ALL
item:
host: 'pfSense Active Speedtest'
key: 'pfsense.value[if_speedtest_value,{#IFNAME},upload]'
-
sortorder: '3'
color: 0040FF
calc_fnc: ALL
item:
host: 'pfSense Active Speedtest'
key: 'pfsense.value[if_speedtest_value,{#IFNAME},ping]'