From c912044d80448bd131f5449f1dc218822e622538 Mon Sep 17 00:00:00 2001 From: Lorenzo Perone Date: Fri, 26 Jun 2020 19:40:03 +0200 Subject: [PATCH 001/162] rewritten pfz_interface_discovery a bit: - added (default) option to skip unconfigured interfaces - added (default) option to skip disabled interfaces - added interfaces_all case to always return them all (as before) - added a key IFNAMEJ for use in cases where jsonpath is needed (and dots are disturbing) - removed manual json encoding and replaced with json_encode() --- pfsense_zbx.php | 68 +++++++++++++++++++++++++++++++------------------ 1 file changed, 43 insertions(+), 25 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index afdc73c..895e720 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -61,39 +61,54 @@ function pfz_test(){ // Interface Discovery // Improved performance -function pfz_interface_discovery() { +function pfz_interface_discovery($skip_disabled = true, $skip_unconfigured = true) { $ifdescrs = get_configured_interface_with_descr(true); - $ifaces = get_interface_arr(); - $ifcs=array(); - - $json_string = '{"data":['; - - foreach ($ifdescrs as $ifname => $ifdescr){ - $ifinfo = get_interface_info($ifname); - $ifinfo["description"] = $ifdescr; - $ifcs[$ifname] = $ifinfo; + $all_hw_ifs = get_interface_arr(); + $merged_ifs=array(); + + $output = ['data' => []]; + + foreach ($ifdescrs as $pfsense_if_name => $user_if_name ) { + $ifinfo = get_interface_info($pfsense_if_name); + $ifinfo["description"] = $user_if_name; + $ifinfo["pfsense_name"] = $pfsense_if_name; + $hwname = $ifinfo['hwif']; + $merged_ifs[$hwname] = $ifinfo; } - foreach ($ifaces as $hwif) { - $json_string .= '{"{#IFNAME}":"' . $hwif . '"'; + foreach ($all_hw_ifs as $hwif) { + $record = []; - $ifdescr = $hwif; - foreach($ifcs as $ifc=>$ifinfo){ - if ($ifinfo["hwif"] == $hwif){ - $ifdescr = $ifinfo["description"]; - break; - } - } + $record['{#IFNAME}'] = $hwif; + + // needed when using interface names in dependent items via jsonpath + $record['{#IFNAMEJ}'] = str_replace('.','_',$hwif); + + if (!empty($merged_ifs[ $hwif ])) { + if(true === $skip_disabled && isset($merged_ifs[ $hwif ]['enabled'])) { + if($merged_ifs[ $hwif ]['enabled'] != 1) { + continue; + } + } + $record['{#IFDESCR}'] = $merged_ifs[ $hwif ]['description']; + } else { + if(true === $skip_unconfigured) { + continue; + } + else { + $record['{#IFDESCR}'] = $hwif; + } + } + + $output['data'][] = $record; - $json_string .= ',"{#IFDESCR}":"' . $ifdescr . '"'; - $json_string .= '},'; } - $json_string = rtrim($json_string,","); - $json_string .= "]}"; - - echo $json_string; + echo json_encode($output); } +function pfz_interface_discovery_all() { + pfz_interface_discovery(false, false); +} // OpenVPN Server Discovery function pfz_openvpn_get_all_servers(){ @@ -499,6 +514,9 @@ function pfz_discovery($section){ case "interfaces": pfz_interface_discovery(); break; + case "interfaces_all": + pfz_interface_discovery_all(); + break; } } From 9aa1b6c0d23d219f998806580858551fb82ae335 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 18 Jan 2021 16:58:38 +0100 Subject: [PATCH 002/162] Corrected issue #58 --- pfsense_zbx.php | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 15837e1..30218c1 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -202,12 +202,15 @@ function pfz_openvpn_server_userdiscovery(){ if (is_array($server['conns'])) { $name = trim(preg_replace('/\w{3}(\d)?\:\d{4,5}/i', '', $server['name'])); - foreach($server['conns'] as $conn) { - $json_string .= '{"{#SERVERID}":"' . $server['vpnid'] . '"'; - $json_string .= ',"{#SERVERNAME}":"' . $name . '"'; - $json_string .= ',"{#UNIQUEID}":"' . $server['vpnid'] . '+' . $conn['common_name'] . '"'; - $json_string .= ',"{#USERID}":"' . $conn['common_name'] . '"'; - $json_string .= '},'; + foreach($server['conns'] as $conn) { + + $common_name = pfz_replacespecialchars($conn['common_name']); + + $json_string .= '{"{#SERVERID}":"' . $server['vpnid'] . '"'; + $json_string .= ',"{#SERVERNAME}":"' . $name . '"'; + $json_string .= ',"{#UNIQUEID}":"' . $server['vpnid'] . '+' . $common_name . '"'; + $json_string .= ',"{#USERID}":"' . $conn['common_name'] . '"'; + $json_string .= '},'; } } } @@ -222,6 +225,7 @@ function pfz_openvpn_server_userdiscovery(){ // Get OpenVPN User Connected Value function pfz_openvpn_server_uservalue($unique_id, $valuekey, $default=""){ + $unique_id = pfz_replacespecialchars($unique_id,true); $atpos=strpos($unique_id,'+'); $server_id = substr($unique_id,0,$atpos); $user_id = substr($unique_id,$atpos+1); @@ -258,6 +262,20 @@ function pfz_openvpn_clientdiscovery() { echo $json_string; } +function pfz_replacespecialchars($inputstr,$reverse=false){ + $specialchars = ",',\",`,*,?,[,],{,},~,$,!,&,;,(,),<,>,|,#,@,0x0a"; + $specialchars = explode(",",$specialchars); + $resultstr = $inputstr; + + for ($n=0;$n Date: Mon, 18 Jan 2021 17:29:21 +0100 Subject: [PATCH 003/162] Added Radvd to list of service stopped on CARP Secondary --- pfsense_zbx.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 30218c1..e754672 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -338,7 +338,7 @@ function pfz_service_value($name,$value){ //List of service which are stopped on CARP Slave. //For now this is the best way i found for filtering out the triggers //Waiting for a way in Zabbix to use Global Regexp in triggers with items discovery - $stopped_on_carp_slave = array("haproxy","openvpn.","openvpn"); + $stopped_on_carp_slave = array("haproxy","radvd","openvpn.","openvpn"); foreach ($services as $service){ $namecfr = $service["name"]; From 3268a4445b518871f0a4fbd0b4b43cf8cfb2e40f Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 18 Jan 2021 22:31:47 +0100 Subject: [PATCH 004/162] Fixed gateway Status, Removed IPsec Phase2 Status (reqid mismatch) --- pfsense_zbx.php | 1 + template_pfsense_active_ipsec.xml | 205 +----------------------------- 2 files changed, 2 insertions(+), 204 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index e754672..dc5b42c 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -756,6 +756,7 @@ function pfz_valuemap($valuename, $value, $default="0"){ case "gateway.status": $valuemap = array( + "online" => "0", "none" => "0", "loss" => "1", "highdelay" => "2", diff --git a/template_pfsense_active_ipsec.xml b/template_pfsense_active_ipsec.xml index 30721a1..8ebeafe 100644 --- a/template_pfsense_active_ipsec.xml +++ b/template_pfsense_active_ipsec.xml @@ -1,7 +1,7 @@ 4.0 - 2021-01-18T15:02:45Z + 2021-01-18T21:30:16Z Templates/Network Devices @@ -504,188 +504,6 @@ https://github.com/rbicelli/pfsense-zabbix-template 30d Discovery of IPsec Phase 2 - - IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Byte Received - 7 - - - pfsense.value[ipsec_ph2,{#EXTID},status.bytes-in] - 60s - 90d - 365d - 0 - 3 - - b - - - 0 - 0 - - 0 - - - - 0 - - - - - - IPsec Tunnel Phase 2 Protocol - 0 - - - IPsec - - - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - - - IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Byte Sent - 7 - - - pfsense.value[ipsec_ph2,{#EXTID},status.bytes-out] - 60s - 90d - 365d - 0 - 3 - - b - - - 0 - 0 - - 0 - - - - 0 - - - - - - IPsec Tunnel Phase 2 Protocol - 0 - - - IPsec - - - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - - - IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Status - 7 - - - pfsense.value[ipsec_ph2,{#EXTID},status] - 60s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - IPsec Tunnel Phase 2 Protocol - 0 - - - IPsec - - - - pfSense IPsec Phase 2 Status - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Enabled 7 @@ -1025,27 +843,6 @@ https://github.com/rbicelli/pfsense-zabbix-template - - pfSense IPsec Phase 2 Status - - - 0 - Down - - - 1 - Installed - - - 2 - Rekeyed - - - 10 - Down on CARP Secondary - - - pfSense IPsec Protocol From 3d6af9511110813028edff6c02a9ca48215dc7de Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 18 Jan 2021 23:12:46 +0100 Subject: [PATCH 005/162] Fixed pfz_valuemap function --- pfsense_zbx.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index dc5b42c..7ffa472 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -808,9 +808,10 @@ function pfz_valuemap($valuename, $value, $default="0"){ } - if (array_key_exists($value, $valuemap)) - return $valuemap[$value]; - + if (isset($valuemap)) { + if (array_key_exists($value, $valuemap)) + return $valuemap[$value]; + } return $default; } From 7c9c5e66e5afdaf833f8620c2e4251049b0c176f Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Wed, 20 Jan 2021 15:07:57 +0100 Subject: [PATCH 006/162] Added checks in value maps for recent php versions, fixed p2p_tls service detection (Issue #36) --- pfsense_zbx.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 7ffa472..9569a17 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -162,7 +162,11 @@ function pfz_openvpn_servervalue($server_id,$valuekey){ if ($valuekey=="status") { if ( ($server['mode']=="server_user") || ($server['mode']=="server_tls_user") || ($server['mode']=="server_tls") ){ if ($value=="") $value="server_user_listening"; - } + } else if ($server['mode']=="p2p_tls"){ + // For p2p_tls, ensure we have one client, and return up if it's the case + if ($value=="") + $value=(is_array($server["conns"]) && count($server["conns"]) > 0) ? "up" : "down"; + } } } } @@ -808,7 +812,7 @@ function pfz_valuemap($valuename, $value, $default="0"){ } - if (isset($valuemap)) { + if (is_array($valuemap)) { if (array_key_exists($value, $valuemap)) return $valuemap[$value]; } From 0f279ff310272f751d7547dfcd0f66a24ed11f45 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Sat, 23 Jan 2021 16:54:32 +0100 Subject: [PATCH 007/162] Added DHCP Failover Monitoring, Renamed CARP section to HA --- README.md | 6 ++ pfsense_zbx.php | 196 +++++++++++++++++++++++++++++++++++- template_pfsense_active.xml | 89 ++++++++++++++-- 3 files changed, 283 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 0566f15..d900f84 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,12 @@ mkdir /root/scripts curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php ``` +or, from **Diagnostics/Command Prompt** input this one-liner: + +```bash +mkdir /root/scripts && curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php +``` + Then install package "Zabbix Agent 4" on your pfSense Box diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 9569a17..9ba8f14 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -26,7 +26,6 @@ require_once('pkg-utils.inc'); //For DHCP - //Testing function, for template creating purpose function pfz_test(){ $line = "-------------------\n"; @@ -666,6 +665,175 @@ function pfz_carp_status($echo = true){ } +// DHCP Checks (copy of status_dhcp_leases.php, waiting for pfsense 2.5) +function pfz_remove_duplicate($array, $field) { + foreach ($array as $sub) { + $cmp[] = $sub[$field]; + } + $unique = array_unique(array_reverse($cmp, true)); + foreach ($unique as $k => $rien) { + $new[] = $array[$k]; + } + return $new; +} + +// Get DHCP Arrays (copied from status_dhcp_leases.php, waiting for pfsense 2.5, in order to use system_get_dhcpleases();) +function pfz_dhcp_get($valuekey) { + + require_once("config.inc"); + + $leasesfile = "{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"; + + $awk = "/usr/bin/awk"; + /* this pattern sticks comments into a single array item */ + $cleanpattern = "'{ gsub(\"#.*\", \"\");} { gsub(\";\", \"\"); print;}'"; + /* We then split the leases file by } */ + $splitpattern = "'BEGIN { RS=\"}\";} {for (i=1; i<=NF; i++) printf \"%s \", \$i; printf \"}\\n\";}'"; + + /* stuff the leases file in a proper format into a array by line */ + @exec("/bin/cat {$leasesfile} 2>/dev/null| {$awk} {$cleanpattern} | {$awk} {$splitpattern}", $leases_content); + $leases_count = count($leases_content); + @exec("/usr/sbin/arp -an", $rawdata); + + foreach ($leases_content as $lease) { + /* split the line by space */ + $data = explode(" ", $lease); + /* walk the fields */ + $f = 0; + $fcount = count($data); + /* with less than 20 fields there is nothing useful */ + if ($fcount < 20) { + $i++; + continue; + } + while ($f < $fcount) { + switch ($data[$f]) { + case "failover": + $pools[$p]['name'] = trim($data[$f+2], '"'); + $pools[$p]['name'] = "{$pools[$p]['name']} (" . convert_friendly_interface_to_friendly_descr(substr($pools[$p]['name'], 5)) . ")"; + $pools[$p]['mystate'] = $data[$f+7]; + $pools[$p]['peerstate'] = $data[$f+14]; + $pools[$p]['mydate'] = $data[$f+10]; + $pools[$p]['mydate'] .= " " . $data[$f+11]; + $pools[$p]['peerdate'] = $data[$f+17]; + $pools[$p]['peerdate'] .= " " . $data[$f+18]; + $p++; + $i++; + continue 3; + case "lease": + $leases[$l]['ip'] = $data[$f+1]; + $leases[$l]['type'] = $dynamic_string; + $f = $f+2; + break; + case "starts": + $leases[$l]['start'] = $data[$f+2]; + $leases[$l]['start'] .= " " . $data[$f+3]; + $f = $f+3; + break; + case "ends": + if ($data[$f+1] == "never") { + // Quote from dhcpd.leases(5) man page: + // If a lease will never expire, date is never instead of an actual date. + $leases[$l]['end'] = gettext("Never"); + $f = $f+1; + } else { + $leases[$l]['end'] = $data[$f+2]; + $leases[$l]['end'] .= " " . $data[$f+3]; + $f = $f+3; + } + break; + case "tstp": + $f = $f+3; + break; + case "tsfp": + $f = $f+3; + break; + case "atsfp": + $f = $f+3; + break; + case "cltt": + $f = $f+3; + break; + case "binding": + switch ($data[$f+2]) { + case "active": + $leases[$l]['act'] = $active_string; + break; + case "free": + $leases[$l]['act'] = $expired_string; + $leases[$l]['online'] = $offline_string; + break; + case "backup": + $leases[$l]['act'] = $reserved_string; + $leases[$l]['online'] = $offline_string; + break; + } + $f = $f+1; + break; + case "next": + /* skip the next binding statement */ + $f = $f+3; + break; + case "rewind": + /* skip the rewind binding statement */ + $f = $f+3; + break; + case "hardware": + $leases[$l]['mac'] = $data[$f+2]; + /* check if it's online and the lease is active */ + if (in_array($leases[$l]['ip'], $arpdata_ip)) { + $leases[$l]['online'] = $online_string; + } else { + $leases[$l]['online'] = $offline_string; + } + $f = $f+2; + break; + case "client-hostname": + if ($data[$f+1] <> "") { + $leases[$l]['hostname'] = preg_replace('/"/', '', $data[$f+1]); + } else { + $hostname = gethostbyaddr($leases[$l]['ip']); + if ($hostname <> "") { + $leases[$l]['hostname'] = $hostname; + } + } + $f = $f+1; + break; + case "uid": + $f = $f+1; + break; + } + $f++; + } + $l++; + $i++; + /* slowly chisel away at the source array */ + array_shift($leases_content); + } + /* remove duplicate items by mac address */ + if (count($leases) > 0) { + $leases = pfz_remove_duplicate($leases, "ip"); + } + + if (count($pools) > 0) { + $pools = pfz_remove_duplicate($pools, "name"); + asort($pools); + } + + switch ($valuekey){ + case "pools": + return $pools; + break; + case "failover": + return $failover; + break; + case "leases": + default: + return $leases; + } + +} + function pfz_dhcpfailover_discovery(){ //System functions regarding DHCP Leases will be available in the upcoming release of pfSense, so let's wait require_once("system.inc"); @@ -685,6 +853,29 @@ function pfz_dhcpfailover_discovery(){ echo $json_string; } +function pfz_dhcp_check_failover(){ + // Check DHCP Failover Status + // Returns number of failover pools which state is not normal or + // different than peer state + $failover = pfz_dhcp_get("failover"); + $ret = 0; + foreach ($failover as $f){ + if ( ($f["mystate"]!="normal") || ($f["mystate"]!=$f["peerstate"])) { + $ret++; + } + } + return $ret; +} + +function pfz_dhcp($section, $valuekey=""){ + switch ($section){ + case "failover": + echo pfz_dhcp_check_failover(); + break; + default: + } +} + //Packages function pfz_packages_uptodate(){ require_once("pkg-utils.inc"); @@ -893,6 +1084,9 @@ switch (strtolower($argv[1])){ case "ipsec_ph2": pfz_ipsec_ph2($argv[2],$argv[3]); break; + case "dhcp": + pfz_dhcp($argv[2],$argv[3]); + break; default: pfz_test(); } diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index 036fd30..8b76d4b 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -1,7 +1,7 @@ 4.0 - 2021-01-18T15:00:52Z + 2021-01-23T15:53:03Z Templates/Network Devices @@ -21,9 +21,6 @@ https://github.com/rbicelli/pfsense-zabbix-template - - CARP - CPU @@ -33,6 +30,9 @@ https://github.com/rbicelli/pfsense-zabbix-template Gateways + + HA + Memory @@ -271,7 +271,7 @@ https://github.com/rbicelli/pfsense-zabbix-template 0 - CARP + HA @@ -745,7 +745,7 @@ https://github.com/rbicelli/pfsense-zabbix-template 0 - CARP + HA @@ -774,6 +774,65 @@ https://github.com/rbicelli/pfsense-zabbix-template 0 + + DHCP Failover Pool Problems + 7 + + + pfsense.value[dhcp,failover] + 120s + 90d + 365d + 0 + 3 + + + + + 0 + 0 + + 0 + + + + 0 + + + + + + This value indicates, in a HA scenario, if DHCP failover pool partners are out of sync. + 0 + + + HA + + + + + + + 3s + + + + 200 + 1 + 0 + + + 0 + 0 + 0 + 0 + + + + 0 + 0 + + Gateway Status Raw 7 @@ -5254,6 +5313,22 @@ or + + {Template pfSense Active:pfsense.value[carp_status].last()}>2 + 0 + + DHCP Failover Problems on {HOST.NAME} + 0 + + https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html + 0 + 4 + One or more DHCP Pools are experiencing failover problems. This could potentially cause other problems in yourr network. + 0 + 0 + + + {Template pfSense Active:system.uname.diff(0)}>0 0 @@ -5392,7 +5467,7 @@ or 0 1 - Notify of new version of packages are available + New version of packages are available 0 0 From 57324cf3a396adc24f64af198fdc223442c0ff8f Mon Sep 17 00:00:00 2001 From: Dan Edwards Date: Fri, 19 Mar 2021 10:35:02 +0000 Subject: [PATCH 008/162] Update pfsense_zbx.php Report correct Phase 1 status on non Carp enabled devices --- pfsense_zbx.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 9ba8f14..7bebe51 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -603,8 +603,11 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ } switch($valuekey) { case 'state': - $value = pfz_valuemap('ipsec.state', strtolower($tmp_value)); - $value = $value + (10 * ($carp_status-1)); + if ($carp_status == 0) { + $value = pfz_valuemap('ipsec.state', strtolower($tmp_value)); + } else { + $value = $value + (10 * ($carp_status-1)); + } break; default: $value = $tmp_value; From ba0281f08e94cf5e669c10a9332b946d55f96915 Mon Sep 17 00:00:00 2001 From: f87 <62796525+f87@users.noreply.github.com> Date: Fri, 11 Jun 2021 10:20:13 +0300 Subject: [PATCH 009/162] Update pfsense_zbx.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Не выполнялся поиск пользователе на серверах с TLS-Аутентификацией --- pfsense_zbx.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 7bebe51..d2a4c8b 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -201,7 +201,7 @@ function pfz_openvpn_server_userdiscovery(){ $json_string = '{"data":['; foreach ($servers as $server){ - if ( ($server['mode']=='server_user') || ($server['mode']=='server_tls_user') ) { + if ( ($server['mode']=='server_user') || ($server['mode']=='server_tls_user') || ($server['mode']=='server_tls') ) { if (is_array($server['conns'])) { $name = trim(preg_replace('/\w{3}(\d)?\:\d{4,5}/i', '', $server['name'])); From bb2c2cbe4a77d9f142382376034b146813237463 Mon Sep 17 00:00:00 2001 From: Kent Ickler Date: Fri, 25 Jun 2021 01:38:47 -0600 Subject: [PATCH 010/162] Agent (Type 0) to Active Agent (Type 7) corrected Agent (type 0) to Agent Active (Type 7) On Service Discovery Item Prototypes --- template_pfsense_active.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index 8b76d4b..dca2ea7 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -4486,7 +4486,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Service {#DESCRIPTION} enabled on CARP Slave - 0 + 7 pfsense.value[service_value,{#SERVICE},run_on_carp_slave] @@ -4548,7 +4548,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Service {#DESCRIPTION} Status - 0 + 7 pfsense.value[service_value,{#SERVICE},status] From d18056cf8af33e6993312d8bb86622bc505845c3 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Thu, 1 Jul 2021 22:45:27 +0200 Subject: [PATCH 011/162] Fixed value mapper --- pfsense_zbx.php | 1 + 1 file changed, 1 insertion(+) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index d2a4c8b..bf73e36 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -1007,6 +1007,7 @@ function pfz_valuemap($valuename, $value, $default="0"){ } if (is_array($valuemap)) { + $value = strtolower($value); if (array_key_exists($value, $valuemap)) return $valuemap[$value]; } From 11784220d974dee47bd8ba55235cda3558efdc04 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Sun, 4 Jul 2021 21:20:43 +0200 Subject: [PATCH 012/162] Fixed issues #72 and #76 --- pfsense_zbx.php | 6 +++++- template_pfsense_active.xml | 21 ++++++++++++++------- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index bf73e36..d4f0788 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -1,7 +1,7 @@ This program is licensed under Apache 2.0 License @@ -569,11 +569,15 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ } if ($ikesa['version'] == 1) { $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); + //pfSense 2.5 with conn enumeration like conn100000 + if ( ($ph1idx==false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000')); $ipsecconnected[$ph1idx] = $ph1idx; } else { if (!ipsec_ikeid_used($con_id)) { // probably a v2 with split connection then $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); + //pfSense 2.5 with conn enumeration like conn100000 + if ( ($ph1idx==false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000')); $ipsecconnected[$ph1idx] = $ph1idx; } else { $ipsecconnected[$con_id] = $ph1idx = $con_id; diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index dca2ea7..7b8638a 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -1,7 +1,7 @@ 4.0 - 2021-01-23T15:53:03Z + 2021-07-04T19:16:51Z Templates/Network Devices @@ -2525,7 +2525,7 @@ https://github.com/rbicelli/pfsense-zabbix-template - quantité de mémoire en cours d'utilisation par les processus + Memory used by processes 0 @@ -2704,7 +2704,7 @@ https://github.com/rbicelli/pfsense-zabbix-template - quantité de mémoire utilisée pour mettre des données en cache + amount of memory used to cache data 0 @@ -2763,7 +2763,7 @@ https://github.com/rbicelli/pfsense-zabbix-template - quantité de mémoire complètement libre et prête a être utilisée directement. + amount of memory completely free and ready to be used directly. 0 @@ -2822,7 +2822,7 @@ https://github.com/rbicelli/pfsense-zabbix-template - quantité de mémoire qui contient des données qui ne sont plus utilisées (peut être directement libéré si besoin) + amount of memory that contains data that is no longer used (can be directly freed if needed) 0 @@ -3124,7 +3124,7 @@ https://github.com/rbicelli/pfsense-zabbix-template - quantité de mémoire utilisée par le kernel, ne peut être ni déchargée en swap, ni compressée. + amount of memory used by the kernel, can neither be unloaded in swap, nor compressed. 0 @@ -4479,7 +4479,14 @@ https://github.com/rbicelli/pfsense-zabbix-template 0 - + + + {#SERVICE} + @pfSense service names for discovery + 8 + A + + 30d From ebc9ae34fa13f82ff9a305cb9f279d8e20a21950 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 5 Jul 2021 17:56:27 +0200 Subject: [PATCH 013/162] Preliminary tests of Speedtest --- .gitignore | 1 + README.md | 30 +++ pfsense_zbx.php | 164 +++++++++---- template_pfsense-active_speedtest.xml | 332 ++++++++++++++++++++++++++ 4 files changed, 479 insertions(+), 48 deletions(-) create mode 100644 .gitignore create mode 100644 template_pfsense-active_speedtest.xml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c190512 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.backup diff --git a/README.md b/README.md index d900f84..f47fbd9 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0 **Template pfSense Active** - Network interface Discovery and Monitoring with User Assigned Names + - Scheduled Speedtest on WAN interfaces (via ookla speedtest) - Gateway Discovery and Monitoring (Gateway Status/RTT) - OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status) - OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status) @@ -80,6 +81,35 @@ Possible values are: This is useful when monitoring services which could stay stopped on CARP Backup Member. + +## Setup Speedtest + +For running speedtests on WAN interfaces you have to install the speedtest package + + +From **Diagnostics/Command Prompt** input this commands: + +``` +pkg update && pkg install -y py37-speedtest-cli +``` + +Speedtest python package could be broken at the moment, so you could need an extra step: download the latest version from package author's github repo. + +``` + curl -Lo /usr/local/lib/python3.7/site-packages speedtest.py https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py +``` + +For testing if speedtest is installed properly you can try it: + +``` + /usr/local/bin/speedtest +``` + +Remember that you will need to install the package on *every* pfSense upgrade. + +**For speedtest to work you may need to increase Timeout up to its maximum (30)** + + ## Credits [Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part. diff --git a/pfsense_zbx.php b/pfsense_zbx.php index fbe0d4d..2c8f4af 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -1,7 +1,7 @@ This program is licensed under Apache 2.0 License @@ -89,53 +89,111 @@ function pfz_test(){ // Interface Discovery // Improved performance -function pfz_interface_discovery($skip_disabled = true, $skip_unconfigured = true) { +function pfz_interface_discovery($is_wan=false) { $ifdescrs = get_configured_interface_with_descr(true); - $all_hw_ifs = get_interface_arr(); - $merged_ifs=array(); + $ifaces = get_interface_arr(); + $ifcs=array(); + + $json_string = '{"data":['; + + foreach ($ifdescrs as $ifname => $ifdescr){ + $ifinfo = get_interface_info($ifname); + $ifinfo["description"] = $ifdescr; + $ifcs[$ifname] = $ifinfo; + + } - $output = ['data' => []]; - - foreach ($ifdescrs as $pfsense_if_name => $user_if_name ) { - $ifinfo = get_interface_info($pfsense_if_name); - $ifinfo["description"] = $user_if_name; - $ifinfo["pfsense_name"] = $pfsense_if_name; - $hwname = $ifinfo['hwif']; - $merged_ifs[$hwname] = $ifinfo; + foreach ($ifaces as $hwif) { + + $ifdescr = $hwif; + $has_gw = false; + $is_vpn = false; + + foreach($ifcs as $ifc=>$ifinfo){ + if ($ifinfo["hwif"] == $hwif){ + $ifdescr = $ifinfo["description"]; + if (array_key_exists("gateway",$ifinfo)) $has_gw=true; + if (strpos($ifinfo["if"],"ovpn")!==false) $is_vpn=true; + break; + } + } + + if ( ($is_wan==false) || (($is_wan==true) && ($has_gw==true) && ($is_vpn==false)) ) { + $json_string .= '{"{#IFNAME}":"' . $hwif . '"'; + $json_string .= ',"{#IFDESCR}":"' . $ifdescr . '"'; + $json_string .= '},'; + } + } + $json_string = rtrim($json_string,","); + $json_string .= "]}"; - foreach ($all_hw_ifs as $hwif) { - $record = []; - - $record['{#IFNAME}'] = $hwif; - - // needed when using interface names in dependent items via jsonpath - $record['{#IFNAMEJ}'] = str_replace('.','_',$hwif); - - if (!empty($merged_ifs[ $hwif ])) { - if(true === $skip_disabled && isset($merged_ifs[ $hwif ]['enabled'])) { - if($merged_ifs[ $hwif ]['enabled'] != 1) { - continue; - } - } - $record['{#IFDESCR}'] = $merged_ifs[ $hwif ]['description']; - } else { - if(true === $skip_unconfigured) { - continue; - } - else { - $record['{#IFDESCR}'] = $hwif; - } - } - - $output['data'][] = $record; - - } - echo json_encode($output); + echo $json_string; } -function pfz_interface_discovery_all() { - pfz_interface_discovery(false, false); +//Interface Speedtest +function pfz_interface_speedtest_value($ifname, $value){ + $ifdescrs = get_configured_interface_with_descr(true); + $ifaces = get_interface_arr(); + $pf_interface_name=''; + $subvalue=false; + + $tvalue = explode(".", $value); + + if (count($tvalue)>1) { + $value = $tvalue[0]; + $subvalue = $tvalue[1]; + } + + foreach ($ifdescrs as $ifn => $ifd){ + $ifinfo = get_interface_info($ifn); + if($ifinfo['hwif']==$ifname) { + $pf_interface_name = $ifn; + break; + } + } + + //If the interface has a gateway is considered WAN, so let's do the speedtest + if (array_key_exists("gateway", $ifinfo)) { + $ipaddr = $ifinfo['ipaddr']; + $speedtest_data = pfz_speedtest_exec($pf_interface_name,$ipaddr); + if (array_key_exists($value,$speedtest_data)) { + if ($subvalue == false) + echo $speedtest_data[$value]; + else + echo $speedtest_data[$value][$subvalue]; + } + } +} + +function pfz_speedtest_exec ($ifname, $ipaddr, $is_cron=false){ + $filename = "/tmp/speedtest-$ifname"; + $filerun = "/tmp/speedtest-run"; + $filecron = "/tmp/speedtest.cron" + + if (file_exists($filename)) { + $json_output = json_decode(file_get_contents($filename), true); + if ($json_output==null) @unlink($filename); + return $json_output; + } + + if ($is_cron) touch($filecron); + + if ( $is_cron==false || file_exists($filecron)) { + if ( (time()-filemtime($filename) > 8 * 3600) || (file_exists($filename)==false) ) { + // file older than 8 Hours + if ( (time()-filemtime($filerun) > 180 ) ) @unlink($filerun); + + if (file_exists($filename)==false) { + touch($filerun); + $st_command = "nohup /usr/local/bin/speedtest --source $ipaddr --json > $filename && rm $filerun &"; + exec ($st_command); + } + + } + } + + return false; } // OpenVPN Server Discovery @@ -936,7 +994,13 @@ function pfz_get_system_value($section){ } } - +// File is present +function pfz_file_exists($filename) { + if (file_exists($filename)) + echo "1"; + else + echo "0"; +} // Value mappings // Each value map is represented by an associative array @@ -1039,6 +1103,9 @@ function pfz_discovery($section){ case "gw": pfz_gw_discovery(); break; + case "wan": + pfz_interface_discovery(true); + break; case "openvpn_server": pfz_openvpn_serverdiscovery(); break; @@ -1054,10 +1121,6 @@ function pfz_discovery($section){ case "interfaces": pfz_interface_discovery(); break; -<<<<<<< HEAD - case "interfaces_all": - pfz_interface_discovery_all(); -======= case "ipsec_ph1": pfz_ipsec_discovery_ph1(); break; @@ -1066,7 +1129,6 @@ function pfz_discovery($section){ break; case "dhcpfailover": pfz_dhcpfailover_discovery(); ->>>>>>> master break; } } @@ -1082,6 +1144,9 @@ switch (strtolower($argv[1])){ case "gw_status": pfz_gw_rawstatus(); break; + case "if_speedtest_value": + pfz_interface_speedtest_value($argv[2],$argv[3]); + break; case "openvpn_servervalue": pfz_openvpn_servervalue($argv[2],$argv[3]); break; @@ -1115,6 +1180,9 @@ switch (strtolower($argv[1])){ case "dhcp": pfz_dhcp($argv[2],$argv[3]); break; + case "file_exists": + pfz_file_exists($argv[2]); + break; default: pfz_test(); } diff --git a/template_pfsense-active_speedtest.xml b/template_pfsense-active_speedtest.xml new file mode 100644 index 0000000..41335bd --- /dev/null +++ b/template_pfsense-active_speedtest.xml @@ -0,0 +1,332 @@ + + + 4.0 + 2021-07-05T15:51:20Z + + + Templates/Network Devices + + + + + + From e3bddbd56b3befe86eb594f6c5d61d3c332d9b2e Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 5 Jul 2021 17:58:34 +0200 Subject: [PATCH 014/162] Typos --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f47fbd9..5a7ec03 100644 --- a/README.md +++ b/README.md @@ -89,19 +89,19 @@ For running speedtests on WAN interfaces you have to install the speedtest packa From **Diagnostics/Command Prompt** input this commands: -``` +```bash pkg update && pkg install -y py37-speedtest-cli ``` Speedtest python package could be broken at the moment, so you could need an extra step: download the latest version from package author's github repo. -``` - curl -Lo /usr/local/lib/python3.7/site-packages speedtest.py https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py +```bash +curl -Lo /usr/local/lib/python3.7/site-packages/speedtest.py https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py ``` For testing if speedtest is installed properly you can try it: -``` +```bash /usr/local/bin/speedtest ``` From e639c05c5e67570eeebee214c6ae0eb2573ad366 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 5 Jul 2021 19:31:48 +0200 Subject: [PATCH 015/162] Typos --- README.md | 7 ++++++- pfsense_zbx.php | 11 +++++++---- ...dtest.xml => template_pfsense_active_speedtest.xml | 0 3 files changed, 13 insertions(+), 5 deletions(-) rename template_pfsense-active_speedtest.xml => template_pfsense_active_speedtest.xml (100%) diff --git a/README.md b/README.md index 5a7ec03..86fe458 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,11 @@ Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0 - Discovery of IPsec Site-to-Site tunnels - Monitoring tunnel status (Phase 1 and Phase 2) + +**Template pfSense Active: Speedtest** + + - Discovery of WAN Interfaces + - Perform speed tests and collect metrics ## Configuration @@ -65,7 +70,7 @@ UserParameter=pfsense.discovery[*],/usr/local/bin/php /root/scripts/pfsense_zbx. UserParameter=pfsense.value[*],/usr/local/bin/php /root/scripts/pfsense_zbx.php $1 $2 $3 ``` -_Please note that **AllowRoot=1** option is required in order to execute correctly OpenVPN checks and others._ +_Please note that **AllowRoot=1** option is required in order to correctly execute OpenVPN checks and others._ Also increase the **Timeout** value at least to **5**, otherwise some checks will fail. diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 2c8f4af..93dae71 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -7,6 +7,10 @@ Written by Riccardo Bicelli This program is licensed under Apache 2.0 License */ +//Some Useful defines + +define('SPEEDTEST_INTERVAL',8); //Speedtest Interval (in hours) + require_once('globals.inc'); require_once('functions.inc'); require_once('config.inc'); @@ -169,7 +173,7 @@ function pfz_interface_speedtest_value($ifname, $value){ function pfz_speedtest_exec ($ifname, $ipaddr, $is_cron=false){ $filename = "/tmp/speedtest-$ifname"; $filerun = "/tmp/speedtest-run"; - $filecron = "/tmp/speedtest.cron" + $filecron = "/tmp/speedtest.cron"; if (file_exists($filename)) { $json_output = json_decode(file_get_contents($filename), true); @@ -180,8 +184,8 @@ function pfz_speedtest_exec ($ifname, $ipaddr, $is_cron=false){ if ($is_cron) touch($filecron); if ( $is_cron==false || file_exists($filecron)) { - if ( (time()-filemtime($filename) > 8 * 3600) || (file_exists($filename)==false) ) { - // file older than 8 Hours + if ( (time()-filemtime($filename) > SPEEDTEST_INTERVAL * 3600) || (file_exists($filename)==false) ) { + // file is older than SPEEDTEST_INTERVAL if ( (time()-filemtime($filerun) > 180 ) ) @unlink($filerun); if (file_exists($filename)==false) { @@ -189,7 +193,6 @@ function pfz_speedtest_exec ($ifname, $ipaddr, $is_cron=false){ $st_command = "nohup /usr/local/bin/speedtest --source $ipaddr --json > $filename && rm $filerun &"; exec ($st_command); } - } } diff --git a/template_pfsense-active_speedtest.xml b/template_pfsense_active_speedtest.xml similarity index 100% rename from template_pfsense-active_speedtest.xml rename to template_pfsense_active_speedtest.xml From 9adb054faad441c119a4210c6196c7885d874082 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 5 Jul 2021 22:51:55 +0200 Subject: [PATCH 016/162] Fixed IPSEC issues. I almost blindly merged some PRs which supposed to solve problems, but broke things in IPSEC status reporting. Fixed value mappings (lower cased). Fixed conn ID numbering (in 2.4 IPSEC con id are enumerated con1000, con2000... and in 2.5 con100000, con200000) --- pfsense_zbx.php | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 93dae71..8652bff 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -646,14 +646,14 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ if ($ikesa['version'] == 1) { $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); //pfSense 2.5 with conn enumeration like conn100000 - if ( ($ph1idx==false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000')); + if ( ($ph1idx===false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000')); $ipsecconnected[$ph1idx] = $ph1idx; } else { if (!ipsec_ikeid_used($con_id)) { // probably a v2 with split connection then $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); //pfSense 2.5 with conn enumeration like conn100000 - if ( ($ph1idx==false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000')); + if ( ($ph1idx===false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000')); $ipsecconnected[$ph1idx] = $ph1idx; } else { $ipsecconnected[$con_id] = $ph1idx = $con_id; @@ -664,7 +664,7 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ // Asking for Phase2 Status Value foreach ($ikesa['child-sas'] as $childsas) { if ($childsas['reqid']==$reqid) { - if ($childsas['state'] == 'REKEYED') { + if (strtolower($childsas['state']) == 'rekeyed') { //if state is rekeyed go on $tmp_value = $childsas[$valuekey]; } else { @@ -681,19 +681,17 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ } } } + switch($valuekey) { case 'state': - if ($carp_status == 0) { - $value = pfz_valuemap('ipsec.state', strtolower($tmp_value)); - } else { - $value = $value + (10 * ($carp_status-1)); - } + $value = pfz_valuemap('ipsec.state', strtolower($tmp_value)); + if ($carp_status!=0) $value = $value + (10 * ($carp_status-1)); break; default: $value = $tmp_value; break; } -// print_r($ikesa); + return $value; } @@ -1008,7 +1006,6 @@ function pfz_file_exists($filename) { // Value mappings // Each value map is represented by an associative array function pfz_valuemap($valuename, $value, $default="0"){ - switch ($valuename){ case "openvpn.server.status": From 9bd55db4bef73cdeda05d55250546a2326f899fc Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Tue, 6 Jul 2021 23:03:29 +0200 Subject: [PATCH 017/162] Improved Speedtest. --- pfsense_zbx.php | 95 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 68 insertions(+), 27 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 8652bff..c7c321f 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -9,7 +9,7 @@ This program is licensed under Apache 2.0 License //Some Useful defines -define('SPEEDTEST_INTERVAL',8); //Speedtest Interval (in hours) +define('SPEEDTEST_INTERVAL', 8); //Speedtest Interval (in hours) require_once('globals.inc'); require_once('functions.inc'); @@ -93,18 +93,18 @@ function pfz_test(){ // Interface Discovery // Improved performance -function pfz_interface_discovery($is_wan=false) { +function pfz_interface_discovery($is_wan=false,$is_cron=false) { $ifdescrs = get_configured_interface_with_descr(true); $ifaces = get_interface_arr(); $ifcs=array(); + $if_ret=array(); $json_string = '{"data":['; foreach ($ifdescrs as $ifname => $ifdescr){ $ifinfo = get_interface_info($ifname); $ifinfo["description"] = $ifdescr; - $ifcs[$ifname] = $ifinfo; - + $ifcs[$ifname] = $ifinfo; } foreach ($ifaces as $hwif) { @@ -123,6 +123,7 @@ function pfz_interface_discovery($is_wan=false) { } if ( ($is_wan==false) || (($is_wan==true) && ($has_gw==true) && ($is_vpn==false)) ) { + $if_ret[]=$hwif; $json_string .= '{"{#IFNAME}":"' . $hwif . '"'; $json_string .= ',"{#IFDESCR}":"' . $ifdescr . '"'; $json_string .= '},'; @@ -132,48 +133,79 @@ function pfz_interface_discovery($is_wan=false) { $json_string = rtrim($json_string,","); $json_string .= "]}"; + if ($is_cron) return $if_ret; + echo $json_string; } + //Interface Speedtest -function pfz_interface_speedtest_value($ifname, $value){ - $ifdescrs = get_configured_interface_with_descr(true); - $ifaces = get_interface_arr(); - $pf_interface_name=''; - $subvalue=false; - - $tvalue = explode(".", $value); +function pfz_interface_speedtest_value($ifname, $value){ + $tvalue = explode(".", $value); if (count($tvalue)>1) { $value = $tvalue[0]; $subvalue = $tvalue[1]; } - - foreach ($ifdescrs as $ifn => $ifd){ - $ifinfo = get_interface_info($ifn); - if($ifinfo['hwif']==$ifname) { - $pf_interface_name = $ifn; - break; - } - } - + //If the interface has a gateway is considered WAN, so let's do the speedtest - if (array_key_exists("gateway", $ifinfo)) { - $ipaddr = $ifinfo['ipaddr']; - $speedtest_data = pfz_speedtest_exec($pf_interface_name,$ipaddr); - if (array_key_exists($value,$speedtest_data)) { + $filename = "/tmp/speedtest-$ifname"; + + if (file_exists($filename)) { + $speedtest_data = json_decode(file_get_contents($filename), true); + + if (array_key_exists($value, $speedtest_data)) { if ($subvalue == false) echo $speedtest_data[$value]; else echo $speedtest_data[$value][$subvalue]; - } - } + } + } + } + +function pfz_speedtest_cron(){ + require_once("services.inc"); + $ifdescrs = get_configured_interface_with_descr(true); + $ifaces = get_interface_arr(); + $pf_interface_name=''; + $subvalue=false; + + $ifcs = pfz_interface_discovery(true, true); + + foreach ($ifcs as $ifname) { + + foreach ($ifdescrs as $ifn => $ifd){ + $ifinfo = get_interface_info($ifn); + if($ifinfo['hwif']==$ifname) { + $pf_interface_name = $ifn; + break; + } + } + + //If the interface has a gateway is considered WAN, so let's do the speedtest + if (array_key_exists("gateway", $ifinfo)) { + $ipaddr = $ifinfo['ipaddr']; + pfz_speedtest_exec($ifname, $ipaddr); + } + + } +} + +//installs a cron job for speedtests +function pfz_speedtest_cron_install($enable=true){ + //Install Cron Job + $command = "/usr/local/bin/php " . __FILE__ . " speedtest_cron"; + install_cron_job($command, $enable, $minute = "*/15", "*", "*", "*", "*", "root", false); +} + + function pfz_speedtest_exec ($ifname, $ipaddr, $is_cron=false){ + $filename = "/tmp/speedtest-$ifname"; $filerun = "/tmp/speedtest-run"; - $filecron = "/tmp/speedtest.cron"; + $filecron = "/tmp/speedtest.cron"; if (file_exists($filename)) { $json_output = json_decode(file_get_contents($filename), true); @@ -199,6 +231,7 @@ function pfz_speedtest_exec ($ifname, $ipaddr, $is_cron=false){ return false; } + // OpenVPN Server Discovery function pfz_openvpn_get_all_servers(){ $servers = openvpn_get_active_servers(); @@ -1145,6 +1178,7 @@ switch (strtolower($argv[1])){ pfz_gw_rawstatus(); break; case "if_speedtest_value": + pfz_speedtest_cron_install(); pfz_interface_speedtest_value($argv[2],$argv[3]); break; case "openvpn_servervalue": @@ -1182,6 +1216,13 @@ switch (strtolower($argv[1])){ break; case "file_exists": pfz_file_exists($argv[2]); + break; + case "cron_speedtest": + pfz_speedtest_cron_install(); + pfz_speedtest_cron(); + break; + case "cron_cleanup": + pfz_speedtest_cron_install(false); break; default: pfz_test(); From 2ed9d5791fb7d7486d66ec7e654b24848ed2f6c8 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Tue, 6 Jul 2021 23:32:43 +0200 Subject: [PATCH 018/162] typos --- pfsense_zbx.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index c7c321f..927acc6 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -1217,7 +1217,7 @@ switch (strtolower($argv[1])){ case "file_exists": pfz_file_exists($argv[2]); break; - case "cron_speedtest": + case "speedtest_cron": pfz_speedtest_cron_install(); pfz_speedtest_cron(); break; From 5a36f380fd6f0241c0b272ea9e5cd40242a34b9e Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Wed, 7 Jul 2021 09:54:57 +0200 Subject: [PATCH 019/162] Fixed Speedtest logic --- pfsense_zbx.php | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 927acc6..c4542aa 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -201,7 +201,7 @@ function pfz_speedtest_cron_install($enable=true){ } -function pfz_speedtest_exec ($ifname, $ipaddr, $is_cron=false){ +function pfz_speedtest_exec ($ifname, $ipaddr){ $filename = "/tmp/speedtest-$ifname"; $filerun = "/tmp/speedtest-run"; @@ -213,20 +213,17 @@ function pfz_speedtest_exec ($ifname, $ipaddr, $is_cron=false){ return $json_output; } - if ($is_cron) touch($filecron); - if ( $is_cron==false || file_exists($filecron)) { - if ( (time()-filemtime($filename) > SPEEDTEST_INTERVAL * 3600) || (file_exists($filename)==false) ) { - // file is older than SPEEDTEST_INTERVAL - if ( (time()-filemtime($filerun) > 180 ) ) @unlink($filerun); + if ( (time()-filemtime($filename) > SPEEDTEST_INTERVAL * 3600) || (file_exists($filename)==false) ) { + // file is older than SPEEDTEST_INTERVAL + if ( (time()-filemtime($filerun) > 180 ) ) @unlink($filerun); - if (file_exists($filename)==false) { - touch($filerun); - $st_command = "nohup /usr/local/bin/speedtest --source $ipaddr --json > $filename && rm $filerun &"; - exec ($st_command); - } + if (file_exists($filerun)==false) { + touch($filerun); + $st_command = "nohup /usr/local/bin/speedtest --source $ipaddr --json > $filename && rm $filerun &"; + exec ($st_command); } - } + } return false; } From f1d7ca8e5d7f59aceb2d658fcae3c1b0e0136380 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Wed, 7 Jul 2021 10:05:25 +0200 Subject: [PATCH 020/162] Fixed Speedtest Logic --- pfsense_zbx.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index c4542aa..1e40499 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -205,14 +205,7 @@ function pfz_speedtest_exec ($ifname, $ipaddr){ $filename = "/tmp/speedtest-$ifname"; $filerun = "/tmp/speedtest-run"; - $filecron = "/tmp/speedtest.cron"; - - if (file_exists($filename)) { - $json_output = json_decode(file_get_contents($filename), true); - if ($json_output==null) @unlink($filename); - return $json_output; - } - + $filecron = "/tmp/speedtest.cron"; if ( (time()-filemtime($filename) > SPEEDTEST_INTERVAL * 3600) || (file_exists($filename)==false) ) { // file is older than SPEEDTEST_INTERVAL From 5546a6c2b9246ec4923483cc325fccbd3ff9a69e Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Wed, 7 Jul 2021 10:20:09 +0200 Subject: [PATCH 021/162] Fixed Speedtest Logic --- pfsense_zbx.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 1e40499..af23d78 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -205,7 +205,6 @@ function pfz_speedtest_exec ($ifname, $ipaddr){ $filename = "/tmp/speedtest-$ifname"; $filerun = "/tmp/speedtest-run"; - $filecron = "/tmp/speedtest.cron"; if ( (time()-filemtime($filename) > SPEEDTEST_INTERVAL * 3600) || (file_exists($filename)==false) ) { // file is older than SPEEDTEST_INTERVAL @@ -213,12 +212,13 @@ function pfz_speedtest_exec ($ifname, $ipaddr){ if (file_exists($filerun)==false) { touch($filerun); - $st_command = "nohup /usr/local/bin/speedtest --source $ipaddr --json > $filename && rm $filerun &"; + $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filename"; exec ($st_command); + @unlik($filerun); } } - return false; + return true; } From 8e340822e190d707519ba83389805dc8da3b4635 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Wed, 7 Jul 2021 23:04:45 +0200 Subject: [PATCH 022/162] Fixed IPsec con_id --- README.md | 25 ++++++++++--------------- pfsense_zbx.php | 8 ++------ 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 86fe458..210c699 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,7 @@ Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0 **Template pfSense Active** - Network interface Discovery and Monitoring with User Assigned Names - - Scheduled Speedtest on WAN interfaces (via ookla speedtest) - - Gateway Discovery and Monitoring (Gateway Status/RTT) + - Gateway Discovery and Monitoring (Gateway Status/RTT) - OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status) - OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status) - CARP Monitoring (Global CARP State) @@ -41,17 +40,10 @@ Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0 First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts). -For example, from pfSense shell: +From **Diagnostics/Command Prompt** input this one-liner: ```bash -mkdir /root/scripts -curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php -``` - -or, from **Diagnostics/Command Prompt** input this one-liner: - -```bash -mkdir /root/scripts && curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php +curl --create-dirs -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php ``` Then install package "Zabbix Agent 4" on your pfSense Box @@ -89,7 +81,7 @@ This is useful when monitoring services which could stay stopped on CARP Backup ## Setup Speedtest -For running speedtests on WAN interfaces you have to install the speedtest package +For running speedtests on WAN interfaces you have to install the speedtest package. From **Diagnostics/Command Prompt** input this commands: @@ -107,14 +99,17 @@ curl -Lo /usr/local/lib/python3.7/site-packages/speedtest.py https://raw.githubu For testing if speedtest is installed properly you can try it: ```bash - /usr/local/bin/speedtest +/usr/local/bin/speedtest ``` Remember that you will need to install the package on *every* pfSense upgrade. -**For speedtest to work you may need to increase Timeout up to its maximum (30)** +Speedtest template creates a cron job and check for entry everytime Zabbix requests its items. If you want to uninstall the cron jobs simply run, from **Diagnostics/Command Prompt**: +```bash +/url/local/bin/php /root/scripts/pfsense_zbx.php cron_cleanup +``` ## Credits -[Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part. +[Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part. \ No newline at end of file diff --git a/pfsense_zbx.php b/pfsense_zbx.php index af23d78..561bfac 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -667,16 +667,12 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ $con_id = filter_var($l_ikeid, FILTER_SANITIZE_NUMBER_INT); } if ($ikesa['version'] == 1) { - $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); - //pfSense 2.5 with conn enumeration like conn100000 - if ( ($ph1idx===false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000')); + $ph1idx = $con_id/1000; $ipsecconnected[$ph1idx] = $ph1idx; } else { if (!ipsec_ikeid_used($con_id)) { // probably a v2 with split connection then - $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00')); - //pfSense 2.5 with conn enumeration like conn100000 - if ( ($ph1idx===false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000')); + $ph1idx = $con_id/1000; $ipsecconnected[$ph1idx] = $ph1idx; } else { $ipsecconnected[$con_id] = $ph1idx = $con_id; From bb50993763a27b49c7f8d6f3ee6e3e9ca8a1c0f7 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Thu, 8 Jul 2021 17:00:59 +0200 Subject: [PATCH 023/162] Fixed issue #78 --- pfsense_zbx.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 561bfac..c0a1bd4 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -214,7 +214,7 @@ function pfz_speedtest_exec ($ifname, $ipaddr){ touch($filerun); $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filename"; exec ($st_command); - @unlik($filerun); + @unlink($filerun); } } From 2e3873a265e9d1daa9f2e27798329d90b6de5ae3 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Thu, 8 Jul 2021 21:39:18 +0200 Subject: [PATCH 024/162] Fixed Issue #79 --- pfsense_zbx.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index c0a1bd4..070ec7f 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -196,8 +196,8 @@ function pfz_speedtest_cron(){ //installs a cron job for speedtests function pfz_speedtest_cron_install($enable=true){ //Install Cron Job - $command = "/usr/local/bin/php " . __FILE__ . " speedtest_cron"; - install_cron_job($command, $enable, $minute = "*/15", "*", "*", "*", "*", "root", false); + $command = "/usr/local/bin/php " . __FILE__ . " speedtest_cron"; + install_cron_job($command, $enable, $minute = "*/15", "*", "*", "*", "*", "root", true); } From 8f15f006f4e31fc96e408036f5a7bfae475a930d Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Thu, 8 Jul 2021 21:54:33 +0200 Subject: [PATCH 025/162] Trying to fix Issue #76 --- pfsense_zbx.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 070ec7f..3790dd0 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -668,11 +668,13 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ } if ($ikesa['version'] == 1) { $ph1idx = $con_id/1000; + if ($ph1idx>100) $ph1idx = $ph1idx/100; $ipsecconnected[$ph1idx] = $ph1idx; } else { if (!ipsec_ikeid_used($con_id)) { // probably a v2 with split connection then $ph1idx = $con_id/1000; + if ($ph1idx>100) $ph1idx = $ph1idx/100; $ipsecconnected[$ph1idx] = $ph1idx; } else { $ipsecconnected[$con_id] = $ph1idx = $con_id; From 7c28500ad928d13c92f55a69fe9cf27696ca2627 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 12 Jul 2021 12:34:56 +0200 Subject: [PATCH 026/162] Speedtest: created temp file prior to write actual result file. --- pfsense_zbx.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 3790dd0..98228d2 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -204,6 +204,7 @@ function pfz_speedtest_cron_install($enable=true){ function pfz_speedtest_exec ($ifname, $ipaddr){ $filename = "/tmp/speedtest-$ifname"; + $filetemp = "$filename.tmp"; $filerun = "/tmp/speedtest-run"; if ( (time()-filemtime($filename) > SPEEDTEST_INTERVAL * 3600) || (file_exists($filename)==false) ) { @@ -214,6 +215,7 @@ function pfz_speedtest_exec ($ifname, $ipaddr){ touch($filerun); $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filename"; exec ($st_command); + rename($filetemp,$filename); @unlink($filerun); } } From 06bf4d7d6383c0546622abaecfdc11e315ac9678 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 12 Jul 2021 12:39:06 +0200 Subject: [PATCH 027/162] Exported Templates from Zabbix 5.0 - Issue #80 --- template_pfsense_active.xml | 5011 ++----------------------- template_pfsense_active_ipsec.xml | 608 +-- template_pfsense_active_ovpn_user.xml | 499 +-- template_pfsense_active_speedtest.xml | 237 +- 4 files changed, 457 insertions(+), 5898 deletions(-) diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index 7b8638a..3568b05 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -1,7 +1,7 @@ - 4.0 - 2021-07-04T19:16:51Z + 5.0 + 2021-07-12T10:35:24Z Templates/Network Devices @@ -64,211 +64,65 @@ https://github.com/rbicelli/pfsense-zabbix-template Maximum number of opened files - 7 - - + ZABBIX_ACTIVE kernel.maxfiles 3600 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - It could be increased by using sysctrl utility or modifying file /etc/sysctl.conf. - 0 OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last(0)}<1024 + Configured max number of opened files is too low on {HOST.NAME} + INFO + + Maximum number of processes - 7 - - + ZABBIX_ACTIVE kernel.maxproc 3600 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - It could be increased by using sysctrl utility or modifying file /etc/sysctl.conf. - 0 OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last(0)}<256 + Configured max number of processes is too low on {HOST.NAME} + INFO + + Used memory (calc) - 15 - - + CALCULATED kt.mem.used 60 28d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - last(vm.memory.size[total]) - last(vm.memory.size[available]) - - 0 - - - - - - - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Expected CARP Status - 15 - - + CALCULATED pfsense.expected_carp_status 30s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - {$EXPECTED_CARP_STATUS} - - 0 - - - - - Expected CARP Status - 0 HA @@ -277,472 +131,127 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense CARP Status - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - MBUF Cache - 7 - - + ZABBIX_ACTIVE pfsense.mbuf.cache 60 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network Limits - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - MBUF Current - 7 - - + ZABBIX_ACTIVE pfsense.mbuf.current 60 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network Limits - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - MBUF Max - 7 - - + ZABBIX_ACTIVE pfsense.mbuf.max 600 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network Limits - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - MBUF Total Used (percent) - 15 - - + CALCULATED pfsense.mbuf.ptotal 60 28d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - ((last(pfsense.mbuf.current) + last(pfsense.mbuf.cache)) * 100) / last(pfsense.mbuf.max) - - 0 - - - - - - - 0 Network Limits - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last()}>80 + MBUF used at 80% + WARNING + + + {last()}>90 + MBUF used at 90% + HIGH + + States Table Current - 7 - - + ZABBIX_ACTIVE pfsense.states.current 60 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network Limits - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - States Table Max - 7 - - + ZABBIX_ACTIVE pfsense.states.max 600 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network Limits - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - States Table Current (percent) - 15 - - + CALCULATED pfsense.states.pused 60 28d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - (last(pfsense.states.current) * 100) / last(pfsense.states.max) - - 0 - - - - - - - 0 Network Limits - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last()}>80 + State Table used at 80% + WARNING + + + {last()}>90 + State Table used at 90% + HIGH + + CARP Status - 7 - - + ZABBIX_ACTIVE pfsense.value[carp_status] 30s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - pfSense CARP Status - 0 HA @@ -751,236 +260,77 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense CARP Status - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last()}>2 + CARP Problems on {HOST.NAME} + HIGH + CARP Problems + + + {last()}>2 + DHCP Failover Problems on {HOST.NAME} + https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html + HIGH + One or more DHCP Pools are experiencing failover problems. This could potentially cause other problems in yourr network. + + DHCP Failover Pool Problems - 7 - - + ZABBIX_ACTIVE pfsense.value[dhcp,failover] 120s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - This value indicates, in a HA scenario, if DHCP failover pool partners are out of sync. - 0 HA - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Gateway Status Raw - 7 - - + ZABBIX_ACTIVE pfsense.value[gw_status] 60s - 90d 0 - 0 - 4 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + TEXT Gateway Status Raw - 0 Gateways - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {diff()}>0 + RECOVERY_EXPRESSION + {diff()}=0 + pfSense Gateway Status Changed on {HOST.NAME} + AVERAGE + Gateway Status Change, for use with an acion Script (e.g. update DNS record) + YES + + pfSense Installed Version - 7 - - + ZABBIX_ACTIVE pfsense.value[system,installed_version] 1d - 90d 0 - 0 - 4 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 + TEXT System - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - New Version of pfSense Available - 7 - - + ZABBIX_ACTIVE pfsense.value[system,new_version_available] 1d - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 System @@ -989,2366 +339,663 @@ https://github.com/rbicelli/pfsense-zabbix-template Generic YesNo - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last()}=1 + New Version of pfSense Available on {HOST.NAME} + INFO + A new version of pfSense is available for update. + YES + + Packages Needing Update - 7 - - + ZABBIX_ACTIVE pfsense.value[system,packages_update] 1d - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - Number of packages needing update. - 0 System - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last()}>0 + Packages Update Available on {HOST.NAME} + INFO + New version of packages are available + + pfSense Available Version - 7 - - + ZABBIX_ACTIVE pfsense.value[system,version] 1d - 90d 0 - 0 - 4 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 + TEXT System - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Number of running processes - 7 - - + ZABBIX_ACTIVE proc.num[,,run] 60 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - Number of processes in running state. - 0 Processes - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {avg(5m)}>30 + Too many processes running on {HOST.NAME} + WARNING + + Number of processes - 7 - - + ZABBIX_ACTIVE proc.num[] 60 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - Total number of processes in any state. - 0 Processes - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {avg(5m)}>300 + Too many processes on {HOST.NAME} + WARNING + + Host boot time - 7 - - + ZABBIX_ACTIVE system.boottime 600 27d - 365d - 0 - 3 - unixtime - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Interrupts per second - 7 - - + ZABBIX_ACTIVE system.cpu.intr 60 27d - 365d - 0 - 3 - ips - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 CPU - - - 10 + CHANGE_PER_SECOND - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Processor load (1min/core) - 7 - - + ZABBIX_ACTIVE system.cpu.load[percpu,avg1] 60 27d - 365d - 0 - 0 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + FLOAT The processor load is calculated as system CPU load divided by number of CPU cores. - 0 CPU - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {avg(5m)}>5 + Processor load is too high on {HOST.NAME} + WARNING + + Processor load (5min/core) - 7 - - + ZABBIX_ACTIVE system.cpu.load[percpu,avg5] 60 27d - 365d - 0 - 0 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + FLOAT The processor load is calculated as system CPU load divided by number of CPU cores. - 0 CPU - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Processor load (15min/core) - 7 - - + ZABBIX_ACTIVE system.cpu.load[percpu,avg15] 60 27d - 365d - 0 - 0 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + FLOAT The processor load is calculated as system CPU load divided by number of CPU cores. - 0 CPU - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Context switches per second - 7 - - + ZABBIX_ACTIVE system.cpu.switches 60 27d - 365d - 0 - 3 - sps - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 CPU - - - 10 + CHANGE_PER_SECOND - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - CPU $2 time - 7 - - + ZABBIX_ACTIVE system.cpu.util[,idle] 60 27d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - The time the CPU has spent doing nothing. - 0 CPU - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - CPU $2 time - 7 - - + ZABBIX_ACTIVE system.cpu.util[,interrupt] 60 27d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - The amount of time the CPU has been servicing hardware interrupts. - 0 CPU - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - CPU $2 time - 7 - - + ZABBIX_ACTIVE system.cpu.util[,nice] 60 27d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - The time the CPU has spent running users' processes that have been niced. - 0 CPU - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - CPU $2 time - 7 - - + ZABBIX_ACTIVE system.cpu.util[,system] 60 27d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - The time the CPU has spent running the kernel and its processes. - 0 CPU - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - CPU $2 time - 7 - - + ZABBIX_ACTIVE system.cpu.util[,user] 60 27d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - The time the CPU has spent running users' processes that are not niced. - 0 CPU - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Host name - 7 - - + ZABBIX_ACTIVE system.hostname 3600 27d 0 - 0 - 1 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + CHAR System host name. - 3 + NAME OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {diff(0)}>0 + Hostname was changed on {HOST.NAME} + INFO + + Host local time - 7 - - + ZABBIX_ACTIVE system.localtime 60 27d - 365d - 0 - 3 - unixtime - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Free swap space - 7 - - + ZABBIX_ACTIVE system.swap.size[,free] 60 27d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Free swap space in % - 7 - - + ZABBIX_ACTIVE system.swap.size[,pfree] 60 27d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last(0)}<50 + Lack of free swap space on {HOST.NAME} + WARNING + It probably means that the systems requires more physical memory. + + Total swap space - 7 - - + ZABBIX_ACTIVE system.swap.size[,total] 3600 27d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Used swap space - 7 - - + ZABBIX_ACTIVE system.swap.size[,used] 60 27d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - System information - 7 - - + ZABBIX_ACTIVE system.uname 3600 27d 0 - 0 - 1 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + CHAR The information as normally returned by 'uname -a'. - 5 + OS OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {diff(0)}>0 + Host information was changed on {HOST.NAME} + INFO + + System uptime - 7 - - + ZABBIX_ACTIVE system.uptime 600 27d - 365d - 0 - 3 - uptime - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {change(0)}<0 + {HOST.NAME} has just been restarted + INFO + + Number of logged in users - 7 - - + ZABBIX_ACTIVE system.users.num 60 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - Number of users who are currently logged in. - 0 OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Checksum of $1 - 7 - - + ZABBIX_ACTIVE vfs.file.cksum[/etc/passwd] 3600 27d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OS - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {diff(0)}>0 + /etc/passwd has been changed on {HOST.NAME} + WARNING + + Active memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[active] 60 28d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - Memory used by processes - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Available memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[available] 60 27d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - Available memory is defined as free+cached+buffers memory. - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - + + + {last(0)}<20M + Lack of available memory on server {HOST.NAME} + AVERAGE + + Buffered memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[buffers] 60 28d - 365d - 1 - 3 - + DISABLED B - - - 0 - 0 - - 0 - - - - 0 - - - - - Cache d'entrées des IO disque. (Item désactivé car buggé) - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Cached memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[cached] 60 28d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - amount of memory used to cache data - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Free memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[free] 60 28d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - amount of memory completely free and ready to be used directly. - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Inactive memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[inactive] 60 28d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - amount of memory that contains data that is no longer used (can be directly freed if needed) - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Available memory (percent) - 7 - - + ZABBIX_ACTIVE vm.memory.size[pavailable] 60 28d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - Available memory is defined as free+cached+buffers memory. - 0 Memory - - - 1 + MULTIPLIER 1 - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Shared memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[shared] 60 28d - 365d - 1 - 3 - + DISABLED B - - - 0 - 0 - - 0 - - - - 0 - - - - - quantité de mémoire partagée entre plusieurs processus (Item désactivé car non utilisé) - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Total memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[total] 3600 27d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - quantité de mémoire totale - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Used memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[used] 60 28d - 365d - 1 - 3 - + DISABLED B - - - 0 - 0 - - 0 - - - - 0 - - - - - Item désactivé car non utilisé - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Wired memory - 7 - - + ZABBIX_ACTIVE vm.memory.size[wired] 60 28d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - amount of memory used by the kernel, can neither be unloaded in swap, nor compressed. - 0 Memory - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - Gateways Discovery - 7 - - + ZABBIX_ACTIVE pfsense.discovery[gw] 300s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 - - - - 30d Gateway Discovery Gateway $2 RTT - 7 - - + ZABBIX_ACTIVE pfsense.value[gw_value,{#GATEWAY},delay] 60s - 90d - 365d - 0 - 0 - + FLOAT ms - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Gateways - - - 2 + RTRIM ms - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Gateway $2 Packet Loss - 7 - - + ZABBIX_ACTIVE pfsense.value[gw_value,{#GATEWAY},loss] 60s - 90d - 365d - 0 - 3 - % - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Gateways - - - 2 + RTRIM % - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Gateway $2 Status - 7 - - + ZABBIX_ACTIVE pfsense.value[gw_value,{#GATEWAY},status] 60s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - Status of Gateway - 0 Gateways @@ -3357,204 +1004,66 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense Gateway Status - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - + + + {last()}=5 + Gateway {#GATEWAY} is down + DISASTER + Gateway is Down + + + {last()}=4 + Gateway {#GATEWAY} is forced down + INFO + Gateway is forced down by system administrator + + + {last()}=2 + High Delay on gateway {#GATEWAY} + WARNING + Gateway is lagging + + + {last()}=3 + High packet Loss on {#GATEWAY} + HIGH + High Packet Loss on Gateway + + + {last()}=1 + Packet Loss on {#GATEWAY} + WARNING + Packet loss on Gateway + + Gateway $2 RTT Std Deviation - 7 - - + ZABBIX_ACTIVE pfsense.value[gw_value,{#GATEWAY},stddev] 60s - 90d - 365d - 0 - 0 - + FLOAT ms - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Gateways - - - 2 + RTRIM ms - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=5 - 0 - - Gateway {#GATEWAY} is down - 0 - - - 0 - 5 - Gateway is Down - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=4 - 0 - - Gateway {#GATEWAY} is forced down - 0 - - - 0 - 1 - Gateway is forced down by system administrator - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=2 - 0 - - High Delay on gateway {#GATEWAY} - 0 - - - 0 - 2 - Gateway is lagging - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=3 - 0 - - High packet Loss on {#GATEWAY} - 0 - - - 0 - 4 - High Packet Loss on Gateway - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=1 - 0 - - Packet Loss on {#GATEWAY} - 0 - - - 0 - 2 - Packet loss on Gateway - 0 - 0 - - - - Gateway {#GATEWAY} Availability - 900 - 200 - 0.0000 - 100.0000 - 1 - 1 - 0 - 1 - 0 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 - 0 - 0 199C0D - 0 - 7 - 0 + ALL Template pfSense Active pfsense.value[gw_value,{#GATEWAY},delay] @@ -3562,11 +1071,8 @@ https://github.com/rbicelli/pfsense-zabbix-template 1 - 0 FF5722 - 0 - 7 - 0 + ALL Template pfSense Active pfsense.value[gw_value,{#GATEWAY},loss] @@ -3576,29 +1082,13 @@ https://github.com/rbicelli/pfsense-zabbix-template Gateway {#GATEWAY} Status - 900 - 200 - 0.0000 - 5.0000 - 1 - 1 - 0 - 1 - 0 - 0.0000 - 0.0000 - 1 - 1 - 0 - 0 + 5 + FIXED + FIXED - 0 - 0 199C0D - 0 - 7 - 0 + ALL Template pfSense Active pfsense.value[gw_value,{#GATEWAY},status] @@ -3607,58 +1097,17 @@ https://github.com/rbicelli/pfsense-zabbix-template - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 Network interface discovery - 7 - - + ZABBIX_ACTIVE pfsense.discovery[interfaces] 3600s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - 0 - {#IFNAME} @Network interfaces for discovery - 8 A @@ -3668,300 +1117,85 @@ https://github.com/rbicelli/pfsense-zabbix-template Incoming Errors on {#IFDESCR} - 7 - - + ZABBIX_ACTIVE net.if.in[{#IFNAME},errors] 60 7d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network interfaces - - - - - 10 - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Incoming network traffic on {#IFDESCR} - 7 - - + ZABBIX_ACTIVE net.if.in[{#IFNAME}] 60 7d - 365d - 0 - 3 - bps - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network interfaces - - - 10 + CHANGE_PER_SECOND - 1 + MULTIPLIER 8 - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Outgoing errors on {#IFDESCR} - 7 - - + ZABBIX_ACTIVE net.if.out[{#IFNAME},errors] 60 7d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network interfaces - - - - - 10 - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Outgoing network traffic on {#IFDESCR} - 7 - - + ZABBIX_ACTIVE net.if.out[{#IFNAME}] 60 7d - 365d - 0 - 3 - bps - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Network interfaces - - - 10 + CHANGE_PER_SECOND - 1 + MULTIPLIER 8 - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - Network traffic on {#IFDESCR} - 900 - 200 - 0.0000 - 100.0000 - 1 - 0 - 0 - 0 - 0 - 0.0000 - 0.0000 - 1 - 0 - 0 - 0 + NO + NO + FIXED - 0 - 5 + GRADIENT_LINE 29E900 - 0 - 2 - 0 Template pfSense Active net.if.in[{#IFNAME}] @@ -3969,11 +1203,8 @@ https://github.com/rbicelli/pfsense-zabbix-template 1 - 5 + GRADIENT_LINE FD0000 - 0 - 2 - 0 Template pfSense Active net.if.out[{#IFNAME}] @@ -3982,88 +1213,19 @@ https://github.com/rbicelli/pfsense-zabbix-template - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 OpenVPN Client Discovery - 7 - - + ZABBIX_ACTIVE pfsense.discovery[openvpn_client] 300s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 - - - - 30d OpenVPN Client Discovery OpenVPN Client {#NAME} Tunnel Status - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_clientvalue,{#CLIENT},status] 60s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OpenVPN Client @@ -4072,192 +1234,39 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense OpenVPN Interface Status - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - + + + {last()}=0 + OpenVPN Client {#NAME} Tunnel is Down + HIGH + OpenVPN Tunnel Down + + - - - {Template pfSense Active:pfsense.value[openvpn_clientvalue,{#CLIENT},status].last()}=0 - 0 - - OpenVPN Client {#NAME} Tunnel is Down - 0 - - - 0 - 4 - OpenVPN Tunnel Down - 0 - 0 - - - - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 OpenVPN Server Discovery - 7 - - + ZABBIX_ACTIVE pfsense.discovery[openvpn_server] 300s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 - - - - 30d - OpenVPN Server {#NAME} Clients Connected - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_servervalue,{#SERVER},conns] 60s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OpenVPN Server - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#NAME} Mode - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_servervalue,{#SERVER},mode] 300s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OpenVPN Server @@ -4266,120 +1275,23 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense OpenVPN Mode - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#NAME} Port - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_servervalue,{#SERVER},port] 300s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OpenVPN Server - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#NAME} Tunnel Status - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_servervalue,{#SERVER},status] 60s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 OpenVPN Server @@ -4388,139 +1300,37 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense OpenVPN Interface Status - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - {Template pfSense Active:pfsense.expected_carp_status.last()}<>2 and {Template pfSense Active:pfsense.value[openvpn_servervalue,{#SERVER},status].last()}=0 - 0 - OpenVPN Server {#NAME} is Down - 0 - - - 0 - 4 + HIGH OpenVPN Tunnel is Down - 0 - 0 - - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 Services Discovery - 7 - - + ZABBIX_ACTIVE pfsense.discovery[services] 300s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - 0 - {#SERVICE} @pfSense service names for discovery - 8 A - 30d - Service {#DESCRIPTION} enabled on CARP Slave - 7 - - + ZABBIX_ACTIVE pfsense.value[service_value,{#SERVICE},run_on_carp_slave] 600s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Services @@ -4529,60 +1339,12 @@ https://github.com/rbicelli/pfsense-zabbix-template Generic YesNo - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Service {#DESCRIPTION} Status - 7 - - + ZABBIX_ACTIVE pfsense.value[service_value,{#SERVICE},status] 60s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Services @@ -4591,29 +1353,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Service state - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - @@ -4631,74 +1370,22 @@ or ({Template pfSense Active:pfsense.value[carp_status].last()}=0) ) - 0 - Service {#DESCRIPTION} is not running - 0 - - - 0 - 4 + HIGH Service is not running - 0 - 0 - - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 Mounted filesystem discovery - 7 - - + ZABBIX_ACTIVE vfs.fs.discovery 3600 - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - 0 - {#FSTYPE} @File systems for discovery - 8 A @@ -4708,365 +1395,100 @@ or Free inodes on $1 (percentage) - 7 - - + ZABBIX_ACTIVE vfs.fs.inode[{#FSNAME},pfree] 60 7d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Filesystems - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - + + + {last(0)}<20 + Free inodes is less than 20% on volume {#FSNAME} + WARNING + + Free disk space on $1 - 7 - - + ZABBIX_ACTIVE vfs.fs.size[{#FSNAME},free] 60 7d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Filesystems - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Free disk space on $1 (percentage) - 7 - - + ZABBIX_ACTIVE vfs.fs.size[{#FSNAME},pfree] 60 7d - 365d - 0 - 0 - + FLOAT % - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Filesystems - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - + + + {last(0)}<20 + Free disk space is less than 20% on volume {#FSNAME} + WARNING + + Total disk space on $1 - 7 - - + ZABBIX_ACTIVE vfs.fs.size[{#FSNAME},total] 3600 7d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Filesystems - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Used disk space on $1 - 7 - - + ZABBIX_ACTIVE vfs.fs.size[{#FSNAME},used] 60 7d - 365d - 0 - 3 - B - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 Filesystems - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - - - {Template pfSense Active:vfs.fs.size[{#FSNAME},pfree].last(0)}<20 - 0 - - Free disk space is less than 20% on volume {#FSNAME} - 0 - - - 0 - 2 - - 0 - 0 - - - - - {Template pfSense Active:vfs.fs.inode[{#FSNAME},pfree].last(0)}<20 - 0 - - Free inodes is less than 20% on volume {#FSNAME} - 0 - - - 0 - 2 - - 0 - 0 - - - - Disk space usage {#FSNAME} 600 340 - 0.0000 - 0.0000 - 0 - 0 - 2 - 1 - 1 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 + 0 + NO + NO + PIE + YES - 0 - 0 CC0000 - 0 - 2 - 2 + GRAPH_SUM Template pfSense Active vfs.fs.size[{#FSNAME},total] @@ -5074,11 +1496,7 @@ or 1 - 0 5B5B5B - 0 - 2 - 0 Template pfSense Active vfs.fs.size[{#FSNAME},free] @@ -5086,11 +1504,7 @@ or 2 - 0 AEEE00 - 0 - 2 - 0 Template pfSense Active vfs.fs.size[{#FSNAME},used] @@ -5099,28 +1513,8 @@ or - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 - {$CARP_SERVICES_STOPPED} @@ -5139,7 +1533,6 @@ or 0 - System performance @@ -5148,6 +1541,11 @@ or 0 + + + Active Connections (pie) + Template pfSense Active + 450 250 0 @@ -5157,19 +1555,19 @@ or 0 1 0 - - 0 0 - - Active Connections (pie) - Template pfSense Active - - 3 + + 3 0 + + + Network Memory Buffer (pie) + Template pfSense Active + 450 250 1 @@ -5179,19 +1577,19 @@ or 0 1 0 - - 0 0 - - Network Memory Buffer (pie) - Template pfSense Active - - 3 + + 3 0 + + + CPU load + Template pfSense Active + 450 100 0 @@ -5201,19 +1599,19 @@ or 0 1 0 - - 0 0 - - CPU load - Template pfSense Active - - 3 + + 3 0 + + + Memory Usage simple (pie) + Template pfSense Active + 450 250 1 @@ -5223,16 +1621,11 @@ or 0 1 0 - - 0 0 - - Memory Usage simple (pie) - Template pfSense Active - - 3 + + 3 @@ -5240,388 +1633,33 @@ or - - {Template pfSense Active:vfs.file.cksum[/etc/passwd].diff(0)}>0 - 0 - - /etc/passwd has been changed on {HOST.NAME} - 0 - - - 0 - 2 - - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[carp_status].last()}>2 - 0 - - CARP Problems on {HOST.NAME} - 0 - - - 0 - 4 - CARP Problems - 0 - 0 - - - {Template pfSense Active:pfsense.expected_carp_status.last()}<>0 and {Template pfSense Active:pfsense.value[carp_status].last()}<>{$EXPECTED_CARP_STATUS} - 0 - CARP Status not Expected on {HOST.NAME} - 0 - - - 0 - 4 + HIGH pfSense CARP is not in the state Expected. This means that a failover could be in process. - 0 - 0 - - - - - {Template pfSense Active:kernel.maxfiles.last(0)}<1024 - 0 - - Configured max number of opened files is too low on {HOST.NAME} - 0 - - - 0 - 1 - - 0 - 0 - - - - - {Template pfSense Active:kernel.maxproc.last(0)}<256 - 0 - - Configured max number of processes is too low on {HOST.NAME} - 0 - - - 0 - 1 - - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[carp_status].last()}>2 - 0 - - DHCP Failover Problems on {HOST.NAME} - 0 - - https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html - 0 - 4 - One or more DHCP Pools are experiencing failover problems. This could potentially cause other problems in yourr network. - 0 - 0 - - - - - {Template pfSense Active:system.uname.diff(0)}>0 - 0 - - Host information was changed on {HOST.NAME} - 0 - - - 0 - 1 - - 0 - 0 - - - - - {Template pfSense Active:system.hostname.diff(0)}>0 - 0 - - Hostname was changed on {HOST.NAME} - 0 - - - 0 - 1 - - 0 - 0 - - - - - {Template pfSense Active:vm.memory.size[available].last(0)}<20M - 0 - - Lack of available memory on server {HOST.NAME} - 0 - - - 0 - 3 - - 0 - 0 - - - - - {Template pfSense Active:system.swap.size[,pfree].last(0)}<50 - 0 - - Lack of free swap space on {HOST.NAME} - 0 - - - 0 - 2 - It probably means that the systems requires more physical memory. - 0 - 0 - - - - - {Template pfSense Active:pfsense.mbuf.ptotal.last()}>80 - 0 - - MBUF used at 80% - 0 - - - 0 - 2 - - 0 - 0 - - - - - {Template pfSense Active:pfsense.mbuf.ptotal.last()}>90 - 0 - - MBUF used at 90% - 0 - - - 0 - 4 - - 0 - 0 - - ({Template pfSense Active:pfsense.value[system,version].last()}<>{Template pfSense Active:pfsense.value[system,installed_version].last()})=1 - 0 - New Version Available on {HOST.NAME} - 0 - - - 0 - 1 + INFO Noify of new version of pfsense available - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[system,new_version_available].last()}=1 - 0 - - New Version of pfSense Available on {HOST.NAME} - 0 - - - 0 - 1 - A new version of pfSense is available for update. - 0 - 1 - - - - - {Template pfSense Active:pfsense.value[system,packages_update].last()}>0 - 0 - - Packages Update Available on {HOST.NAME} - 0 - - - 0 - 1 - New version of packages are available - 0 - 0 - - - - - {Template pfSense Active:pfsense.value[gw_status].diff()}>0 - 1 - {Template pfSense Active:pfsense.value[gw_status].diff()}=0 - pfSense Gateway Status Changed on {HOST.NAME} - 0 - - - 0 - 3 - Gateway Status Change, for use with an acion Script (e.g. update DNS record) - 0 - 1 - - - - - {Template pfSense Active:system.cpu.load[percpu,avg1].avg(5m)}>5 - 0 - - Processor load is too high on {HOST.NAME} - 0 - - - 0 - 2 - - 0 - 0 - - - - - {Template pfSense Active:pfsense.states.pused.last()}>80 - 0 - - State Table used at 80% - 0 - - - 0 - 2 - - 0 - 0 - - - - - {Template pfSense Active:pfsense.states.pused.last()}>90 - 0 - - State Table used at 90% - 0 - - - 0 - 4 - - 0 - 0 - - - - - {Template pfSense Active:proc.num[].avg(5m)}>300 - 0 - - Too many processes on {HOST.NAME} - 0 - - - 0 - 2 - - 0 - 0 - - - - - {Template pfSense Active:proc.num[,,run].avg(5m)}>30 - 0 - - Too many processes running on {HOST.NAME} - 0 - - - 0 - 2 - - 0 - 0 - - - - - {Template pfSense Active:system.uptime.change(0)}<0 - 0 - - {HOST.NAME} has just been restarted - 0 - - - 0 - 1 - - 0 - 0 - - Active Connections - 900 - 200 - 0.0000 - 100.0000 - 1 - 0 - 0 - 1 - 0 - 0.0000 - 0.0000 - 1 - 2 - 0 + NO + FIXED + ITEM Template pfSense Active pfsense.states.max - 0 - 5 + GRADIENT_LINE FF2C27 - 0 - 2 - 0 Template pfSense Active pfsense.states.current @@ -5633,27 +1671,14 @@ or Active Connections (pie) 600 340 - 0.0000 - 0.0000 - 0 - 0 - 2 - 1 - 0 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 + 0 + NO + NO + PIE - 0 - 0 5B5B5B - 0 - 2 - 2 + GRAPH_SUM Template pfSense Active pfsense.states.max @@ -5661,11 +1686,8 @@ or 1 - 5 + GRADIENT_LINE FF2C27 - 0 - 2 - 0 Template pfSense Active pfsense.states.current @@ -5675,29 +1697,10 @@ or CPU jumps - 900 - 200 - 0.0000 - 100.0000 - 1 - 1 - 0 - 1 - 0 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 - 0 - 5 + GRADIENT_LINE 009900 - 0 - 2 - 0 Template pfSense Active system.cpu.switches @@ -5705,11 +1708,8 @@ or 1 - 5 + GRADIENT_LINE 000099 - 0 - 2 - 0 Template pfSense Active system.cpu.intr @@ -5719,29 +1719,11 @@ or CPU load - 900 - 200 - 0.0000 - 100.0000 - 1 - 1 - 1 - 1 - 0 - 0.0000 - 0.0000 - 1 - 0 - 0 - 0 + STACKED + FIXED - 0 - 0 FFA619 - 0 - 2 - 0 Template pfSense Active system.cpu.load[percpu,avg1] @@ -5749,11 +1731,7 @@ or 1 - 0 E86E30 - 0 - 2 - 0 Template pfSense Active system.cpu.load[percpu,avg5] @@ -5761,11 +1739,7 @@ or 2 - 0 FF2F26 - 0 - 2 - 0 Template pfSense Active system.cpu.load[percpu,avg15] @@ -5775,29 +1749,13 @@ or CPU utilization (Line) - 900 - 200 - 0.0000 - 100.0000 - 1 - 0 - 0 - 1 - 0 - 0.0000 - 0.0000 - 1 - 1 - 0 - 0 + NO + FIXED + FIXED - 0 - 5 + GRADIENT_LINE FFE819 - 0 - 2 - 0 Template pfSense Active system.cpu.util[,interrupt] @@ -5805,11 +1763,8 @@ or 1 - 5 + GRADIENT_LINE E85D17 - 0 - 2 - 0 Template pfSense Active system.cpu.util[,nice] @@ -5817,11 +1772,8 @@ or 2 - 5 + GRADIENT_LINE DF26FF - 0 - 2 - 0 Template pfSense Active system.cpu.util[,system] @@ -5829,11 +1781,8 @@ or 3 - 5 + GRADIENT_LINE 1775E8 - 0 - 2 - 0 Template pfSense Active system.cpu.util[,user] @@ -5841,11 +1790,7 @@ or 4 - 0 03D933 - 0 - 2 - 0 Template pfSense Active system.cpu.util[,idle] @@ -5857,27 +1802,14 @@ or Memory Available details (pie) 600 340 - 0.0000 - 0.0000 - 0 - 0 - 2 - 1 - 0 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 + 0 + NO + NO + PIE - 0 - 0 003300 - 0 - 2 - 2 + GRAPH_SUM Template pfSense Active vm.memory.size[available] @@ -5885,11 +1817,7 @@ or 1 - 0 005500 - 0 - 2 - 0 Template pfSense Active vm.memory.size[free] @@ -5897,11 +1825,7 @@ or 2 - 0 007700 - 0 - 2 - 0 Template pfSense Active vm.memory.size[cached] @@ -5909,11 +1833,7 @@ or 3 - 0 009900 - 0 - 2 - 0 Template pfSense Active vm.memory.size[inactive] @@ -5923,32 +1843,17 @@ or Memory usage - 900 - 200 - 0.0000 - 100.0000 - 1 - 0 - 1 - 1 - 0 - 0.0000 - 0.0000 - 1 - 2 - 0 + NO + STACKED + FIXED + ITEM Template pfSense Active vm.memory.size[total] - 0 - 0 00EE00 - 0 - 2 - 0 Template pfSense Active vm.memory.size[wired] @@ -5956,11 +1861,7 @@ or 1 - 0 00CC00 - 0 - 2 - 0 Template pfSense Active vm.memory.size[active] @@ -5968,11 +1869,7 @@ or 2 - 0 007700 - 0 - 2 - 0 Template pfSense Active vm.memory.size[inactive] @@ -5980,11 +1877,7 @@ or 3 - 0 005500 - 0 - 2 - 0 Template pfSense Active vm.memory.size[cached] @@ -5992,11 +1885,7 @@ or 4 - 0 003300 - 0 - 2 - 0 Template pfSense Active vm.memory.size[free] @@ -6008,27 +1897,13 @@ or Memory Usage simple (pie) 600 340 - 0.0000 - 0.0000 - 0 - 0 - 2 - 1 - 0 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 + 0 + NO + NO + PIE - 0 - 0 003300 - 0 - 2 - 0 Template pfSense Active vm.memory.size[available] @@ -6036,11 +1911,7 @@ or 1 - 0 00DD00 - 0 - 2 - 0 Template pfSense Active kt.mem.used @@ -6050,32 +1921,17 @@ or Network Memory Buffer - 900 - 200 - 0.0000 - 100.0000 - 1 - 0 - 1 - 1 - 0 - 0.0000 - 0.0000 - 1 - 2 - 0 + NO + STACKED + FIXED + ITEM Template pfSense Active pfsense.mbuf.max - 0 - 0 B26E16 - 0 - 2 - 0 Template pfSense Active pfsense.mbuf.current @@ -6083,11 +1939,7 @@ or 1 - 0 FFCE8E - 0 - 2 - 0 Template pfSense Active pfsense.mbuf.cache @@ -6099,27 +1951,14 @@ or Network Memory Buffer (pie) 600 340 - 0.0000 - 0.0000 - 0 - 0 - 2 - 1 - 0 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 + 0 + NO + NO + PIE - 0 - 0 5B5B5B - 0 - 2 - 2 + GRAPH_SUM Template pfSense Active pfsense.mbuf.max @@ -6127,11 +1966,7 @@ or 1 - 0 FFCE8E - 0 - 2 - 0 Template pfSense Active pfsense.mbuf.cache @@ -6139,11 +1974,7 @@ or 2 - 0 B26E16 - 0 - 2 - 0 Template pfSense Active pfsense.mbuf.current @@ -6155,27 +1986,15 @@ or Swap usage 600 340 - 0.0000 - 0.0000 - 0 - 0 - 2 - 1 - 1 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 + 0 + NO + NO + PIE + YES - 0 - 0 5B5B5B - 0 - 2 - 2 + GRAPH_SUM Template pfSense Active system.swap.size[,total] @@ -6183,11 +2002,7 @@ or 1 - 0 FFFF33 - 0 - 2 - 0 Template pfSense Active system.swap.size[,used] diff --git a/template_pfsense_active_ipsec.xml b/template_pfsense_active_ipsec.xml index 8ebeafe..094d9da 100644 --- a/template_pfsense_active_ipsec.xml +++ b/template_pfsense_active_ipsec.xml @@ -1,7 +1,7 @@ - 4.0 - 2021-01-18T21:30:16Z + 5.0 + 2021-07-12T10:36:28Z Templates/Network Devices @@ -28,70 +28,20 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec - IPsec Phase 1 Discovery - 7 - - + ZABBIX_ACTIVE pfsense.discovery[ipsec_ph1] 1200s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 - - - - 30d Discovery of IPsec Phase 1 IPsec Tunnel {#IKEID} {#NAME} Tunnel Enabled - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},disabled] 120s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Phase 1 Tunnel Mode - 0 IPsec @@ -100,60 +50,13 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense IPsec Enabled - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - IPsec Tunnel {#IKEID} {#NAME} IKE Type - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},iketype] 600s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Phase 1 IKE Type - 0 IPsec @@ -162,60 +65,13 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense IPsec IKE Type - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - IPsec Tunnel {#IKEID} {#NAME} Tunnel Mode - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},mode] 600s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Phase 1 Tunnel Mode - 0 IPsec @@ -224,60 +80,13 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense IPsec Tunnel Mode - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - IPsec Tunnel {#IKEID} {#NAME} Protocol - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},protocol] 600s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Phase 1 Protocol - 0 IPsec @@ -286,120 +95,27 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense IPsec Protocol - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - IPsec Tunnel {#IKEID} {#NAME} Remote Gateway - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},remote-gateway] 600s - 90d 0 - 0 - 4 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + TEXT IPsec Phase 1 Remote Gateway - 0 IPsec - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - IPsec Tunnel {#IKEID} {#NAME} Phase 1 Status - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},status] 60s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Phase 1 Tunnel Mode - 0 IPsec @@ -408,132 +124,30 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense IPsec Phase 1 Status - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - {Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},disabled].last()}=0 and {Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},status].last()}<>1 and {Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},status].last()}<10 - 0 - IPsec Tunnel {#IKEID} ({#NAME}) Not Connected - 0 - - - 0 - 4 + HIGH IPsec Phase 1 is not connected. - 0 - 0 - - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 IPsec Phase 2 Discovery - 7 - - + ZABBIX_ACTIVE pfsense.discovery[ipsec_ph2] 1200s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 - - - - 30d Discovery of IPsec Phase 2 IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Enabled - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph2,{#UNIQID},disabled] 120s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Tunnel Phase 2 Protocol - 0 IPsec @@ -542,180 +156,38 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense IPsec Enabled - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Life Time - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph2,{#UNIQID},lifetime] 600s - 90d - 365d - 0 - 3 - s - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Tunnel Phase 2 Life Time - 0 IPsec - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Mode - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph2,{#UNIQID},mode] 600s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Tunnel Phase 2 Mode - 0 IPsec - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Protocol - 7 - - + ZABBIX_ACTIVE pfsense.value[ipsec_ph2,{#UNIQID},protocol] 600s - 90d - 365d - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - IPsec Tunnel Phase 2 Protocol - 0 IPsec @@ -724,58 +196,10 @@ https://github.com/rbicelli/pfsense-zabbix-template pfSense IPsec Phase 2 Protocol - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 - - - - diff --git a/template_pfsense_active_ovpn_user.xml b/template_pfsense_active_ovpn_user.xml index 41106bf..cc07a0f 100644 --- a/template_pfsense_active_ovpn_user.xml +++ b/template_pfsense_active_ovpn_user.xml @@ -1,7 +1,7 @@ - 4.0 - 2021-01-18T15:02:06Z + 5.0 + 2021-07-12T10:37:03Z Templates/Network Devices @@ -28,608 +28,141 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server Clients - OpenVPN User Auth Connected Clients Discovery - 7 - - + ZABBIX_ACTIVE pfsense.discovery[openvpn_server_user] 60s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 - - - - 30d Discovery of clients connected to OpenVPN Server in User Auth Mode OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Received - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_recv] 60s - 90d 0 - 0 - 3 - bytes - - - 0 - 0 - - 0 - - - - 0 - - - - - Client Bytes Received - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Sent - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_sent] 60s - 90d 0 - 0 - 3 - bytes - - - 0 - 0 - - 0 - - - - 0 - - - - - Client Bytes Sent - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#SERVERNAME}, Client {#USERID}: Connection Time - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},connect_time_unix] 60s - 90d 0 - 0 - 3 - unixtime - - - 0 - 0 - - 0 - - - - 0 - - - - - Client Connect Time - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#SERVERNAME}, Client {#USERID}: Remote Host - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},remote_host] 60s - 90d 0 - 0 - 4 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + TEXT Remote Host - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#SERVERNAME}, Client {#USERID}: User Name - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},user_name] 60s - 90d 0 - 0 - 4 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + TEXT Client User Name - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address (IPv6) - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr6] 60s - 90d 0 - 0 - 4 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + TEXT IPv6 Address assigned from OpenVPN Server - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr] 60s - 90d 0 - 0 - 4 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - + TEXT IP Address assigned from OpenVPN Server - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#SERVERNAME}, Client {#USERID}: Client ID - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},client_id] 60s - 90d 0 - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - Client ID - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - OpenVPN Server {#SERVERNAME}, Client {#USERID}: Peer ID - 7 - - + ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},peer_id] 60s - 90d 0 - 0 - 3 - - - - - 0 - 0 - - 0 - - - - 0 - - - - - Peer ID - 0 OpenVPN Server Clients - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 - - - - diff --git a/template_pfsense_active_speedtest.xml b/template_pfsense_active_speedtest.xml index 41335bd..45fb366 100644 --- a/template_pfsense_active_speedtest.xml +++ b/template_pfsense_active_speedtest.xml @@ -1,7 +1,7 @@ - 4.0 - 2021-07-05T15:51:20Z + 5.0 + 2021-07-12T10:37:45Z Templates/Network Devices @@ -28,248 +28,64 @@ https://github.com/rbicelli/pfsense-zabbix-template Network interfaces - WAN Interfaces - 7 - - + ZABBIX_ACTIVE pfsense.discovery[wan] 300s - 0 - - - - 0 - 0 - - 0 - - - - 0 - - - - - - - 0 - - - - 30d Discover WAN Interfaces Speedtest Download on {#IFDESCR} - 7 - - + ZABBIX_ACTIVE pfsense.value[if_speedtest_value,{#IFNAME},download] 3600s - 90d - 365d - 0 - 0 - + FLOAT bps - - - 0 - 0 - - 0 - - - - 0 - - - - - Download speed determined by Ookla Speedtest package - 0 Network interfaces - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Speedtest Ping on {#IFDESCR} - 7 - - + ZABBIX_ACTIVE pfsense.value[if_speedtest_value,{#IFNAME},ping] 3600s - 90d - 365d - 0 - 0 - + FLOAT ms - - - 0 - 0 - - 0 - - - - 0 - - - - - Ping determined by Ookla Speedtest package - 0 Network interfaces - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - Speedtest Upload on {#IFDESCR} - 7 - - + ZABBIX_ACTIVE pfsense.value[if_speedtest_value,{#IFNAME},upload] 3600s - 90d - 365d - 0 - 0 - + FLOAT bps - - - 0 - 0 - - 0 - - - - 0 - - - - - Ping determined by Ookla Speedtest package - 0 Network interfaces - - - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - 0 - - - - 0 - 0 - - - Speedtest metrics on {#IFDESCR} - 900 - 200 - 0.0000 - 100.0000 - 1 - 1 - 0 - 1 - 0 - 0.0000 - 0.0000 - 0 - 0 - 0 - 0 - 0 - 0 199C0D - 0 - 7 - 0 + ALL pfSense Active Speedtest pfsense.value[if_speedtest_value,{#IFNAME},download] @@ -277,11 +93,8 @@ https://github.com/rbicelli/pfsense-zabbix-template 1 - 0 FFFF00 - 0 - 7 - 0 + ALL pfSense Active Speedtest pfsense.value[if_speedtest_value,{#IFNAME},upload] @@ -289,11 +102,8 @@ https://github.com/rbicelli/pfsense-zabbix-template 2 - 0 0040FF - 0 - 7 - 0 + ALL pfSense Active Speedtest pfsense.value[if_speedtest_value,{#IFNAME},ping] @@ -302,31 +112,8 @@ https://github.com/rbicelli/pfsense-zabbix-template - - - 3s - - - - 200 - 1 - 0 - - - 0 - 0 - 0 - - - - 0 - 0 - - - - From 55780b70f9d1514eb4fad9288b96b61013640987 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Tue, 13 Jul 2021 09:07:59 +0200 Subject: [PATCH 028/162] Fixed Typo in speedtest --- pfsense_zbx.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 98228d2..471edfd 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -213,7 +213,7 @@ function pfz_speedtest_exec ($ifname, $ipaddr){ if (file_exists($filerun)==false) { touch($filerun); - $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filename"; + $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filetmp"; exec ($st_command); rename($filetemp,$filename); @unlink($filerun); From 907c518a9e7e0a9e4eef83af869bc5fa552e3942 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Tue, 13 Jul 2021 09:30:08 +0200 Subject: [PATCH 029/162] More typos --- pfsense_zbx.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 471edfd..f826e2c 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -213,7 +213,7 @@ function pfz_speedtest_exec ($ifname, $ipaddr){ if (file_exists($filerun)==false) { touch($filerun); - $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filetmp"; + $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filetemp"; exec ($st_command); rename($filetemp,$filename); @unlink($filerun); From f2cc3a424af5a07af6c6fb398928ade5e0614ae1 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Sun, 18 Jul 2021 21:31:34 +0200 Subject: [PATCH 030/162] Fixed IPSec Status Conditions --- pfsense_zbx.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index f826e2c..c002ec0 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -207,11 +207,15 @@ function pfz_speedtest_exec ($ifname, $ipaddr){ $filetemp = "$filename.tmp"; $filerun = "/tmp/speedtest-run"; + // Issue #82 + // Sleep random delay in order to avoid problem when 2 pfSense on the same Internet line + sleep (rand ( 1, 90)); + if ( (time()-filemtime($filename) > SPEEDTEST_INTERVAL * 3600) || (file_exists($filename)==false) ) { // file is older than SPEEDTEST_INTERVAL if ( (time()-filemtime($filerun) > 180 ) ) @unlink($filerun); - if (file_exists($filerun)==false) { + if (file_exists($filerun)==false) { touch($filerun); $st_command = "/usr/local/bin/speedtest --source $ipaddr --json > $filetemp"; exec ($st_command); @@ -670,13 +674,13 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ } if ($ikesa['version'] == 1) { $ph1idx = $con_id/1000; - if ($ph1idx>100) $ph1idx = $ph1idx/100; + if ($ph1idx>=100) $ph1idx = $ph1idx/100; $ipsecconnected[$ph1idx] = $ph1idx; } else { if (!ipsec_ikeid_used($con_id)) { // probably a v2 with split connection then $ph1idx = $con_id/1000; - if ($ph1idx>100) $ph1idx = $ph1idx/100; + if ($ph1idx>=100) $ph1idx = $ph1idx/100; $ipsecconnected[$ph1idx] = $ph1idx; } else { $ipsecconnected[$con_id] = $ph1idx = $con_id; From cacc28be80f2f46289eb0c67e46cebbc462821b1 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Mon, 19 Jul 2021 22:22:31 +0200 Subject: [PATCH 031/162] Added Zabbix 4 Templates --- zabbix4/template_pfsense_active.xml | 6335 +++++++++++++++++ zabbix4/template_pfsense_active_ipsec.xml | 877 +++ zabbix4/template_pfsense_active_ovpn_user.xml | 635 ++ zabbix4/template_pfsense_active_speedtest.xml | 332 + 4 files changed, 8179 insertions(+) create mode 100644 zabbix4/template_pfsense_active.xml create mode 100644 zabbix4/template_pfsense_active_ipsec.xml create mode 100644 zabbix4/template_pfsense_active_ovpn_user.xml create mode 100644 zabbix4/template_pfsense_active_speedtest.xml diff --git a/zabbix4/template_pfsense_active.xml b/zabbix4/template_pfsense_active.xml new file mode 100644 index 0000000..7b8638a --- /dev/null +++ b/zabbix4/template_pfsense_active.xml @@ -0,0 +1,6335 @@ + + + 4.0 + 2021-07-04T19:16:51Z + + + Templates/Network Devices + + + + + + + + {Template pfSense Active:vfs.file.cksum[/etc/passwd].diff(0)}>0 + 0 + + /etc/passwd has been changed on {HOST.NAME} + 0 + + + 0 + 2 + + 0 + 0 + + + + + {Template pfSense Active:pfsense.value[carp_status].last()}>2 + 0 + + CARP Problems on {HOST.NAME} + 0 + + + 0 + 4 + CARP Problems + 0 + 0 + + + + + {Template pfSense Active:pfsense.expected_carp_status.last()}<>0 and {Template pfSense Active:pfsense.value[carp_status].last()}<>{$EXPECTED_CARP_STATUS} + 0 + + CARP Status not Expected on {HOST.NAME} + 0 + + + 0 + 4 + pfSense CARP is not in the state Expected. This means that a failover could be in process. + 0 + 0 + + + + + {Template pfSense Active:kernel.maxfiles.last(0)}<1024 + 0 + + Configured max number of opened files is too low on {HOST.NAME} + 0 + + + 0 + 1 + + 0 + 0 + + + + + {Template pfSense Active:kernel.maxproc.last(0)}<256 + 0 + + Configured max number of processes is too low on {HOST.NAME} + 0 + + + 0 + 1 + + 0 + 0 + + + + + {Template pfSense Active:pfsense.value[carp_status].last()}>2 + 0 + + DHCP Failover Problems on {HOST.NAME} + 0 + + https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html + 0 + 4 + One or more DHCP Pools are experiencing failover problems. This could potentially cause other problems in yourr network. + 0 + 0 + + + + + {Template pfSense Active:system.uname.diff(0)}>0 + 0 + + Host information was changed on {HOST.NAME} + 0 + + + 0 + 1 + + 0 + 0 + + + + + {Template pfSense Active:system.hostname.diff(0)}>0 + 0 + + Hostname was changed on {HOST.NAME} + 0 + + + 0 + 1 + + 0 + 0 + + + + + {Template pfSense Active:vm.memory.size[available].last(0)}<20M + 0 + + Lack of available memory on server {HOST.NAME} + 0 + + + 0 + 3 + + 0 + 0 + + + + + {Template pfSense Active:system.swap.size[,pfree].last(0)}<50 + 0 + + Lack of free swap space on {HOST.NAME} + 0 + + + 0 + 2 + It probably means that the systems requires more physical memory. + 0 + 0 + + + + + {Template pfSense Active:pfsense.mbuf.ptotal.last()}>80 + 0 + + MBUF used at 80% + 0 + + + 0 + 2 + + 0 + 0 + + + + + {Template pfSense Active:pfsense.mbuf.ptotal.last()}>90 + 0 + + MBUF used at 90% + 0 + + + 0 + 4 + + 0 + 0 + + + + + ({Template pfSense Active:pfsense.value[system,version].last()}<>{Template pfSense Active:pfsense.value[system,installed_version].last()})=1 + 0 + + New Version Available on {HOST.NAME} + 0 + + + 0 + 1 + Noify of new version of pfsense available + 0 + 0 + + + + + {Template pfSense Active:pfsense.value[system,new_version_available].last()}=1 + 0 + + New Version of pfSense Available on {HOST.NAME} + 0 + + + 0 + 1 + A new version of pfSense is available for update. + 0 + 1 + + + + + {Template pfSense Active:pfsense.value[system,packages_update].last()}>0 + 0 + + Packages Update Available on {HOST.NAME} + 0 + + + 0 + 1 + New version of packages are available + 0 + 0 + + + + + {Template pfSense Active:pfsense.value[gw_status].diff()}>0 + 1 + {Template pfSense Active:pfsense.value[gw_status].diff()}=0 + pfSense Gateway Status Changed on {HOST.NAME} + 0 + + + 0 + 3 + Gateway Status Change, for use with an acion Script (e.g. update DNS record) + 0 + 1 + + + + + {Template pfSense Active:system.cpu.load[percpu,avg1].avg(5m)}>5 + 0 + + Processor load is too high on {HOST.NAME} + 0 + + + 0 + 2 + + 0 + 0 + + + + + {Template pfSense Active:pfsense.states.pused.last()}>80 + 0 + + State Table used at 80% + 0 + + + 0 + 2 + + 0 + 0 + + + + + {Template pfSense Active:pfsense.states.pused.last()}>90 + 0 + + State Table used at 90% + 0 + + + 0 + 4 + + 0 + 0 + + + + + {Template pfSense Active:proc.num[].avg(5m)}>300 + 0 + + Too many processes on {HOST.NAME} + 0 + + + 0 + 2 + + 0 + 0 + + + + + {Template pfSense Active:proc.num[,,run].avg(5m)}>30 + 0 + + Too many processes running on {HOST.NAME} + 0 + + + 0 + 2 + + 0 + 0 + + + + + {Template pfSense Active:system.uptime.change(0)}<0 + 0 + + {HOST.NAME} has just been restarted + 0 + + + 0 + 1 + + 0 + 0 + + + + + + + Active Connections + 900 + 200 + 0.0000 + 100.0000 + 1 + 0 + 0 + 1 + 0 + 0.0000 + 0.0000 + 1 + 2 + 0 + + Template pfSense Active + pfsense.states.max + + + + 0 + 5 + FF2C27 + 0 + 2 + 0 + + Template pfSense Active + pfsense.states.current + + + + + + Active Connections (pie) + 600 + 340 + 0.0000 + 0.0000 + 0 + 0 + 2 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 5B5B5B + 0 + 2 + 2 + + Template pfSense Active + pfsense.states.max + + + + 1 + 5 + FF2C27 + 0 + 2 + 0 + + Template pfSense Active + pfsense.states.current + + + + + + CPU jumps + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 0 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 5 + 009900 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.switches + + + + 1 + 5 + 000099 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.intr + + + + + + CPU load + 900 + 200 + 0.0000 + 100.0000 + 1 + 1 + 1 + 1 + 0 + 0.0000 + 0.0000 + 1 + 0 + 0 + 0 + + + 0 + 0 + FFA619 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.load[percpu,avg1] + + + + 1 + 0 + E86E30 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.load[percpu,avg5] + + + + 2 + 0 + FF2F26 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.load[percpu,avg15] + + + + + + CPU utilization (Line) + 900 + 200 + 0.0000 + 100.0000 + 1 + 0 + 0 + 1 + 0 + 0.0000 + 0.0000 + 1 + 1 + 0 + 0 + + + 0 + 5 + FFE819 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.util[,interrupt] + + + + 1 + 5 + E85D17 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.util[,nice] + + + + 2 + 5 + DF26FF + 0 + 2 + 0 + + Template pfSense Active + system.cpu.util[,system] + + + + 3 + 5 + 1775E8 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.util[,user] + + + + 4 + 0 + 03D933 + 0 + 2 + 0 + + Template pfSense Active + system.cpu.util[,idle] + + + + + + Memory Available details (pie) + 600 + 340 + 0.0000 + 0.0000 + 0 + 0 + 2 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 003300 + 0 + 2 + 2 + + Template pfSense Active + vm.memory.size[available] + + + + 1 + 0 + 005500 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[free] + + + + 2 + 0 + 007700 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[cached] + + + + 3 + 0 + 009900 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[inactive] + + + + + + Memory usage + 900 + 200 + 0.0000 + 100.0000 + 1 + 0 + 1 + 1 + 0 + 0.0000 + 0.0000 + 1 + 2 + 0 + + Template pfSense Active + vm.memory.size[total] + + + + 0 + 0 + 00EE00 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[wired] + + + + 1 + 0 + 00CC00 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[active] + + + + 2 + 0 + 007700 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[inactive] + + + + 3 + 0 + 005500 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[cached] + + + + 4 + 0 + 003300 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[free] + + + + + + Memory Usage simple (pie) + 600 + 340 + 0.0000 + 0.0000 + 0 + 0 + 2 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 003300 + 0 + 2 + 0 + + Template pfSense Active + vm.memory.size[available] + + + + 1 + 0 + 00DD00 + 0 + 2 + 0 + + Template pfSense Active + kt.mem.used + + + + + + Network Memory Buffer + 900 + 200 + 0.0000 + 100.0000 + 1 + 0 + 1 + 1 + 0 + 0.0000 + 0.0000 + 1 + 2 + 0 + + Template pfSense Active + pfsense.mbuf.max + + + + 0 + 0 + B26E16 + 0 + 2 + 0 + + Template pfSense Active + pfsense.mbuf.current + + + + 1 + 0 + FFCE8E + 0 + 2 + 0 + + Template pfSense Active + pfsense.mbuf.cache + + + + + + Network Memory Buffer (pie) + 600 + 340 + 0.0000 + 0.0000 + 0 + 0 + 2 + 1 + 0 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 5B5B5B + 0 + 2 + 2 + + Template pfSense Active + pfsense.mbuf.max + + + + 1 + 0 + FFCE8E + 0 + 2 + 0 + + Template pfSense Active + pfsense.mbuf.cache + + + + 2 + 0 + B26E16 + 0 + 2 + 0 + + Template pfSense Active + pfsense.mbuf.current + + + + + + Swap usage + 600 + 340 + 0.0000 + 0.0000 + 0 + 0 + 2 + 1 + 1 + 0.0000 + 0.0000 + 0 + 0 + 0 + 0 + + + 0 + 0 + 5B5B5B + 0 + 2 + 2 + + Template pfSense Active + system.swap.size[,total] + + + + 1 + 0 + FFFF33 + 0 + 2 + 0 + + Template pfSense Active + system.swap.size[,used] + + + + + + + + Generic YesNo + + + 0 + No + + + 1 + Yes + + + + + pfSense CARP Status + + + 0 + Disabled + + + 1 + Master + + + 2 + Backup + + + 3 + Inconsistent + + + 4 + Problem + + + + + pfSense Gateway Status + + + 0 + Up + + + 1 + Packet Loss + + + 2 + High Delay + + + 3 + High Packet Loss + + + 4 + Forced Down + + + 5 + Down + + + + + pfSense OpenVPN Interface Status + + + 0 + Down + + + 1 + Up + + + 2 + None + + + 3 + Reconnecting + + + 4 + Waiting + + + 5 + Up/Listening + + + + + pfSense OpenVPN Mode + + + 1 + Peer to Peer (SSL/TLS) + + + 2 + P2P Shared Key + + + 3 + Remote Access (SSL/TLS) + + + 4 + Remote Access (User Auth) + + + 5 + Remote Access 8SSL/TLS + User Auth) + + + + + Service state + + + 0 + Down + + + 1 + Up + + + + + diff --git a/zabbix4/template_pfsense_active_ipsec.xml b/zabbix4/template_pfsense_active_ipsec.xml new file mode 100644 index 0000000..8ebeafe --- /dev/null +++ b/zabbix4/template_pfsense_active_ipsec.xml @@ -0,0 +1,877 @@ + + + 4.0 + 2021-01-18T21:30:16Z + + + Templates/Network Devices + + + + + + + + pfSense IPsec Enabled + + + 0 + Yes + + + 1 + No + + + + + pfSense IPsec IKE Type + + + 0 + Auto + + + 1 + IKE v1 + + + 2 + IKE v2 + + + + + pfSense IPsec Phase 1 Status + + + 0 + Down + + + 1 + Established + + + 2 + Connecting + + + 10 + Down on CARP Secondary + + + + + pfSense IPsec Phase 2 Protocol + + + 1 + ESP + + + 2 + AH + + + + + pfSense IPsec Protocol + + + 0 + Dual Stack (IPv4 & IPv6) + + + 1 + IPv4 + + + 2 + IPv6 + + + + + pfSense IPsec Tunnel Mode + + + 0 + Main + + + 1 + Aggressive + + + + + diff --git a/zabbix4/template_pfsense_active_ovpn_user.xml b/zabbix4/template_pfsense_active_ovpn_user.xml new file mode 100644 index 0000000..41106bf --- /dev/null +++ b/zabbix4/template_pfsense_active_ovpn_user.xml @@ -0,0 +1,635 @@ + + + 4.0 + 2021-01-18T15:02:06Z + + + Templates/Network Devices + + + + + + diff --git a/zabbix4/template_pfsense_active_speedtest.xml b/zabbix4/template_pfsense_active_speedtest.xml new file mode 100644 index 0000000..41335bd --- /dev/null +++ b/zabbix4/template_pfsense_active_speedtest.xml @@ -0,0 +1,332 @@ + + + 4.0 + 2021-07-05T15:51:20Z + + + Templates/Network Devices + + + + + + From 3ad0b109d17213c8788609fd9f63abdec36e3f2f Mon Sep 17 00:00:00 2001 From: sschiffel Date: Sat, 6 Nov 2021 21:32:48 +0100 Subject: [PATCH 032/162] fix ipsec_status con-id matching --- pfsense_zbx.php | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index c002ec0..9363d46 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -657,30 +657,40 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ require_once("ipsec.inc"); global $config; init_config_arr(array('ipsec', 'phase1')); + $a_phase1 = &$config['ipsec']['phase1']; + $conmap = array(); + foreach ($a_phase1 as $ph1ent) { + if (get_ipsecifnum($ph1ent['ikeid'], 0)) { + $cname = "con" . get_ipsecifnum($ph1ent['ikeid'], 0); + } else { + $cname = "con{$ph1ent['ikeid']}00000"; + } + $conmap[$cname] = $ph1ent['ikeid']; + } + $status = ipsec_list_sa(); - $ipsecconnected = array(); + $ipsecconnected = array(); $carp_status = pfz_carp_status(false); //Phase-Status match borrowed from status_ipsec.php if (is_array($status)) { - foreach ($status as $l_ikeid=>$ikesa) { + foreach ($status as $l_ikeid=>$ikesa) { - if(isset($ikesa['con-id'])){ + if (isset($ikesa['con-id'])) { $con_id = substr($ikesa['con-id'], 3); - }else{ - $con_id = filter_var($l_ikeid, FILTER_SANITIZE_NUMBER_INT); + } else { + $con_id = filter_var($ikeid, FILTER_SANITIZE_NUMBER_INT); } + $con_name = "con" . $con_id; if ($ikesa['version'] == 1) { - $ph1idx = $con_id/1000; - if ($ph1idx>=100) $ph1idx = $ph1idx/100; + $ph1idx = $conmap[$con_name]; $ipsecconnected[$ph1idx] = $ph1idx; } else { if (!ipsec_ikeid_used($con_id)) { // probably a v2 with split connection then - $ph1idx = $con_id/1000; - if ($ph1idx>=100) $ph1idx = $ph1idx/100; + $ph1idx = $conmap[$con_name]; $ipsecconnected[$ph1idx] = $ph1idx; } else { $ipsecconnected[$con_id] = $ph1idx = $con_id; From 12358a05848eaf4defec03d697161db7c252b229 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Tue, 9 Nov 2021 22:58:18 +0100 Subject: [PATCH 033/162] Issues #70, #81, #87 --- README.md | 8 ++--- pfsense_zbx.php | 71 +++++++++++++++++++++++++++++-------- template_pfsense_active.xml | 42 +++++++++++++++++++++- 3 files changed, 101 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 210c699..3faab65 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data. -Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0 +Tested with pfSense 2.5.x, Zabbix 4.0, Zabbix 5.0 ## What it does @@ -87,13 +87,13 @@ For running speedtests on WAN interfaces you have to install the speedtest packa From **Diagnostics/Command Prompt** input this commands: ```bash -pkg update && pkg install -y py37-speedtest-cli +pkg update && pkg install -y py38-speedtest-cli ``` -Speedtest python package could be broken at the moment, so you could need an extra step: download the latest version from package author's github repo. +Speedtest python package could be broken at the moment, so you could need an extra step, *only if manually executing speedtest results in an error*: download the latest version from package author's github repo. ```bash -curl -Lo /usr/local/lib/python3.7/site-packages/speedtest.py https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py +curl -Lo /usr/local/lib/python3.8/site-packages/speedtest.py https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py ``` For testing if speedtest is installed properly you can try it: diff --git a/pfsense_zbx.php b/pfsense_zbx.php index c002ec0..108968b 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -1,7 +1,7 @@ This program is licensed under Apache 2.0 License @@ -112,17 +112,20 @@ function pfz_interface_discovery($is_wan=false,$is_cron=false) { $ifdescr = $hwif; $has_gw = false; $is_vpn = false; + $has_public_ip = false; foreach($ifcs as $ifc=>$ifinfo){ if ($ifinfo["hwif"] == $hwif){ $ifdescr = $ifinfo["description"]; if (array_key_exists("gateway",$ifinfo)) $has_gw=true; + // Issue #81 - https://stackoverflow.com/a/13818647/15093007 + if (filter_var($ifinfo["ipaddr"], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) $has_public_ip=true; if (strpos($ifinfo["if"],"ovpn")!==false) $is_vpn=true; break; } } - if ( ($is_wan==false) || (($is_wan==true) && ($has_gw==true) && ($is_vpn==false)) ) { + if ( ($is_wan==false) || (($is_wan==true) && (($has_gw==true) || ($has_public_ip==true)) && ($is_vpn==false)) ) { $if_ret[]=$hwif; $json_string .= '{"{#IFNAME}":"' . $hwif . '"'; $json_string .= ',"{#IFDESCR}":"' . $ifdescr . '"'; @@ -164,7 +167,7 @@ function pfz_interface_speedtest_value($ifname, $value){ } - +// This is supposed to run via cron job function pfz_speedtest_cron(){ require_once("services.inc"); $ifdescrs = get_configured_interface_with_descr(true); @@ -183,13 +186,9 @@ function pfz_speedtest_cron(){ break; } } - - //If the interface has a gateway is considered WAN, so let's do the speedtest - if (array_key_exists("gateway", $ifinfo)) { - $ipaddr = $ifinfo['ipaddr']; - pfz_speedtest_exec($ifname, $ipaddr); - } - + + pfz_speedtest_exec($ifname, $ifinfo['ipaddr']); + } } @@ -446,7 +445,7 @@ function pfz_service_value($name,$value){ //List of service which are stopped on CARP Slave. //For now this is the best way i found for filtering out the triggers //Waiting for a way in Zabbix to use Global Regexp in triggers with items discovery - $stopped_on_carp_slave = array("haproxy","radvd","openvpn.","openvpn"); + $stopped_on_carp_slave = array("haproxy","radvd","openvpn.","openvpn","avahi"); foreach ($services as $service){ $namecfr = $service["name"]; @@ -530,8 +529,13 @@ function pfz_gw_value($gw, $valuekey) { $gws = return_gateways_status(true); if(array_key_exists($gw,$gws)) { $value = $gws[$gw][$valuekey]; - if ($valuekey=="status") - $value = pfz_valuemap("gateway.status", $value); + if ($valuekey=="status") { + //Issue #70: Gateway Forced Down + if ($gws[$gw]["substatus"]<>"none") + $value = $gws[$gw]["substatus"]; + + $value = pfz_valuemap("gateway.status", $value); + } echo $value; } } @@ -1018,10 +1022,44 @@ function pfz_get_system_value($section){ break; case "packages_update": echo pfz_packages_uptodate(); - break; + break; } } +//S.M.A.R.T Status +// Taken from /usr/local/www/widgets/widgets/smart_status.widget.php +function pfz_get_smart_status(){ + + $devs = get_smart_drive_list(); + $status = 0; + foreach ($devs as $dev) { ## for each found drive do + $smartdrive_is_displayed = true; + $dev_ident = exec("diskinfo -v /dev/$dev | grep ident | awk '{print $1}'"); ## get identifier from drive + $dev_state = trim(exec("smartctl -H /dev/$dev | awk -F: '/^SMART overall-health self-assessment test result/ {print $2;exit} +/^SMART Health Status/ {print $2;exit}'")); ## get SMART state from drive + switch ($dev_state) { + case "PASSED": + case "OK": + //OK + $status=0; + break; + case "": + //Unknown + $status=2; + return $status; + break; + default: + //Error + $status=1; + return $status; + break; + } + } + + echo $status; +} + + // File is present function pfz_file_exists($filename) { if (file_exists($filename)) @@ -1217,7 +1255,10 @@ switch (strtolower($argv[1])){ break; case "cron_cleanup": pfz_speedtest_cron_install(false); - break; + break; + case "smart_status": + pfz_get_smart_status(); + break; default: pfz_test(); } diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index 3568b05..00f0c47 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -1,7 +1,7 @@ 5.0 - 2021-07-12T10:35:24Z + 2021-11-09T21:44:28Z Templates/Network Devices @@ -313,6 +313,29 @@ https://github.com/rbicelli/pfsense-zabbix-template + + SMART Status + ZABBIX_ACTIVE + pfsense.value[smart_status] + 1800s + pfSense SMART Status + + + System + + + + pfSense SMART Status + + + + {last()}=1 + SMART Errors on {HOST.NAME} + HIGH + pfSense has detected SMART Problems on one or more drives. + + + pfSense Installed Version ZABBIX_ACTIVE @@ -2133,6 +2156,23 @@ or + + pfSense SMART Status + + + 0 + OK + + + 1 + Error + + + 2 + Unknown + + + Service state From b418256001a12bdc49cb6601b4f48efb8de70c56 Mon Sep 17 00:00:00 2001 From: Guillaume Hullin Date: Fri, 21 Jan 2022 11:47:35 +0100 Subject: [PATCH 034/162] fast-forward to latest Futur-Tech version This repo has been reset in order to be a fork of GuillaumeHullin/pfsense-zabbix-template which is a fork of rbicelli/pfsense-zabbix-template --- README.md | 112 +- pfsense_zbx.php | 26 + template_pfsense_active.xml | 374 +- template_pfsense_active_ipsec.xml | 6 +- template_pfsense_active_ovpn_user.xml | 18 +- template_pfsense_active_speedtest.xml | 18 +- zabbix4/template_pfsense_active.xml | 6335 ----------------- zabbix4/template_pfsense_active_ipsec.xml | 877 --- zabbix4/template_pfsense_active_ovpn_user.xml | 635 -- zabbix4/template_pfsense_active_speedtest.xml | 332 - 10 files changed, 353 insertions(+), 8380 deletions(-) delete mode 100644 zabbix4/template_pfsense_active.xml delete mode 100644 zabbix4/template_pfsense_active_ipsec.xml delete mode 100644 zabbix4/template_pfsense_active_ovpn_user.xml delete mode 100644 zabbix4/template_pfsense_active_speedtest.xml diff --git a/README.md b/README.md index 3faab65..f6591c3 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ -[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/rbicelli) - # pfSense Zabbix Template This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data. @@ -35,24 +33,78 @@ Tested with pfSense 2.5.x, Zabbix 4.0, Zabbix 5.0 - Discovery of WAN Interfaces - Perform speed tests and collect metrics +**Template pfSense Active: Speedtest** + + - Discovery of WAN Interfaces + - Perform speed tests and collect metrics + ## Configuration -First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts). +### Install PHP script for Agent -From **Diagnostics/Command Prompt** input this one-liner: +- Option 1: via Web GUI **Diagnostics/Command Prompt** ```bash -curl --create-dirs -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php +[ -d "/root/scripts" ] || mkdir /root/scripts ; curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/Futur-Tech/futur-tech-zabbix-pfsense/main/pfsense_zbx.php +``` +> You can add this command to **Services** > **Shellcmd** in order to download the latest version of the script, each time you reboot or restore a config backup. + +- Option 2 : via pfSense shell + +```bash +mkdir /root/scripts +curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/Futur-Tech/futur-tech-zabbix-pfsense/main/pfsense_zbx.php ``` -Then install package "Zabbix Agent 4" on your pfSense Box +### Zabbix Package Install + +From the package manager install package "Zabbix Agent 5" and "Zabbix Proxy 5" + +### Setup Zabbix Proxy + +Make sure to fill the following fields: + +``` +TLS Connect: psk +TLS Accept: psk +TLS PSK Identity: +TLS PSK: +``` +To generate a PSK key you can use the command in Linux: + +```bash +openssl rand -hex 32 +``` + +Click on **Show Advanced Options** + +In Advanced Features-> User Parameters + +``` +EnableRemoteCommands=1 +``` + +### Setup Zabbix Agent + +Make sure to fill the following fields: + +``` +Timeout: 10 +TLS Connect: psk +TLS Accept: psk +TLS PSK Identity: +TLS PSK: +``` +Click on **Show Advanced Options** In Advanced Features-> User Parameters ```bash +# https://github.com/Futur-Tech/futur-tech-zabbix-pfsense AllowRoot=1 +HostMetadataItem=system.uname UserParameter=pfsense.states.max,grep "limit states" /tmp/rules.limits | cut -f4 -d ' ' UserParameter=pfsense.states.current,grep "current entries" /tmp/pfctl_si_out | tr -s ' ' | cut -f4 -d ' ' UserParameter=pfsense.mbuf.current,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f1 @@ -62,7 +114,25 @@ UserParameter=pfsense.discovery[*],/usr/local/bin/php /root/scripts/pfsense_zbx. UserParameter=pfsense.value[*],/usr/local/bin/php /root/scripts/pfsense_zbx.php $1 $2 $3 ``` -_Please note that **AllowRoot=1** option is required in order to correctly execute OpenVPN checks and others._ +### Zabbix Server Install Note + +- Add the proxy in: **Administration** -> **Proxies** (don't forget to put the correct PSK). +- Create a new host-group for the proxy **Configuration** -> **Host groups** +- Create a new "Autoregistration actions" **Configuration** -> **Action** -- in the top left select **Autoregistration actions** +- Create a new "Discovery rules" **Configuration** -> **Discovery** + +The new host should automatically register in Zabbix with all templates correctly assigned. + +The Host Name will be the hostname of the Pfsense. + +* Modify the visible name +* Correct the Agent interface if it is incorrect +* Under the tab **Encryption** put the same PSK ID and Key as the proxy *(it doesn't need to be the same as the proxy BUT make sure to not use 2 keys on separate host/proxy with the same identity).* +* **Update the PSK ID and Key in the Pfsense Zabbix Agent!** + +## Note on the script and template + +_Please note that **AllowRoot=1** option is required in order to execute correctly OpenVPN checks and others._ Also increase the **Timeout** value at least to **5**, otherwise some checks will fail. @@ -79,7 +149,7 @@ Possible values are: This is useful when monitoring services which could stay stopped on CARP Backup Member. -## Setup Speedtest +### Setup Speedtest For running speedtests on WAN interfaces you have to install the speedtest package. @@ -87,13 +157,7 @@ For running speedtests on WAN interfaces you have to install the speedtest packa From **Diagnostics/Command Prompt** input this commands: ```bash -pkg update && pkg install -y py38-speedtest-cli -``` - -Speedtest python package could be broken at the moment, so you could need an extra step, *only if manually executing speedtest results in an error*: download the latest version from package author's github repo. - -```bash -curl -Lo /usr/local/lib/python3.8/site-packages/speedtest.py https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py +pkg update && pkg install -y -g 'py*-speedtest-cli' ``` For testing if speedtest is installed properly you can try it: @@ -102,9 +166,17 @@ For testing if speedtest is installed properly you can try it: /usr/local/bin/speedtest ``` -Remember that you will need to install the package on *every* pfSense upgrade. +If you get an error while testing you can overide the Python script from the original version. -Speedtest template creates a cron job and check for entry everytime Zabbix requests its items. If you want to uninstall the cron jobs simply run, from **Diagnostics/Command Prompt**: +```bash +curl -Lo /usr/local/lib/python3.7/site-packages/speedtest.py https://raw.githubusercontent.com/Futur-Tech/speedtest-cli/master/speedtest.py +``` + +> Note that for pfSense 2.4, Python 3.7 is installed. In 2.5, it's Python 3.8... so adjust the path if needed. + +Remember that you will need to install the package on *every* pfSense upgrade, to avoid this inconvenience you can add the install command in **Schellcmd**. + +Speedtest template creates a cron job and check for entry everytime Zabbix requests its items. If you want to uninstall the cron jobs simply run, from **Diagnostics/Command Prompt**: ```bash /url/local/bin/php /root/scripts/pfsense_zbx.php cron_cleanup @@ -112,4 +184,8 @@ Speedtest template creates a cron job and check for entry everytime Zabbix reque ## Credits -[Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part. \ No newline at end of file +Original GIT: https://github.com/rbicelli/pfsense-zabbix-template + +[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/rbicelli) + +[Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part. diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 1c6652f..ddb0f7b 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -1069,6 +1069,29 @@ function pfz_get_smart_status(){ echo $status; } +// Certificats validity date +function pfz_get_cert_date($valuekey){ + global $config; + + $value = 0; + foreach (array("cert", "ca") as $cert_type) { + switch ($valuekey){ + case "validFrom.max": + foreach ($config[$cert_type] as $cert) { + $certinfo = openssl_x509_parse(base64_decode($cert[crt])); + if ($value == 0 or $value < $certinfo['validFrom_time_t']) $value = $certinfo['validFrom_time_t']; + } + break; + case "validTo.min": + foreach ($config[$cert_type] as $cert) { + $certinfo = openssl_x509_parse(base64_decode($cert[crt])); + if ($value == 0 or $value > $certinfo['validTo_time_t']) $value = $certinfo['validTo_time_t']; + } + break; + } + } + echo $value; +} // File is present function pfz_file_exists($filename) { @@ -1269,6 +1292,9 @@ switch (strtolower($argv[1])){ case "smart_status": pfz_get_smart_status(); break; + case "cert_date": + pfz_get_cert_date($argv[2]); + break; default: pfz_test(); } diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index 00f0c47..a5b8a94 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -1,26 +1,43 @@ 5.0 - 2021-11-09T21:44:28Z + 2022-01-07T10:04:09Z - Templates/Network Devices + Templates/Futur-Tech/Applications