diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 830b913..c8f0efc 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -30,7 +30,7 @@ require_once('pkg-utils.inc'); //Testing function, for template creating purpose function pfz_test(){ $line = "-------------------\n"; - + $ovpn_servers = pfz_openvpn_get_all_servers(); echo "OPENVPN Servers:\n"; print_r($ovpn_servers); @@ -43,11 +43,11 @@ function pfz_test(){ $ifdescrs = get_configured_interface_with_descr(true); $ifaces=array(); - foreach ($ifdescrs as $ifdescr => $ifname){ + foreach ($ifdescrs as $ifdescr => $ifname){ $ifinfo = get_interface_info($ifdescr); $ifaces[$ifname] = $ifinfo; } - echo "Network Interfaces:\n"; + echo "Network Interfaces:\n"; print_r($ifaces); print_r(get_interface_arr()); print_r(get_configured_interface_list()); @@ -57,34 +57,34 @@ function pfz_test(){ echo "Services: \n"; print_r($services); echo $line; - + echo "IPsec: \n"; - - require_once("ipsec.inc"); - global $config; - init_config_arr(array('ipsec', 'phase1')); - init_config_arr(array('ipsec', 'phase2')); - $a_phase2 = &$config['ipsec']['phase2']; + + require_once("ipsec.inc"); + global $config; + init_config_arr(array('ipsec', 'phase1')); + init_config_arr(array('ipsec', 'phase2')); + $a_phase2 = &$config['ipsec']['phase2']; $status = ipsec_list_sa(); - echo "IPsec Status: \n"; - print_r($status); - - $a_phase1 = &$config['ipsec']['phase1']; - $a_phase2 = &$config['ipsec']['phase2']; - - echo "IPsec Config Phase 1: \n"; - print_r($a_phase1); - - echo "IPsec Config Phase 2: \n"; - print_r($a_phase2); - - echo $line; - - //Packages - echo "Packages: \n"; - require_once("pkg-utils.inc"); - $installed_packages = get_pkg_info('all', false, true); - print_r($installed_packages); + echo "IPsec Status: \n"; + print_r($status); + + $a_phase1 = &$config['ipsec']['phase1']; + $a_phase2 = &$config['ipsec']['phase2']; + + echo "IPsec Config Phase 1: \n"; + print_r($a_phase1); + + echo "IPsec Config Phase 2: \n"; + print_r($a_phase2); + + echo $line; + + //Packages + echo "Packages: \n"; + require_once("pkg-utils.inc"); + $installed_packages = get_pkg_info('all', false, true); + print_r($installed_packages); } @@ -94,9 +94,9 @@ function pfz_interface_discovery() { $ifdescrs = get_configured_interface_with_descr(true); $ifaces = get_interface_arr(); $ifcs=array(); - + $json_string = '['; - + foreach ($ifdescrs as $ifname => $ifdescr){ $ifinfo = get_interface_info($ifname); $ifinfo["description"] = $ifdescr; @@ -141,7 +141,7 @@ function pfz_openvpn_serverdiscovery() { foreach ($servers as $server){ $name = trim(preg_replace('/\w{3}(\d)?\:\d{4,5}/i', '', $server['name'])); $json_string .= '{"{#SERVER}":"' . $server['vpnid'] . '"'; - $json_string .= ',"{#NAME}":"' . $name . '"'; + $json_string .= ',"{#NAME}":"' . $name . '"'; $json_string .= '},'; } @@ -154,14 +154,14 @@ function pfz_openvpn_serverdiscovery() { // Get OpenVPN Server Value function pfz_openvpn_servervalue($server_id,$valuekey){ - $servers = pfz_openvpn_get_all_servers(); - + $servers = pfz_openvpn_get_all_servers(); + foreach($servers as $server) { if($server['vpnid']==$server_id){ $value = $server[$valuekey]; if ($valuekey=="status") { if ( ($server['mode']=="server_user") || ($server['mode']=="server_tls_user") || ($server['mode']=="server_tls") ){ - if ($value=="") $value="server_user_listening"; + if ($value=="") $value="server_user_listening"; } else if ($server['mode']=="p2p_tls"){ // For p2p_tls, ensure we have one client, and return up if it's the case if ($value=="") @@ -170,19 +170,19 @@ function pfz_openvpn_servervalue($server_id,$valuekey){ } } } - - switch ($valuekey){ - + + switch ($valuekey){ + case "conns": - //Client Connections: is an array so it is sufficient to count elements + //Client Connections: is an array so it is sufficient to count elements if (is_array($value)) $value = count($value); else $value = "0"; - break; - + break; + case "status": - + $value = pfz_valuemap("openvpn.server.status", $value); break; @@ -190,7 +190,7 @@ function pfz_openvpn_servervalue($server_id,$valuekey){ $value = pfz_valuemap("openvpn.server.mode", $value); break; } - + //if ($value=="") $value="none"; echo $value; } @@ -203,14 +203,14 @@ function pfz_openvpn_server_userdiscovery(){ foreach ($servers as $server){ if ( ($server['mode']=='server_user') || ($server['mode']=='server_tls_user') ) { - if (is_array($server['conns'])) { + if (is_array($server['conns'])) { $name = trim(preg_replace('/\w{3}(\d)?\:\d{4,5}/i', '', $server['name'])); - - foreach($server['conns'] as $conn) { + + foreach($server['conns'] as $conn) { $json_string .= '{"{#SERVERID}":"' . $server['vpnid'] . '"'; $json_string .= ',"{#SERVERNAME}":"' . $name . '"'; - $json_string .= ',"{#UNIQUEID}":"' . $server['vpnid'] . '+' . $conn['common_name'] . '"'; - $json_string .= ',"{#USERID}":"' . $conn['common_name'] . '"'; + $json_string .= ',"{#UNIQUEID}":"' . $server['vpnid'] . '+' . $conn['common_name'] . '"'; + $json_string .= ',"{#USERID}":"' . $conn['common_name'] . '"'; $json_string .= '},'; } } @@ -229,15 +229,15 @@ function pfz_openvpn_server_uservalue($unique_id, $valuekey, $default=""){ $atpos=strpos($unique_id,'+'); $server_id = substr($unique_id,0,$atpos); $user_id = substr($unique_id,$atpos+1); - + $servers = pfz_openvpn_get_all_servers(); foreach($servers as $server) { if($server['vpnid']==$server_id) { - foreach($server['conns'] as $conn) { + foreach($server['conns'] as $conn) { if ($conn['common_name']==$user_id){ $value = $conn[$valuekey]; } - } + } } } if ($value=="") $value = $default; @@ -264,14 +264,14 @@ function pfz_openvpn_clientdiscovery() { function pfz_openvpn_clientvalue($client_id, $valuekey, $default="none"){ - $clients = openvpn_get_active_clients(); + $clients = openvpn_get_active_clients(); foreach($clients as $client) { if($client['vpnid']==$client_id) $value = $client[$valuekey]; } - switch ($valuekey){ - + switch ($valuekey){ + case "status": $value = pfz_valuemap("openvpn.client.status", $value); break; @@ -292,24 +292,24 @@ function pfz_services_discovery(){ foreach ($services as $service){ if (!empty($service['name'])) { - + $status = get_service_status($service); if ($status="") $status = 0; - $id=""; - //id for OpenVPN + $id=""; + //id for OpenVPN if (!empty($service['id'])) $id = "." . $service["id"]; //zone for Captive Portal if (!empty($service['zone'])) $id = "." . $service["zone"]; - - $json_string .= '{"{#SERVICE}":"' . str_replace(" ", "__", $service['name']) . $id . '"'; + + $json_string .= '{"{#SERVICE}":"' . str_replace(" ", "__", $service['name']) . $id . '"'; $json_string .= ',"{#DESCRIPTION}":"' . $service['description'] . '"'; $json_string .= '},'; } - } + } $json_string = rtrim($json_string,","); $json_string .= "]"; - + echo $json_string; } @@ -318,38 +318,38 @@ function pfz_services_discovery(){ // 2020-03-27: Added space replace in service name for issue #12 // 2020-09-28: Corrected Space Replace function pfz_service_value($name,$value){ - $services = get_services(); + $services = get_services(); $name = str_replace("__"," ",$name); - + //List of service which are stopped on CARP Slave. //For now this is the best way i found for filtering out the triggers //Waiting for a way in Zabbix to use Global Regexp in triggers with items discovery $stopped_on_carp_slave = array("haproxy","openvpn.","openvpn"); - + foreach ($services as $service){ $namecfr = $service["name"]; - $carpcfr = $service["name"]; + $carpcfr = $service["name"]; - //OpenVPN - if (!empty($service['id'])) { + //OpenVPN + if (!empty($service['id'])) { $namecfr = $service['name'] . "." . $service["id"]; - $carpcfr = $service['name'] . "."; + $carpcfr = $service['name'] . "."; } //Captive Portal - if (!empty($service['zone'])) { + if (!empty($service['zone'])) { $namecfr = $service['name'] . "." . $service["zone"]; - $carpcfr = $service['name'] . "."; - } + $carpcfr = $service['name'] . "."; + } if ($namecfr == $name){ switch ($value) { - + case "status": $status = get_service_status($service); if ($status=="") $status = 0; echo $status; - break; + break; case "name": echo $namecfr; @@ -368,11 +368,11 @@ function pfz_service_value($name,$value){ else echo 1; break; - default: + default: echo $service[$value]; break; } - } + } } } @@ -393,13 +393,13 @@ function pfz_gw_discovery() { $gws = return_gateways_status(true); $json_string = '['; - foreach ($gws as $gw){ - $json_string .= '{"{#GATEWAY}":"' . $gw['name'] . '"'; + foreach ($gws as $gw){ + $json_string .= '{"{#GATEWAY}":"' . $gw['name'] . '"'; $json_string .= '},'; - } + } $json_string = rtrim($json_string,","); $json_string .= "]"; - + echo $json_string; } @@ -409,52 +409,52 @@ function pfz_gw_value($gw, $valuekey) { if(array_key_exists($gw,$gws)) { $value = $gws[$gw][$valuekey]; if ($valuekey=="status") - $value = pfz_valuemap("gateway.status", $value); - echo $value; + $value = pfz_valuemap("gateway.status", $value); + echo $value; } } // IPSEC Discovery function pfz_ipsec_discovery_ph1(){ - - require_once("ipsec.inc"); + + require_once("ipsec.inc"); global $config; init_config_arr(array('ipsec', 'phase1')); $a_phase1 = &$config['ipsec']['phase1']; - + $json_string = '['; - + foreach ($a_phase1 as $data) { $json_string .= '{"{#IKEID}":"' . $data['ikeid'] . '"'; $json_string .= ',"{#NAME}":"' . $data['descr'] . '"'; $json_string .= '},'; - } + } $json_string = rtrim($json_string,","); - $json_string .= "]"; - + $json_string .= "]"; + echo $json_string; - + } -function pfz_ipsec_ph1($ikeid,$valuekey){ +function pfz_ipsec_ph1($ikeid,$valuekey){ // Get Value from IPsec Phase 1 Configuration // If Getting "disabled" value only check item presence in config array require_once("ipsec.inc"); global $config; init_config_arr(array('ipsec', 'phase1')); - $a_phase1 = &$config['ipsec']['phase1']; + $a_phase1 = &$config['ipsec']['phase1']; - $value = ""; + $value = ""; switch ($valuekey) { case 'status': $value = pfz_ipsec_status($ikeid); break; case 'disabled': - $value = "0"; + $value = "0"; default: foreach ($a_phase1 as $data) { if ($data['ikeid'] == $ikeid) { @@ -466,21 +466,21 @@ function pfz_ipsec_ph1($ikeid,$valuekey){ break; } } - } + } } echo $value; } function pfz_ipsec_discovery_ph2(){ - + require_once("ipsec.inc"); - + global $config; init_config_arr(array('ipsec', 'phase2')); $a_phase2 = &$config['ipsec']['phase2']; - + $json_string = '['; - + foreach ($a_phase2 as $data) { $json_string .= '{"{#IKEID}":"' . $data['ikeid'] . '"'; $json_string .= ',"{#NAME}":"' . $data['descr'] . '"'; @@ -488,23 +488,23 @@ function pfz_ipsec_discovery_ph2(){ $json_string .= ',"{#REQID}":"' . $data['reqid'] . '"'; $json_string .= ',"{#EXTID}":"' . $data['ikeid'] . '.' . $data['reqid'] . '"'; $json_string .= '},'; - } + } $json_string = rtrim($json_string,","); - $json_string .= "]"; - + $json_string .= "]"; + echo $json_string; - + } function pfz_ipsec_ph2($uniqid, $valuekey){ require_once("ipsec.inc"); global $config; init_config_arr(array('ipsec', 'phase2')); - $a_phase2 = &$config['ipsec']['phase2']; - + $a_phase2 = &$config['ipsec']['phase2']; + $valuecfr = explode(".",$valuekey); - + switch ($valuecfr[0]) { case 'status': $idarr = explode(".", $uniqid); @@ -514,8 +514,8 @@ function pfz_ipsec_ph2($uniqid, $valuekey){ break; case 'disabled': $value = "0"; - } - + } + foreach ($a_phase2 as $data) { if ($data['uniqid'] == $uniqid) { if(array_key_exists($valuekey,$data)) { @@ -531,20 +531,20 @@ function pfz_ipsec_ph2($uniqid, $valuekey){ } function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ - + require_once("ipsec.inc"); global $config; init_config_arr(array('ipsec', 'phase1')); $a_phase1 = &$config['ipsec']['phase1']; $status = ipsec_list_sa(); - $ipsecconnected = array(); - + $ipsecconnected = array(); + $carp_status = pfz_carp_status(false); - - //Phase-Status match borrowed from status_ipsec.php - if (is_array($status)) { - foreach ($status as $l_ikeid=>$ikesa) { - + + //Phase-Status match borrowed from status_ipsec.php + if (is_array($status)) { + foreach ($status as $l_ikeid=>$ikesa) { + if(isset($ikesa['con-id'])){ $con_id = substr($ikesa['con-id'], 3); }else{ @@ -574,20 +574,20 @@ function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){ $tmp_value = $childsas[$valuekey]; break; } - } + } } } else { $tmp_value = $ikesa[$valuekey]; } - + break; - } - } + } + } } switch($valuekey) { case 'state': $value = pfz_valuemap('ipsec.state', strtolower($tmp_value)); - $value = $value + (10 * ($carp_status-1)); + $value = $value + (10 * ($carp_status-1)); break; default: $value = $tmp_value; @@ -606,18 +606,18 @@ function pfz_carp_status($echo = true){ $status = get_carp_status(); $carp_detected_problems = get_single_sysctl("net.inet.carp.demotion"); - //CARP is disabled - $ret = 0; - + //CARP is disabled + $ret = 0; + if ($status != 0) { //CARP is enabled - if ($carp_detected_problems != 0) { - //There's some Major Problems with CARP + if ($carp_detected_problems != 0) { + //There's some Major Problems with CARP $ret = 4; - if ($echo == true) echo $ret; + if ($echo == true) echo $ret; return $ret; } - + $status_changed = false; $prev_status = ""; foreach ($config['virtualip']['vip'] as $carp) { @@ -630,40 +630,40 @@ function pfz_carp_status($echo = true){ if ($prev_status!="") $status_changed = true; $prev_status = $if_status; } - } + } if ($status_changed) { //CARP Status is inconsistent across interfaces $ret=3; - echo 3; + echo 3; } else { if ($prev_status=="MASTER") - $ret = 1; + $ret = 1; else - $ret = 2; - } + $ret = 2; + } } - - if ($echo == true) echo $ret; + + if ($echo == true) echo $ret; return $ret; - + } function pfz_dhcpfailover_discovery(){ //System functions regarding DHCP Leases will be available in the upcoming release of pfSense, so let's wait require_once("system.inc"); $leases = system_get_dhcpleases(); - + $json_string = '['; - + if (count($leases['failover']) > 0){ foreach ($leases['failover'] as $data){ - $json_string .= '{"{#FAILOVER_GROUP}":"' . str_replace(" ", "__", $data['name']) . '"'; + $json_string .= '{"{#FAILOVER_GROUP}":"' . str_replace(" ", "__", $data['name']) . '"'; } } $json_string = rtrim($json_string,","); - $json_string .= "]"; - + $json_string .= "]"; + echo $json_string; } @@ -671,7 +671,7 @@ function pfz_dhcpfailover_discovery(){ function pfz_packages_uptodate(){ require_once("pkg-utils.inc"); $installed_packages = get_pkg_info('all', false, true); - + $ret = 0; foreach ($installed_packages as $package){ @@ -679,7 +679,7 @@ function pfz_packages_uptodate(){ $ret ++; } } - + return $ret; } @@ -701,7 +701,7 @@ function pfz_get_system_value($section){ break; case "packages_update": echo pfz_packages_uptodate(); - break; + break; } } @@ -711,24 +711,24 @@ function pfz_get_system_value($section){ // Each value map is represented by an associative array function pfz_valuemap($valuename, $value, $default="0"){ - switch ($valuename){ + switch ($valuename){ - case "openvpn.server.status": + case "openvpn.server.status": $valuemap = array( "down" => "0", "up" => "1", "none" => "2", "reconnecting; ping-restart" => "3", "waiting" => "4", - "server_user_listening" => "5"); + "server_user_listening" => "5"); break; - - case "openvpn.client.status": + + case "openvpn.client.status": $valuemap = array( "up" => "1", "down" => "0", "none" => "0", - "reconnecting; ping-restart" => "2"); + "reconnecting; ping-restart" => "2"); break; case "openvpn.server.mode": @@ -737,9 +737,9 @@ function pfz_valuemap($valuename, $value, $default="0"){ "p2p_shared_key" => "2", "server_tls" => "3", "server_user" => "4", - "server_tls_user" => "5"); + "server_tls_user" => "5"); break; - + case "gateway.status": $valuemap = array( "none" => "0", @@ -747,36 +747,36 @@ function pfz_valuemap($valuename, $value, $default="0"){ "highdelay" => "2", "highloss" => "3", "force_down" => "4", - "down" => "5"); - break; - + "down" => "5"); + break; + case "ipsec.iketype": $valuemap = array ( "auto" => 0, "ikev1" => 1, "ikev2" => 2); break; - + case "ipsec.mode": $valuemap = array ( "main" => 0, "aggressive" => 1); break; - + case "ipsec.protocol": $valuemap = array ( "both" => 0, "inet" => 1, "inet6" => 2); break; - + case "ipsec_ph2.mode": $valuemap = array ( "transport" => 0, "tunnel" => 1, "tunnel6" => 2); break; - + case "ipsec_ph2.protocol": $valuemap = array ( "esp" => 1, @@ -801,7 +801,7 @@ function pfz_valuemap($valuename, $value, $default="0"){ //Argument parsers for Discovery function pfz_discovery($section){ - switch (strtolower($section)){ + switch (strtolower($section)){ case "gw": pfz_gw_discovery(); break; @@ -829,17 +829,17 @@ function pfz_discovery($section){ case "dhcpfailover": pfz_dhcpfailover_discovery(); break; - } + } } //Main Code -switch (strtolower($argv[1])){ +switch (strtolower($argv[1])){ case "discovery": pfz_discovery($argv[2]); break; case "gw_value": pfz_gw_value($argv[2],$argv[3]); - break; + break; case "gw_status": pfz_gw_rawstatus(); break;