From bd6045f9bd402f6fb4055f586e1eebf7bbd6eb9a Mon Sep 17 00:00:00 2001 From: Guillaume Hullin Date: Fri, 21 Jan 2022 12:17:14 +0100 Subject: [PATCH 1/5] Update template_pfsense_active.xml - added certificate monitoring - added services monitoring selection based on macro with some default macro for iperf service (disabling monitoring) and PC/SC Smart Card Daemon (check if NOT running) because of a memory leak issue. - removed delay definitions of 60s which should be the default value defined in Zabbix server - removed history definitions of 27d which should be the default value defined in Zabbix server - convert a few value to more readable form (exemple 3600 to 1h) --- template_pfsense_active.xml | 277 ++++++++++++++++++++---------------- 1 file changed, 155 insertions(+), 122 deletions(-) diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index 00f0c47..e42e5a1 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -21,6 +21,9 @@ https://github.com/rbicelli/pfsense-zabbix-template + + Certificate Manager + CPU @@ -36,9 +39,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Memory - - Network interfaces - Network Limits @@ -66,8 +66,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Maximum number of opened files ZABBIX_ACTIVE kernel.maxfiles - 3600 - 27d + 1h It could be increased by using sysctrl utility or modifying file /etc/sysctl.conf. @@ -86,8 +85,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Maximum number of processes ZABBIX_ACTIVE kernel.maxproc - 3600 - 27d + 1h It could be increased by using sysctrl utility or modifying file /etc/sysctl.conf. @@ -106,8 +104,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Used memory (calc) CALCULATED kt.mem.used - 60 - 28d B last(vm.memory.size[total]) - last(vm.memory.size[available]) @@ -136,8 +132,6 @@ https://github.com/rbicelli/pfsense-zabbix-template MBUF Cache ZABBIX_ACTIVE pfsense.mbuf.cache - 60 - 27d Network Limits @@ -148,8 +142,6 @@ https://github.com/rbicelli/pfsense-zabbix-template MBUF Current ZABBIX_ACTIVE pfsense.mbuf.current - 60 - 27d Network Limits @@ -160,8 +152,7 @@ https://github.com/rbicelli/pfsense-zabbix-template MBUF Max ZABBIX_ACTIVE pfsense.mbuf.max - 600 - 27d + 10m Network Limits @@ -172,8 +163,6 @@ https://github.com/rbicelli/pfsense-zabbix-template MBUF Total Used (percent) CALCULATED pfsense.mbuf.ptotal - 60 - 28d FLOAT % ((last(pfsense.mbuf.current) + last(pfsense.mbuf.cache)) * 100) / last(pfsense.mbuf.max) @@ -199,8 +188,6 @@ https://github.com/rbicelli/pfsense-zabbix-template States Table Current ZABBIX_ACTIVE pfsense.states.current - 60 - 27d Network Limits @@ -211,8 +198,7 @@ https://github.com/rbicelli/pfsense-zabbix-template States Table Max ZABBIX_ACTIVE pfsense.states.max - 600 - 27d + 10m Network Limits @@ -223,8 +209,6 @@ https://github.com/rbicelli/pfsense-zabbix-template States Table Current (percent) CALCULATED pfsense.states.pused - 60 - 28d FLOAT % (last(pfsense.states.current) * 100) / last(pfsense.states.max) @@ -263,7 +247,7 @@ https://github.com/rbicelli/pfsense-zabbix-template {last()}>2 - CARP Problems on {HOST.NAME} + CARP Problems on {HOST.NAME} HIGH CARP Problems @@ -276,11 +260,90 @@ https://github.com/rbicelli/pfsense-zabbix-template + + Certificates Manager: latest "validFrom" + pfsense.value[cert_date,validFrom.max] + unixtime + This item will return will return the latest date "validFrom" from all the certificates (including CA). This is used to find new/renewed certificates. + + + Certificate Manager + + + + + DISCARD_UNCHANGED_HEARTBEAT + 1d + + + + + ({now()}-{last()})<1d + One or more certificates have been renewed in the past 24h + Latest "Valid From": {ITEM.LASTVALUE1} + INFO + YES + + + + + Certificates Manager: earliest "validTo" + pfsense.value[cert_date,validTo.min] + unixtime + This item will return will return the earliest date "validTo" from all the certificates (including CA). This is used to find expiring certificates. + + + Certificate Manager + + + + + DISCARD_UNCHANGED_HEARTBEAT + 1d + + + + + {last()}<{now()} + One or more certificates are expired + Earliest "Valid To": {ITEM.LASTVALUE1} + HIGH + + + ({last()}-{now()})<{$PFSENSE_CERT_EXPIRATION.AVERAGE} + One or more certificates are expiring less than {$PFSENSE_CERT_EXPIRATION.AVERAGE} + Earliest "Valid To": {ITEM.LASTVALUE1} + AVERAGE + + + One or more certificates are expired + {Template pfSense Active:pfsense.value[cert_date,validTo.min].last()}<{Template pfSense Active:pfsense.value[cert_date,validTo.min].now()} + + + + + ({last()}-{now()})<{$PFSENSE_CERT_EXPIRATION.WARN} + One or more certificates are expiring less than {$PFSENSE_CERT_EXPIRATION.WARN} + Earliest "Valid To": {ITEM.LASTVALUE1} + WARNING + + + One or more certificates are expired + {Template pfSense Active:pfsense.value[cert_date,validTo.min].last()}<{Template pfSense Active:pfsense.value[cert_date,validTo.min].now()} + + + One or more certificates are expiring less than {$PFSENSE_CERT_EXPIRATION.AVERAGE} + ({Template pfSense Active:pfsense.value[cert_date,validTo.min].last()}-{Template pfSense Active:pfsense.value[cert_date,validTo.min].now()})<{$PFSENSE_CERT_EXPIRATION.AVERAGE} + + + + + DHCP Failover Pool Problems ZABBIX_ACTIVE pfsense.value[dhcp,failover] - 120s + 2m This value indicates, in a HA scenario, if DHCP failover pool partners are out of sync. @@ -292,7 +355,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Gateway Status Raw ZABBIX_ACTIVE pfsense.value[gw_status] - 60s 0 TEXT Gateway Status Raw @@ -317,7 +379,7 @@ https://github.com/rbicelli/pfsense-zabbix-template SMART Status ZABBIX_ACTIVE pfsense.value[smart_status] - 1800s + 30m pfSense SMART Status @@ -387,6 +449,7 @@ https://github.com/rbicelli/pfsense-zabbix-template {last()}>0 Packages Update Available on {HOST.NAME} + {ITEM.LASTVALUE} INFO New version of packages are available @@ -409,8 +472,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Number of running processes ZABBIX_ACTIVE proc.num[,,run] - 60 - 27d Number of processes in running state. @@ -429,8 +490,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Number of processes ZABBIX_ACTIVE proc.num[] - 60 - 27d Total number of processes in any state. @@ -449,8 +508,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Host boot time ZABBIX_ACTIVE system.boottime - 600 - 27d + 10m unixtime @@ -462,8 +520,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Interrupts per second ZABBIX_ACTIVE system.cpu.intr - 60 - 27d ips @@ -481,8 +537,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Processor load (1min/core) ZABBIX_ACTIVE system.cpu.load[percpu,avg1] - 60 - 27d FLOAT The processor load is calculated as system CPU load divided by number of CPU cores. @@ -502,8 +556,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Processor load (5min/core) ZABBIX_ACTIVE system.cpu.load[percpu,avg5] - 60 - 27d FLOAT The processor load is calculated as system CPU load divided by number of CPU cores. @@ -516,8 +568,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Processor load (15min/core) ZABBIX_ACTIVE system.cpu.load[percpu,avg15] - 60 - 27d FLOAT The processor load is calculated as system CPU load divided by number of CPU cores. @@ -530,8 +580,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Context switches per second ZABBIX_ACTIVE system.cpu.switches - 60 - 27d sps @@ -549,8 +597,6 @@ https://github.com/rbicelli/pfsense-zabbix-template CPU $2 time ZABBIX_ACTIVE system.cpu.util[,idle] - 60 - 27d FLOAT % The time the CPU has spent doing nothing. @@ -564,8 +610,6 @@ https://github.com/rbicelli/pfsense-zabbix-template CPU $2 time ZABBIX_ACTIVE system.cpu.util[,interrupt] - 60 - 27d FLOAT % The amount of time the CPU has been servicing hardware interrupts. @@ -579,8 +623,6 @@ https://github.com/rbicelli/pfsense-zabbix-template CPU $2 time ZABBIX_ACTIVE system.cpu.util[,nice] - 60 - 27d FLOAT % The time the CPU has spent running users' processes that have been niced. @@ -594,8 +636,6 @@ https://github.com/rbicelli/pfsense-zabbix-template CPU $2 time ZABBIX_ACTIVE system.cpu.util[,system] - 60 - 27d FLOAT % The time the CPU has spent running the kernel and its processes. @@ -609,8 +649,6 @@ https://github.com/rbicelli/pfsense-zabbix-template CPU $2 time ZABBIX_ACTIVE system.cpu.util[,user] - 60 - 27d FLOAT % The time the CPU has spent running users' processes that are not niced. @@ -624,8 +662,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Host name ZABBIX_ACTIVE system.hostname - 3600 - 27d + 1h 0 CHAR System host name. @@ -647,8 +684,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Host local time ZABBIX_ACTIVE system.localtime - 60 - 27d unixtime @@ -660,8 +695,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Free swap space ZABBIX_ACTIVE system.swap.size[,free] - 60 - 27d B @@ -673,8 +706,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Free swap space in % ZABBIX_ACTIVE system.swap.size[,pfree] - 60 - 27d FLOAT % @@ -695,8 +726,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Total swap space ZABBIX_ACTIVE system.swap.size[,total] - 3600 - 27d + 1h B @@ -708,8 +738,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Used swap space ZABBIX_ACTIVE system.swap.size[,used] - 60 - 27d B @@ -721,8 +749,7 @@ https://github.com/rbicelli/pfsense-zabbix-template System information ZABBIX_ACTIVE system.uname - 3600 - 27d + 1h 0 CHAR The information as normally returned by 'uname -a'. @@ -744,8 +771,7 @@ https://github.com/rbicelli/pfsense-zabbix-template System uptime ZABBIX_ACTIVE system.uptime - 600 - 27d + 10m uptime @@ -764,8 +790,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Number of logged in users ZABBIX_ACTIVE system.users.num - 60 - 27d Number of users who are currently logged in. @@ -777,8 +801,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Checksum of $1 ZABBIX_ACTIVE vfs.file.cksum[/etc/passwd] - 3600 - 27d + 1h OS @@ -796,8 +819,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Active memory ZABBIX_ACTIVE vm.memory.size[active] - 60 - 28d B Memory used by processes @@ -810,8 +831,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Available memory ZABBIX_ACTIVE vm.memory.size[available] - 60 - 27d B Available memory is defined as free+cached+buffers memory. @@ -831,8 +850,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Buffered memory ZABBIX_ACTIVE vm.memory.size[buffers] - 60 - 28d DISABLED B Cache d'entrées des IO disque. @@ -848,8 +865,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Cached memory ZABBIX_ACTIVE vm.memory.size[cached] - 60 - 28d B amount of memory used to cache data @@ -862,8 +877,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Free memory ZABBIX_ACTIVE vm.memory.size[free] - 60 - 28d B amount of memory completely free and ready to be used directly. @@ -876,8 +889,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Inactive memory ZABBIX_ACTIVE vm.memory.size[inactive] - 60 - 28d B amount of memory that contains data that is no longer used (can be directly freed if needed) @@ -890,8 +901,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Available memory (percent) ZABBIX_ACTIVE vm.memory.size[pavailable] - 60 - 28d FLOAT % Available memory is defined as free+cached+buffers memory. @@ -911,8 +920,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Shared memory ZABBIX_ACTIVE vm.memory.size[shared] - 60 - 28d DISABLED B quantité de mémoire partagée entre plusieurs processus @@ -928,8 +935,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Total memory ZABBIX_ACTIVE vm.memory.size[total] - 3600 - 27d + 1h B quantité de mémoire totale @@ -942,8 +948,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Used memory ZABBIX_ACTIVE vm.memory.size[used] - 60 - 28d DISABLED B Item désactivé car non utilisé @@ -957,8 +961,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Wired memory ZABBIX_ACTIVE vm.memory.size[wired] - 60 - 28d B amount of memory used by the kernel, can neither be unloaded in swap, nor compressed. @@ -973,7 +975,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Gateways Discovery ZABBIX_ACTIVE pfsense.discovery[gw] - 300s + 5m Gateway Discovery @@ -1125,7 +1127,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Network interface discovery ZABBIX_ACTIVE pfsense.discovery[interfaces] - 3600s + 1h @@ -1142,7 +1144,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Incoming Errors on {#IFDESCR} ZABBIX_ACTIVE net.if.in[{#IFNAME},errors] - 60 7d @@ -1154,7 +1155,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Incoming network traffic on {#IFDESCR} ZABBIX_ACTIVE net.if.in[{#IFNAME}] - 60 7d bps @@ -1177,7 +1177,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Outgoing errors on {#IFDESCR} ZABBIX_ACTIVE net.if.out[{#IFNAME},errors] - 60 7d @@ -1189,7 +1188,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Outgoing network traffic on {#IFDESCR} ZABBIX_ACTIVE net.if.out[{#IFNAME}] - 60 7d bps @@ -1241,14 +1239,13 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Client Discovery ZABBIX_ACTIVE pfsense.discovery[openvpn_client] - 300s + 5m OpenVPN Client Discovery OpenVPN Client {#NAME} Tunnel Status ZABBIX_ACTIVE pfsense.value[openvpn_clientvalue,{#CLIENT},status] - 60s OpenVPN Client @@ -1272,13 +1269,12 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server Discovery ZABBIX_ACTIVE pfsense.discovery[openvpn_server] - 300s + 5m OpenVPN Server {#NAME} Clients Connected ZABBIX_ACTIVE pfsense.value[openvpn_servervalue,{#SERVER},conns] - 60s OpenVPN Server @@ -1289,7 +1285,7 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#NAME} Mode ZABBIX_ACTIVE pfsense.value[openvpn_servervalue,{#SERVER},mode] - 300s + 5m OpenVPN Server @@ -1303,7 +1299,7 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#NAME} Port ZABBIX_ACTIVE pfsense.value[openvpn_servervalue,{#SERVER},port] - 300s + 5m OpenVPN Server @@ -1314,8 +1310,7 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#NAME} Tunnel Status ZABBIX_ACTIVE pfsense.value[openvpn_servervalue,{#SERVER},status] - 60s - + OpenVPN Server @@ -1338,7 +1333,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Services Discovery ZABBIX_ACTIVE pfsense.discovery[services] - 300s + 5m @@ -1350,10 +1345,10 @@ https://github.com/rbicelli/pfsense-zabbix-template - Service {#DESCRIPTION} enabled on CARP Slave + Service {#DESCRIPTION} enabled on CARP Slave ZABBIX_ACTIVE pfsense.value[service_value,{#SERVICE},run_on_carp_slave] - 600s + 10m Services @@ -1367,7 +1362,6 @@ https://github.com/rbicelli/pfsense-zabbix-template Service {#DESCRIPTION} Status ZABBIX_ACTIVE pfsense.value[service_value,{#SERVICE},status] - 60s Services @@ -1380,7 +1374,8 @@ https://github.com/rbicelli/pfsense-zabbix-template - {Template pfSense Active:pfsense.value[service_value,{#SERVICE},status].last()}=0 and ( + {Template pfSense Active:pfsense.value[service_value,{#SERVICE},status].last()}=0 +and {$PFSENSE_SRVC_MONITORING:"{#SERVICE}"}=1 and ( ({Template pfSense Active:pfsense.value[service_value,{#SERVICE},run_on_carp_slave].last()}=1 and {Template pfSense Active:pfsense.value[carp_status].last()}=2) @@ -1395,7 +1390,26 @@ or ) Service {#DESCRIPTION} is not running HIGH - Service is not running + Service is not running + +If you want to skip the trigger for this service, add the macro $PFSENSE_SRVC_MONITORING:"{#SERVICE}"=0 + +0 = Service monitoring disabled +1 = Service monitoring check if running +2 = Service monitoring check if not running + + + {Template pfSense Active:pfsense.value[service_value,{#SERVICE},status].last()}=1 and {$PFSENSE_SRVC_MONITORING:"{#SERVICE}"}=2 and (({Template pfSense Active:pfsense.value[service_value,{#SERVICE},run_on_carp_slave].last()}=1 and {Template pfSense Active:pfsense.value[carp_status].last()}=2) or {Template pfSense Active:pfsense.value[carp_status].last()}=1 or {Template pfSense Active:pfsense.value[carp_status].last()}=0) + Service {#DESCRIPTION} is running + HIGH + Service is running + +If you want to skip the trigger for this service, remove the macro $PFSENSE_SRVC_MONITORING:"{#SERVICE}"=2 +Alternatively you can also set the macro to 1 or 0. + +0 = Service monitoring disabled +1 = Service monitoring check if running +2 = Service monitoring check if not running @@ -1403,7 +1417,7 @@ or Mounted filesystem discovery ZABBIX_ACTIVE vfs.fs.discovery - 3600 + 1h @@ -1420,7 +1434,6 @@ or Free inodes on $1 (percentage) ZABBIX_ACTIVE vfs.fs.inode[{#FSNAME},pfree] - 60 7d FLOAT % @@ -1441,7 +1454,6 @@ or Free disk space on $1 ZABBIX_ACTIVE vfs.fs.size[{#FSNAME},free] - 60 7d B @@ -1454,7 +1466,6 @@ or Free disk space on $1 (percentage) ZABBIX_ACTIVE vfs.fs.size[{#FSNAME},pfree] - 60 7d FLOAT % @@ -1475,7 +1486,7 @@ or Total disk space on $1 ZABBIX_ACTIVE vfs.fs.size[{#FSNAME},total] - 3600 + 1h 7d B @@ -1488,7 +1499,6 @@ or Used disk space on $1 ZABBIX_ACTIVE vfs.fs.size[{#FSNAME},used] - 60 7d B @@ -1555,6 +1565,29 @@ or {$EXPECTED_CARP_STATUS} 0 + + {$PFSENSE_CERT_EXPIRATION.AVERAGE} + 48h + + + {$PFSENSE_CERT_EXPIRATION.WARN} + 10d + + + {$PFSENSE_SRVC_MONITORING} + 1 + Enable monitoring of Services + + + {$PFSENSE_SRVC_MONITORING:"iperf"} + 0 + Disable monitoring of Service iperf Network Performance Testing Daemon/Client + + + {$PFSENSE_SRVC_MONITORING:"pcscd"} + 2 + Enable monitoring of PC/SC Smart Card Daemon (check if NOT running) https://redmine.pfsense.org/issues/12095 + @@ -1666,7 +1699,7 @@ or ({Template pfSense Active:pfsense.value[system,version].last()}<>{Template pfSense Active:pfsense.value[system,installed_version].last()})=1 New Version Available on {HOST.NAME} INFO - Noify of new version of pfsense available + Notify of new version of pfsense available From 2586bc16e5c48bbc5059b87b74a84cfae9e86070 Mon Sep 17 00:00:00 2001 From: Guillaume Hullin Date: Fri, 21 Jan 2022 12:17:32 +0100 Subject: [PATCH 2/5] Update pfsense_zbx.php Added certificate monitoring functions --- pfsense_zbx.php | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 1c6652f..ddb0f7b 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -1069,6 +1069,29 @@ function pfz_get_smart_status(){ echo $status; } +// Certificats validity date +function pfz_get_cert_date($valuekey){ + global $config; + + $value = 0; + foreach (array("cert", "ca") as $cert_type) { + switch ($valuekey){ + case "validFrom.max": + foreach ($config[$cert_type] as $cert) { + $certinfo = openssl_x509_parse(base64_decode($cert[crt])); + if ($value == 0 or $value < $certinfo['validFrom_time_t']) $value = $certinfo['validFrom_time_t']; + } + break; + case "validTo.min": + foreach ($config[$cert_type] as $cert) { + $certinfo = openssl_x509_parse(base64_decode($cert[crt])); + if ($value == 0 or $value > $certinfo['validTo_time_t']) $value = $certinfo['validTo_time_t']; + } + break; + } + } + echo $value; +} // File is present function pfz_file_exists($filename) { @@ -1269,6 +1292,9 @@ switch (strtolower($argv[1])){ case "smart_status": pfz_get_smart_status(); break; + case "cert_date": + pfz_get_cert_date($argv[2]); + break; default: pfz_test(); } From 3dd9bd78a9fef806a1604ce37a5e321b6e8b10b4 Mon Sep 17 00:00:00 2001 From: Guillaume Hullin Date: Fri, 21 Jan 2022 12:31:32 +0100 Subject: [PATCH 3/5] delay updates - removed delay definitions of 60s which should be the default value defined in Zabbix server - convert a value to more readable form (exemple 3600 to 1h) --- template_pfsense_active_ipsec.xml | 23 +++++++++++------------ template_pfsense_active_ovpn_user.xml | 10 ---------- template_pfsense_active_speedtest.xml | 8 ++++---- 3 files changed, 15 insertions(+), 26 deletions(-) diff --git a/template_pfsense_active_ipsec.xml b/template_pfsense_active_ipsec.xml index 094d9da..ae17b1b 100644 --- a/template_pfsense_active_ipsec.xml +++ b/template_pfsense_active_ipsec.xml @@ -33,14 +33,14 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Phase 1 Discovery ZABBIX_ACTIVE pfsense.discovery[ipsec_ph1] - 1200s + 20m Discovery of IPsec Phase 1 IPsec Tunnel {#IKEID} {#NAME} Tunnel Enabled ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},disabled] - 120s + 2m IPsec Phase 1 Tunnel Mode @@ -55,7 +55,7 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Tunnel {#IKEID} {#NAME} IKE Type ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},iketype] - 600s + 10m IPsec Phase 1 IKE Type @@ -70,7 +70,7 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Tunnel {#IKEID} {#NAME} Tunnel Mode ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},mode] - 600s + 10m IPsec Phase 1 Tunnel Mode @@ -85,7 +85,7 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Tunnel {#IKEID} {#NAME} Protocol ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},protocol] - 600s + 10m IPsec Phase 1 Protocol @@ -100,7 +100,7 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Tunnel {#IKEID} {#NAME} Remote Gateway ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},remote-gateway] - 600s + 10m 0 TEXT IPsec Phase 1 Remote Gateway @@ -114,7 +114,6 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Tunnel {#IKEID} {#NAME} Phase 1 Status ZABBIX_ACTIVE pfsense.value[ipsec_ph1,{#IKEID},status] - 60s IPsec Phase 1 Tunnel Mode @@ -139,14 +138,14 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Phase 2 Discovery ZABBIX_ACTIVE pfsense.discovery[ipsec_ph2] - 1200s + 20m Discovery of IPsec Phase 2 IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Enabled ZABBIX_ACTIVE pfsense.value[ipsec_ph2,{#UNIQID},disabled] - 120s + 2m IPsec Tunnel Phase 2 Protocol @@ -161,7 +160,7 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Life Time ZABBIX_ACTIVE pfsense.value[ipsec_ph2,{#UNIQID},lifetime] - 600s + 10m s IPsec Tunnel Phase 2 Life Time @@ -174,7 +173,7 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Mode ZABBIX_ACTIVE pfsense.value[ipsec_ph2,{#UNIQID},mode] - 600s + 10m IPsec Tunnel Phase 2 Mode @@ -186,7 +185,7 @@ https://github.com/rbicelli/pfsense-zabbix-template IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Protocol ZABBIX_ACTIVE pfsense.value[ipsec_ph2,{#UNIQID},protocol] - 600s + 10m IPsec Tunnel Phase 2 Protocol diff --git a/template_pfsense_active_ovpn_user.xml b/template_pfsense_active_ovpn_user.xml index cc07a0f..70dd7eb 100644 --- a/template_pfsense_active_ovpn_user.xml +++ b/template_pfsense_active_ovpn_user.xml @@ -33,14 +33,12 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN User Auth Connected Clients Discovery ZABBIX_ACTIVE pfsense.discovery[openvpn_server_user] - 60s Discovery of clients connected to OpenVPN Server in User Auth Mode OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Received ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_recv] - 60s 0 bytes Client Bytes Received @@ -54,7 +52,6 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Sent ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_sent] - 60s 0 bytes Client Bytes Sent @@ -68,7 +65,6 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#SERVERNAME}, Client {#USERID}: Connection Time ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},connect_time_unix] - 60s 0 unixtime Client Connect Time @@ -82,7 +78,6 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#SERVERNAME}, Client {#USERID}: Remote Host ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},remote_host] - 60s 0 TEXT Remote Host @@ -96,7 +91,6 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#SERVERNAME}, Client {#USERID}: User Name ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},user_name] - 60s 0 TEXT Client User Name @@ -110,7 +104,6 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address (IPv6) ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr6] - 60s 0 TEXT IPv6 Address assigned from OpenVPN Server @@ -124,7 +117,6 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr] - 60s 0 TEXT IP Address assigned from OpenVPN Server @@ -138,7 +130,6 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#SERVERNAME}, Client {#USERID}: Client ID ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},client_id] - 60s 0 Client ID @@ -151,7 +142,6 @@ https://github.com/rbicelli/pfsense-zabbix-template OpenVPN Server {#SERVERNAME}, Client {#USERID}: Peer ID ZABBIX_ACTIVE pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},peer_id] - 60s 0 Peer ID diff --git a/template_pfsense_active_speedtest.xml b/template_pfsense_active_speedtest.xml index 45fb366..ae135c2 100644 --- a/template_pfsense_active_speedtest.xml +++ b/template_pfsense_active_speedtest.xml @@ -33,14 +33,14 @@ https://github.com/rbicelli/pfsense-zabbix-template WAN Interfaces ZABBIX_ACTIVE pfsense.discovery[wan] - 300s + 6h Discover WAN Interfaces Speedtest Download on {#IFDESCR} ZABBIX_ACTIVE pfsense.value[if_speedtest_value,{#IFNAME},download] - 3600s + 30m FLOAT bps Download speed determined by Ookla Speedtest package @@ -54,7 +54,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Speedtest Ping on {#IFDESCR} ZABBIX_ACTIVE pfsense.value[if_speedtest_value,{#IFNAME},ping] - 3600s + 30m FLOAT ms Ping determined by Ookla Speedtest package @@ -68,7 +68,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Speedtest Upload on {#IFDESCR} ZABBIX_ACTIVE pfsense.value[if_speedtest_value,{#IFNAME},upload] - 3600s + 30m FLOAT bps Ping determined by Ookla Speedtest package From 71c8d6e96337f36373808fa1237d98803c262fa0 Mon Sep 17 00:00:00 2001 From: Guillaume Hullin Date: Fri, 21 Jan 2022 12:48:33 +0100 Subject: [PATCH 4/5] Update template_pfsense_active.xml removed need of global regex --- template_pfsense_active.xml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index e42e5a1..29cdcce 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -1334,15 +1334,6 @@ https://github.com/rbicelli/pfsense-zabbix-template ZABBIX_ACTIVE pfsense.discovery[services] 5m - - - - {#SERVICE} - @pfSense service names for discovery - A - - - Service {#DESCRIPTION} enabled on CARP Slave From add56b4cd246c030068b65b47be5b28f15ba81d9 Mon Sep 17 00:00:00 2001 From: Guillaume Hullin Date: Fri, 21 Jan 2022 13:09:11 +0100 Subject: [PATCH 5/5] Update template_pfsense_active.xml Switch from to zabbix active agent items --- template_pfsense_active.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/template_pfsense_active.xml b/template_pfsense_active.xml index 29cdcce..186f811 100644 --- a/template_pfsense_active.xml +++ b/template_pfsense_active.xml @@ -262,6 +262,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Certificates Manager: latest "validFrom" + ZABBIX_ACTIVE pfsense.value[cert_date,validFrom.max] unixtime This item will return will return the latest date "validFrom" from all the certificates (including CA). This is used to find new/renewed certificates. @@ -288,6 +289,7 @@ https://github.com/rbicelli/pfsense-zabbix-template Certificates Manager: earliest "validTo" + ZABBIX_ACTIVE pfsense.value[cert_date,validTo.min] unixtime This item will return will return the earliest date "validTo" from all the certificates (including CA). This is used to find expiring certificates.