dani
/
pfsense-zabbix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added OpenVPN Client Monitoring

This commit is contained in:
Riccardo Bicelli 2020-04-28 00:12:32 +02:00
parent 000d3c1c5a
commit a8dbe609c3
4 changed files with 676 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -4,9 +4,12 @@
This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data.
Tested with pfSense 2.4.x and Zabbix 4.0
## What it does
**Template pfSense Active**
- Network interface Discovery and Monitoring with User Assigned Names
- Gateway Discovery and Monitoring (Gateway Status/RTT)
@ -15,6 +18,11 @@ Tested with pfSense 2.4.x and Zabbix 4.0
- CARP Monitoring (Global CARP State)
- Basic Service Discovery and Monitoring (Service Status)
- pfSense Version/Update Available
**Template pfSense Active: OpenVPN Server User Auth**
- Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode
- Monitoring of Client Parameters (Bytes sent/received, Connection Time...)
## Configuration
@ -45,7 +53,7 @@ UserParameter=pfsense.value[*],/usr/local/bin/php /root/scripts/pfsense_zbx.php
_Please note that **AllowRoot=1** option is required in order to execute correctly OpenVPN checks and others._
Then import xml template in Zabbix and add your pfSense hosts.
Then import xml templates in Zabbix and add your pfSense hosts.
If you are running a redundant CARP setup you should adjust the macro {#EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.

44
README.md.backup
View File

@ -1,21 +1,41 @@
# pfSense Zabbix template
[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/rbicelli)
This is a pfSense active template for zabbix, based on [Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for freeBSD part and a php script using pfSense functions library for monitoring specific data.
# pfSense Zabbix Template
Tested with pfSense 2.4 and Zabbix 4.0
This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data.
From 28
Tested with pfSense 2.4.x and Zabbix 4.0
## What it does
- pfSense Version/Update Available
- Gateway Monitoring (Gateway Status/RTT with discovery)
- OpenVPN Server Monitoring (Server Status/Tunnel Status with discovery)
**Template pfSense Active**
- Network interface Discovery and Monitoring with User Assigned Names
- Gateway Discovery and Monitoring (Gateway Status/RTT)
- OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status)
- OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status)
- CARP Monitoring (Global CARP State)
- Basic service monitoring (Service Status with discovery)
- Basic Service Discovery and Monitoring (Service Status)
- pfSense Version/Update Available
**Template pfSense Active: OpenVPN Server User Auth**
- Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode
- Monitoring of Client Parameters (Bytes sent/received, Connection Time...)
## Configuration
First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts).
For example, from pfSense shell:
```bash
mkdir /root/scripts
curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php
```
Then install package "Zabbix Agent 4" on your pfSense Box
@ -32,11 +52,11 @@ UserParameter=pfsense.discovery[*],/usr/local/bin/php /root/scripts/pfsense_zbx.
UserParameter=pfsense.value[*],/usr/local/bin/php /root/scripts/pfsense_zbx.php $1 $2 $3
```
__Please note that **AllowRoot=1** option is required in order to execute correctly OpenVPN checks and others._
_Please note that **AllowRoot=1** option is required in order to execute correctly OpenVPN checks and others._
Then import xml template in Zabbix and add your pfSense hosts.
If you are running a redundant CARP setup you can adjust the macro {#EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.
If you are running a redundant CARP setup you should adjust the macro {#EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.
Possible values are:
@ -44,4 +64,8 @@ Possible values are:
- 1: Master
- 2: Backup
This is useful when monitoring services which could stay stopped on CARP Backup Member.
This is useful when monitoring services which could stay stopped on CARP Backup Member.
## Credits
[Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part.

6
pfsense_zbx.php
View File

@ -186,9 +186,9 @@ function pfz_openvpn_server_userdiscovery(){
// Get OpenVPN User Connected Value
function pfz_openvpn_server_uservalue($unique_id, $valuekey){
$atpos=strpos($uniqueid,'@');
$user_id = substr($uniqueid,0,$atpos);
$server_id = substr($uniqueid,$atpos+1);
$atpos=strpos($unique_id,'@');
$server_id = substr($unique_id,0,$atpos);
$user_id = substr($unique_id,$atpos+1);
$servers = pfz_openvpn_get_all_servers();
foreach($servers as $server) {

630
template_pfsense_active_ovpn_user.xml Normal file
View File

@ -0,0 +1,630 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>4.0</version>
<date>2020-04-27T22:05:29Z</date>
<groups>
<group>
<name>Templates</name>
</group>
</groups>
<templates>
<template>
<template>Template pfSense Active OpenVPN Server User Auth</template>
<name>pfSense Active: OpenVPN Server User Auth</name>
<description>Extension for pfSense Active Template.&#13;
Monitor client Connections of OpenVPN Server.</description>
<groups>
<group>
<name>Templates</name>
</group>
</groups>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<items/>
<discovery_rules>
<discovery_rule>
<name>OpenVPN User Auth Connected Clients Discovery</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[openvpn_server_user]</key>
<delay>30s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<filter>
<evaltype>0</evaltype>
<formula/>
<conditions/>
</filter>
<lifetime>30d</lifetime>
<description>Discovery of clients connected to OpenVPN Server in User Auth Mode</description>
<item_prototypes>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Received</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_recv]</key>
<delay>60s</delay>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units>bytes</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Client Bytes Received</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Bytes Sent</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},bytes_sent]</key>
<delay>60s</delay>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units>bytes</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Client Bytes Sent</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Client ID</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},client_id]</key>
<delay>120s</delay>
<history>0</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Client ID</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Connection Time</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},connect_time_unix]</key>
<delay>60s</delay>
<history>180d</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units>unixtime</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Client Connect Time</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Peer ID</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},peer_id]</key>
<delay>60s</delay>
<history>0</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Peer ID</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Remote Host</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},remote_host]</key>
<delay>60s</delay>
<history>0</history>
<trends>0</trends>
<status>0</status>
<value_type>4</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Remote Host</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: User Name</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},user_name]</key>
<delay>60s</delay>
<history>0</history>
<trends>0</trends>
<status>0</status>
<value_type>4</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Client User Name</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address (IPv6)</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr6]</key>
<delay>180s</delay>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>4</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPv6 Address assigned from OpenVPN Server</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Virtual IP Address</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr]</key>
<delay>30s</delay>
<history>180d</history>
<trends>0</trends>
<status>0</status>
<value_type>4</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IP Address assigned from OpenVPN Server</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
</item_prototypes>
<trigger_prototypes/>
<graph_prototypes/>
<host_prototypes/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
</discovery_rule>
</discovery_rules>
<httptests/>
<macros/>
<templates/>
<screens/>
</template>
</templates>
</zabbix_export>