From a8dbe609c3bece6323f52a22f9edcf0c1aeb3965 Mon Sep 17 00:00:00 2001 From: Riccardo Bicelli Date: Tue, 28 Apr 2020 00:12:32 +0200 Subject: [PATCH] Added OpenVPN Client Monitoring --- README.md | 10 +- README.md.backup | 44 +- pfsense_zbx.php | 6 +- template_pfsense_active_ovpn_user.xml | 630 ++++++++++++++++++++++++++ 4 files changed, 676 insertions(+), 14 deletions(-) create mode 100644 template_pfsense_active_ovpn_user.xml diff --git a/README.md b/README.md index 9a773ed..55ad35f 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,12 @@ This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data. + Tested with pfSense 2.4.x and Zabbix 4.0 ## What it does + +**Template pfSense Active** - Network interface Discovery and Monitoring with User Assigned Names - Gateway Discovery and Monitoring (Gateway Status/RTT) @@ -15,6 +18,11 @@ Tested with pfSense 2.4.x and Zabbix 4.0 - CARP Monitoring (Global CARP State) - Basic Service Discovery and Monitoring (Service Status) - pfSense Version/Update Available + +**Template pfSense Active: OpenVPN Server User Auth** + + - Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode + - Monitoring of Client Parameters (Bytes sent/received, Connection Time...) ## Configuration @@ -45,7 +53,7 @@ UserParameter=pfsense.value[*],/usr/local/bin/php /root/scripts/pfsense_zbx.php _Please note that **AllowRoot=1** option is required in order to execute correctly OpenVPN checks and others._ -Then import xml template in Zabbix and add your pfSense hosts. +Then import xml templates in Zabbix and add your pfSense hosts. If you are running a redundant CARP setup you should adjust the macro {#EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box. diff --git a/README.md.backup b/README.md.backup index 218e1c0..f3e34b8 100644 --- a/README.md.backup +++ b/README.md.backup @@ -1,21 +1,41 @@ -# pfSense Zabbix template +[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/rbicelli) -This is a pfSense active template for zabbix, based on [Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for freeBSD part and a php script using pfSense functions library for monitoring specific data. +# pfSense Zabbix Template -Tested with pfSense 2.4 and Zabbix 4.0 +This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data. + +From 28 + +Tested with pfSense 2.4.x and Zabbix 4.0 ## What it does - - pfSense Version/Update Available - - Gateway Monitoring (Gateway Status/RTT with discovery) - - OpenVPN Server Monitoring (Server Status/Tunnel Status with discovery) +**Template pfSense Active** + + - Network interface Discovery and Monitoring with User Assigned Names + - Gateway Discovery and Monitoring (Gateway Status/RTT) + - OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status) + - OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status) - CARP Monitoring (Global CARP State) - - Basic service monitoring (Service Status with discovery) + - Basic Service Discovery and Monitoring (Service Status) + - pfSense Version/Update Available + +**Template pfSense Active: OpenVPN Server User Auth** + - Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode + - Monitoring of Client Parameters (Bytes sent/received, Connection Time...) ## Configuration First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts). + +For example, from pfSense shell: + +```bash +mkdir /root/scripts +curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php +``` + Then install package "Zabbix Agent 4" on your pfSense Box @@ -32,11 +52,11 @@ UserParameter=pfsense.discovery[*],/usr/local/bin/php /root/scripts/pfsense_zbx. UserParameter=pfsense.value[*],/usr/local/bin/php /root/scripts/pfsense_zbx.php $1 $2 $3 ``` -__Please note that **AllowRoot=1** option is required in order to execute correctly OpenVPN checks and others._ +_Please note that **AllowRoot=1** option is required in order to execute correctly OpenVPN checks and others._ Then import xml template in Zabbix and add your pfSense hosts. -If you are running a redundant CARP setup you can adjust the macro {#EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box. +If you are running a redundant CARP setup you should adjust the macro {#EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box. Possible values are: @@ -44,4 +64,8 @@ Possible values are: - 1: Master - 2: Backup -This is useful when monitoring services which could stay stopped on CARP Backup Member. \ No newline at end of file +This is useful when monitoring services which could stay stopped on CARP Backup Member. + +## Credits + +[Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part. diff --git a/pfsense_zbx.php b/pfsense_zbx.php index 2736bc1..19a4888 100644 --- a/pfsense_zbx.php +++ b/pfsense_zbx.php @@ -186,9 +186,9 @@ function pfz_openvpn_server_userdiscovery(){ // Get OpenVPN User Connected Value function pfz_openvpn_server_uservalue($unique_id, $valuekey){ - $atpos=strpos($uniqueid,'@'); - $user_id = substr($uniqueid,0,$atpos); - $server_id = substr($uniqueid,$atpos+1); + $atpos=strpos($unique_id,'@'); + $server_id = substr($unique_id,0,$atpos); + $user_id = substr($unique_id,$atpos+1); $servers = pfz_openvpn_get_all_servers(); foreach($servers as $server) { diff --git a/template_pfsense_active_ovpn_user.xml b/template_pfsense_active_ovpn_user.xml new file mode 100644 index 0000000..4932eee --- /dev/null +++ b/template_pfsense_active_ovpn_user.xml @@ -0,0 +1,630 @@ + + + 4.0 + 2020-04-27T22:05:29Z + + + Templates + + + + + +