dani
/
pfsense-zabbix
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into develop

This commit is contained in:
Riccardo Bicelli 2021-07-05 14:36:15 +02:00
parent 2415ae4b42 11784220d9
commit d784c1f08a
5 changed files with 1959 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README.md
View File

@ -5,7 +5,7 @@
This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data.
Tested with pfSense 2.4.x and Zabbix 4.0
Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0
## What it does
@ -18,11 +18,18 @@ Tested with pfSense 2.4.x and Zabbix 4.0
- CARP Monitoring (Global CARP State)
- Basic Service Discovery and Monitoring (Service Status)
- pfSense Version/Update Available
- Packages Update Available
**Template pfSense Active: OpenVPN Server User Auth**
- Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode
- Monitoring of Client Parameters (Bytes sent/received, Connection Time...)
- Monitoring of Client Parameters (Bytes sent/received, Connection Time...)
**Template pfSense Active: IPsec**
- Discovery of IPsec Site-to-Site tunnels
- Monitoring tunnel status (Phase 1 and Phase 2)
## Configuration
@ -35,6 +42,12 @@ mkdir /root/scripts
curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php
```
or, from **Diagnostics/Command Prompt** input this one-liner:
```bash
mkdir /root/scripts && curl -o /root/scripts/pfsense_zbx.php https://raw.githubusercontent.com/rbicelli/pfsense-zabbix-template/master/pfsense_zbx.php
```
Then install package "Zabbix Agent 4" on your pfSense Box
@ -57,7 +70,7 @@ Also increase the **Timeout** value at least to **5**, otherwise some checks wil
Then import xml templates in Zabbix and add your pfSense hosts.
If you are running a redundant CARP setup you should adjust the macro {#EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.
If you are running a redundant CARP setup you should adjust the macro {$EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.
Possible values are:

633
pfsense_zbx.php
View File

@ -1,7 +1,7 @@
<?php
/***
pfsense_zbx.php - pfSense Zabbix Interface
Version 0.9.3 - 2020-04-26
Version 1.0.3 - 2022-07-04
Written by Riccardo Bicelli <r.bicelli@gmail.com>
This program is licensed under Apache 2.0 License
@ -24,6 +24,7 @@ require_once("service-utils.inc");
//For System
require_once('pkg-utils.inc');
//For DHCP
//Testing function, for template creating purpose
function pfz_test(){
@ -55,7 +56,34 @@ function pfz_test(){
echo "Services: \n";
print_r($services);
echo $line;
echo "IPsec: \n";
require_once("ipsec.inc");
global $config;
init_config_arr(array('ipsec', 'phase1'));
init_config_arr(array('ipsec', 'phase2'));
$a_phase2 = &$config['ipsec']['phase2'];
$status = ipsec_list_sa();
echo "IPsec Status: \n";
print_r($status);
$a_phase1 = &$config['ipsec']['phase1'];
$a_phase2 = &$config['ipsec']['phase2'];
echo "IPsec Config Phase 1: \n";
print_r($a_phase1);
echo "IPsec Config Phase 2: \n";
print_r($a_phase2);
echo $line;
//Packages
echo "Packages: \n";
require_once("pkg-utils.inc");
$installed_packages = get_pkg_info('all', false, true);
print_r($installed_packages);
}
@ -148,7 +176,11 @@ function pfz_openvpn_servervalue($server_id,$valuekey){
if ($valuekey=="status") {
if ( ($server['mode']=="server_user") || ($server['mode']=="server_tls_user") || ($server['mode']=="server_tls") ){
if ($value=="") $value="server_user_listening";
}
} else if ($server['mode']=="p2p_tls"){
// For p2p_tls, ensure we have one client, and return up if it's the case
if ($value=="")
$value=(is_array($server["conns"]) && count($server["conns"]) > 0) ? "up" : "down";
}
}
}
}
@ -184,16 +216,19 @@ function pfz_openvpn_server_userdiscovery(){
$json_string = '{"data":[';
foreach ($servers as $server){
if ( ($server['mode']=='server_user') || ($server['mode']=='server_tls_user') ) {
if ( ($server['mode']=='server_user') || ($server['mode']=='server_tls_user') || ($server['mode']=='server_tls') ) {
if (is_array($server['conns'])) {
$name = trim(preg_replace('/\w{3}(\d)?\:\d{4,5}/i', '', $server['name']));
foreach($server['conns'] as $conn) {
$json_string .= '{"{#SERVERID}":"' . $server['vpnid'] . '"';
$json_string .= ',"{#SERVERNAME}":"' . $name . '"';
$json_string .= ',"{#UNIQUEID}":"' . $server['vpnid'] . '+' . $conn['common_name'] . '"';
$json_string .= ',"{#USERID}":"' . $conn['common_name'] . '"';
$json_string .= '},';
foreach($server['conns'] as $conn) {
$common_name = pfz_replacespecialchars($conn['common_name']);
$json_string .= '{"{#SERVERID}":"' . $server['vpnid'] . '"';
$json_string .= ',"{#SERVERNAME}":"' . $name . '"';
$json_string .= ',"{#UNIQUEID}":"' . $server['vpnid'] . '+' . $common_name . '"';
$json_string .= ',"{#USERID}":"' . $conn['common_name'] . '"';
$json_string .= '},';
}
}
}
@ -206,8 +241,9 @@ function pfz_openvpn_server_userdiscovery(){
}
// Get OpenVPN User Connected Value
function pfz_openvpn_server_uservalue($unique_id, $valuekey){
function pfz_openvpn_server_uservalue($unique_id, $valuekey, $default=""){
$unique_id = pfz_replacespecialchars($unique_id,true);
$atpos=strpos($unique_id,'+');
$server_id = substr($unique_id,0,$atpos);
$user_id = substr($unique_id,$atpos+1);
@ -217,12 +253,12 @@ function pfz_openvpn_server_uservalue($unique_id, $valuekey){
if($server['vpnid']==$server_id) {
foreach($server['conns'] as $conn) {
if ($conn['common_name']==$user_id){
$value = $conn[$valuekey];
$value = $conn[$valuekey];
}
}
}
}
if ($value=="") $value = $default;
echo $value;
}
// OpenVPN Client Discovery
@ -244,8 +280,22 @@ function pfz_openvpn_clientdiscovery() {
echo $json_string;
}
function pfz_replacespecialchars($inputstr,$reverse=false){
$specialchars = ",',\",`,*,?,[,],{,},~,$,!,&,;,(,),<,>,|,#,@,0x0a";
$specialchars = explode(",",$specialchars);
$resultstr = $inputstr;
for ($n=0;$n<count($specialchars);$n++){
if ($reverse==false)
$resultstr = str_replace($specialchars[$n],'%%' . $n . '%',$resultstr);
else
$resultstr = str_replace('%%' . $n . '%',$specialchars[$n],$resultstr);
}
return ($resultstr);
}
function pfz_openvpn_clientvalue($client_id, $valuekey){
function pfz_openvpn_clientvalue($client_id, $valuekey, $default="none"){
$clients = openvpn_get_active_clients();
foreach($clients as $client) {
if($client['vpnid']==$client_id)
@ -260,7 +310,7 @@ function pfz_openvpn_clientvalue($client_id, $valuekey){
}
if ($value=="") $value="none";
if ($value=="") $value=$default;
echo $value;
}
@ -298,17 +348,19 @@ function pfz_services_discovery(){
// Get service value
// 2020-03-27: Added space replace in service name for issue #12
// 2020-09-28: Corrected Space Replace
function pfz_service_value($name,$value){
$services = get_services();
$name = str_replace("__"," ",$name);
//List of service which are stopped on CARP Slave.
//For now this is the best way i found for filtering out the triggers
//Waiting for a way in Zabbix to use Global Regexp in triggers with items discovery
$stopped_on_carp_slave = array("haproxy","openvpn.","openvpn");
$stopped_on_carp_slave = array("haproxy","radvd","openvpn.","openvpn");
foreach ($services as $service){
$namecfr=str_replace("__"," ",$service["name"]);
$carpcfr=str_replace("__"," ",$service["name"]);
$namecfr = $service["name"];
$carpcfr = $service["name"];
//OpenVPN
if (!empty($service['id'])) {
@ -347,6 +399,7 @@ function pfz_service_value($name,$value){
echo 0;
else
echo 1;
break;
default:
echo $service[$value];
break;
@ -385,23 +438,223 @@ function pfz_gw_discovery() {
function pfz_gw_value($gw, $valuekey) {
$gws = return_gateways_status(true);
if(array_key_exists($gw,$gws))
echo $gws[$gw][$valuekey];
if(array_key_exists($gw,$gws)) {
$value = $gws[$gw][$valuekey];
if ($valuekey=="status")
$value = pfz_valuemap("gateway.status", $value);
echo $value;
}
}
function pfz_carp_status(){
// IPSEC Discovery
function pfz_ipsec_discovery_ph1(){
require_once("ipsec.inc");
global $config;
init_config_arr(array('ipsec', 'phase1'));
$a_phase1 = &$config['ipsec']['phase1'];
$json_string = '{"data":[';
foreach ($a_phase1 as $data) {
$json_string .= '{"{#IKEID}":"' . $data['ikeid'] . '"';
$json_string .= ',"{#NAME}":"' . $data['descr'] . '"';
$json_string .= '},';
}
$json_string = rtrim($json_string,",");
$json_string .= "]}";
echo $json_string;
}
function pfz_ipsec_ph1($ikeid,$valuekey){
// Get Value from IPsec Phase 1 Configuration
// If Getting "disabled" value only check item presence in config array
require_once("ipsec.inc");
global $config;
init_config_arr(array('ipsec', 'phase1'));
$a_phase1 = &$config['ipsec']['phase1'];
$value = "";
switch ($valuekey) {
case 'status':
$value = pfz_ipsec_status($ikeid);
break;
case 'disabled':
$value = "0";
default:
foreach ($a_phase1 as $data) {
if ($data['ikeid'] == $ikeid) {
if(array_key_exists($valuekey,$data)) {
if ($valuekey=='disabled')
$value = "1";
else
$value = pfz_valuemap("ipsec." . $valuekey, $data[$valuekey], $data[$valuekey]);
break;
}
}
}
}
echo $value;
}
function pfz_ipsec_discovery_ph2(){
require_once("ipsec.inc");
global $config;
init_config_arr(array('ipsec', 'phase2'));
$a_phase2 = &$config['ipsec']['phase2'];
$json_string = '{"data":[';
foreach ($a_phase2 as $data) {
$json_string .= '{"{#IKEID}":"' . $data['ikeid'] . '"';
$json_string .= ',"{#NAME}":"' . $data['descr'] . '"';
$json_string .= ',"{#UNIQID}":"' . $data['uniqid'] . '"';
$json_string .= ',"{#REQID}":"' . $data['reqid'] . '"';
$json_string .= ',"{#EXTID}":"' . $data['ikeid'] . '.' . $data['reqid'] . '"';
$json_string .= '},';
}
$json_string = rtrim($json_string,",");
$json_string .= "]}";
echo $json_string;
}
function pfz_ipsec_ph2($uniqid, $valuekey){
require_once("ipsec.inc");
global $config;
init_config_arr(array('ipsec', 'phase2'));
$a_phase2 = &$config['ipsec']['phase2'];
$valuecfr = explode(".",$valuekey);
switch ($valuecfr[0]) {
case 'status':
$idarr = explode(".", $uniqid);
$statuskey = "state";
if (isset($valuecfr[1])) $statuskey = $valuecfr[1];
$value = pfz_ipsec_status($idarr[0],$idarr[1],$statuskey);
break;
case 'disabled':
$value = "0";
}
foreach ($a_phase2 as $data) {
if ($data['uniqid'] == $uniqid) {
if(array_key_exists($valuekey,$data)) {
if ($valuekey=='disabled')
$value = "1";
else
$value = pfz_valuemap("ipsec_ph2." . $valuekey, $data[$valuekey], $data[$valuekey]);
break;
}
}
}
echo $value;
}
function pfz_ipsec_status($ikeid,$reqid=-1,$valuekey='state'){
require_once("ipsec.inc");
global $config;
init_config_arr(array('ipsec', 'phase1'));
$a_phase1 = &$config['ipsec']['phase1'];
$status = ipsec_list_sa();
$ipsecconnected = array();
$carp_status = pfz_carp_status(false);
//Phase-Status match borrowed from status_ipsec.php
if (is_array($status)) {
foreach ($status as $l_ikeid=>$ikesa) {
if(isset($ikesa['con-id'])){
$con_id = substr($ikesa['con-id'], 3);
}else{
$con_id = filter_var($l_ikeid, FILTER_SANITIZE_NUMBER_INT);
}
if ($ikesa['version'] == 1) {
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
//pfSense 2.5 with conn enumeration like conn100000
if ( ($ph1idx==false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000'));
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
if (!ipsec_ikeid_used($con_id)) {
// probably a v2 with split connection then
$ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '00'));
//pfSense 2.5 with conn enumeration like conn100000
if ( ($ph1idx==false) || ($ph1idx=='')) $ph1idx = substr($con_id, 0, strrpos(substr($con_id, 0, -1), '0000'));
$ipsecconnected[$ph1idx] = $ph1idx;
} else {
$ipsecconnected[$con_id] = $ph1idx = $con_id;
}
}
if ($ph1idx == $ikeid){
if ($reqid!=-1) {
// Asking for Phase2 Status Value
foreach ($ikesa['child-sas'] as $childsas) {
if ($childsas['reqid']==$reqid) {
if ($childsas['state'] == 'REKEYED') {
//if state is rekeyed go on
$tmp_value = $childsas[$valuekey];
} else {
$tmp_value = $childsas[$valuekey];
break;
}
}
}
} else {
$tmp_value = $ikesa[$valuekey];
}
break;
}
}
}
switch($valuekey) {
case 'state':
if ($carp_status == 0) {
$value = pfz_valuemap('ipsec.state', strtolower($tmp_value));
} else {
$value = $value + (10 * ($carp_status-1));
}
break;
default:
$value = $tmp_value;
break;
}
// print_r($ikesa);
return $value;
}
function pfz_carp_status($echo = true){
//Detect CARP Status
global $config;
$status_return = 0;
$status = get_carp_status();
$carp_detected_problems = get_single_sysctl("net.inet.carp.demotion");
//CARP is disabled
$ret = 0;
if ($status != 0) { //CARP is enabled
if ($carp_detected_problems != 0) {
echo 4; //There's some Major Problems with CARP
return true;
//There's some Major Problems with CARP
$ret = 4;
if ($echo == true) echo $ret;
return $ret;
}
$status_changed = false;
@ -419,19 +672,247 @@ function pfz_carp_status(){
}
if ($status_changed) {
//CARP Status is inconsistent across interfaces
$ret=3;
echo 3;
} else {
if ($prev_status=="MASTER")
echo 1;
$ret = 1;
else
echo 2;
$ret = 2;
}
} else {
//CARP is Disabled
echo 0;
}
if ($echo == true) echo $ret;
return $ret;
}
// DHCP Checks (copy of status_dhcp_leases.php, waiting for pfsense 2.5)
function pfz_remove_duplicate($array, $field) {
foreach ($array as $sub) {
$cmp[] = $sub[$field];
}
$unique = array_unique(array_reverse($cmp, true));
foreach ($unique as $k => $rien) {
$new[] = $array[$k];
}
return $new;
}
// Get DHCP Arrays (copied from status_dhcp_leases.php, waiting for pfsense 2.5, in order to use system_get_dhcpleases();)
function pfz_dhcp_get($valuekey) {
require_once("config.inc");
$leasesfile = "{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases";
$awk = "/usr/bin/awk";
/* this pattern sticks comments into a single array item */
$cleanpattern = "'{ gsub(\"#.*\", \"\");} { gsub(\";\", \"\"); print;}'";
/* We then split the leases file by } */
$splitpattern = "'BEGIN { RS=\"}\";} {for (i=1; i<=NF; i++) printf \"%s \", \$i; printf \"}\\n\";}'";
/* stuff the leases file in a proper format into a array by line */
@exec("/bin/cat {$leasesfile} 2>/dev/null| {$awk} {$cleanpattern} | {$awk} {$splitpattern}", $leases_content);
$leases_count = count($leases_content);
@exec("/usr/sbin/arp -an", $rawdata);
foreach ($leases_content as $lease) {
/* split the line by space */
$data = explode(" ", $lease);
/* walk the fields */
$f = 0;
$fcount = count($data);
/* with less than 20 fields there is nothing useful */
if ($fcount < 20) {
$i++;
continue;
}
while ($f < $fcount) {
switch ($data[$f]) {
case "failover":
$pools[$p]['name'] = trim($data[$f+2], '"');
$pools[$p]['name'] = "{$pools[$p]['name']} (" . convert_friendly_interface_to_friendly_descr(substr($pools[$p]['name'], 5)) . ")";
$pools[$p]['mystate'] = $data[$f+7];
$pools[$p]['peerstate'] = $data[$f+14];
$pools[$p]['mydate'] = $data[$f+10];
$pools[$p]['mydate'] .= " " . $data[$f+11];
$pools[$p]['peerdate'] = $data[$f+17];
$pools[$p]['peerdate'] .= " " . $data[$f+18];
$p++;
$i++;
continue 3;
case "lease":
$leases[$l]['ip'] = $data[$f+1];
$leases[$l]['type'] = $dynamic_string;
$f = $f+2;
break;
case "starts":
$leases[$l]['start'] = $data[$f+2];
$leases[$l]['start'] .= " " . $data[$f+3];
$f = $f+3;
break;
case "ends":
if ($data[$f+1] == "never") {
// Quote from dhcpd.leases(5) man page:
// If a lease will never expire, date is never instead of an actual date.
$leases[$l]['end'] = gettext("Never");
$f = $f+1;
} else {
$leases[$l]['end'] = $data[$f+2];
$leases[$l]['end'] .= " " . $data[$f+3];
$f = $f+3;
}
break;
case "tstp":
$f = $f+3;
break;
case "tsfp":
$f = $f+3;
break;
case "atsfp":
$f = $f+3;
break;
case "cltt":
$f = $f+3;
break;
case "binding":
switch ($data[$f+2]) {
case "active":
$leases[$l]['act'] = $active_string;
break;
case "free":
$leases[$l]['act'] = $expired_string;
$leases[$l]['online'] = $offline_string;
break;
case "backup":
$leases[$l]['act'] = $reserved_string;
$leases[$l]['online'] = $offline_string;
break;
}
$f = $f+1;
break;
case "next":
/* skip the next binding statement */
$f = $f+3;
break;
case "rewind":
/* skip the rewind binding statement */
$f = $f+3;
break;
case "hardware":
$leases[$l]['mac'] = $data[$f+2];
/* check if it's online and the lease is active */
if (in_array($leases[$l]['ip'], $arpdata_ip)) {
$leases[$l]['online'] = $online_string;
} else {
$leases[$l]['online'] = $offline_string;
}
$f = $f+2;
break;
case "client-hostname":
if ($data[$f+1] <> "") {
$leases[$l]['hostname'] = preg_replace('/"/', '', $data[$f+1]);
} else {
$hostname = gethostbyaddr($leases[$l]['ip']);
if ($hostname <> "") {
$leases[$l]['hostname'] = $hostname;
}
}
$f = $f+1;
break;
case "uid":
$f = $f+1;
break;
}
$f++;
}
$l++;
$i++;
/* slowly chisel away at the source array */
array_shift($leases_content);
}
/* remove duplicate items by mac address */
if (count($leases) > 0) {
$leases = pfz_remove_duplicate($leases, "ip");
}
if (count($pools) > 0) {
$pools = pfz_remove_duplicate($pools, "name");
asort($pools);
}
switch ($valuekey){
case "pools":
return $pools;
break;
case "failover":
return $failover;
break;
case "leases":
default:
return $leases;
}
}
function pfz_dhcpfailover_discovery(){
//System functions regarding DHCP Leases will be available in the upcoming release of pfSense, so let's wait
require_once("system.inc");
$leases = system_get_dhcpleases();
$json_string = '{"data":[';
if (count($leases['failover']) > 0){
foreach ($leases['failover'] as $data){
$json_string .= '{"{#FAILOVER_GROUP}":"' . str_replace(" ", "__", $data['name']) . '"';
}
}
$json_string = rtrim($json_string,",");
$json_string .= "]}";
echo $json_string;
}
function pfz_dhcp_check_failover(){
// Check DHCP Failover Status
// Returns number of failover pools which state is not normal or
// different than peer state
$failover = pfz_dhcp_get("failover");
$ret = 0;
foreach ($failover as $f){
if ( ($f["mystate"]!="normal") || ($f["mystate"]!=$f["peerstate"])) {
$ret++;
}
}
return $ret;
}
function pfz_dhcp($section, $valuekey=""){
switch ($section){
case "failover":
echo pfz_dhcp_check_failover();
break;
default:
}
}
//Packages
function pfz_packages_uptodate(){
require_once("pkg-utils.inc");
$installed_packages = get_pkg_info('all', false, true);
$ret = 0;
foreach ($installed_packages as $package){
if ($package['version']!=$package['installed_version']){
$ret ++;
}
}
return $ret;
}
//System Information
function pfz_get_system_value($section){
@ -449,13 +930,17 @@ function pfz_get_system_value($section){
else
echo "1";
break;
case "packages_update":
echo pfz_packages_uptodate();
break;
}
}
// Value mappings
// Each value map is represented by an associative array
function pfz_valuemap($valuename, $value){
function pfz_valuemap($valuename, $value, $default="0"){
switch ($valuename){
@ -484,13 +969,68 @@ function pfz_valuemap($valuename, $value){
"server_tls" => "3",
"server_user" => "4",
"server_tls_user" => "5");
break;
break;
case "gateway.status":
$valuemap = array(
"online" => "0",
"none" => "0",
"loss" => "1",
"highdelay" => "2",
"highloss" => "3",
"force_down" => "4",
"down" => "5");
break;
case "ipsec.iketype":
$valuemap = array (
"auto" => 0,
"ikev1" => 1,
"ikev2" => 2);
break;
case "ipsec.mode":
$valuemap = array (
"main" => 0,
"aggressive" => 1);
break;
case "ipsec.protocol":
$valuemap = array (
"both" => 0,
"inet" => 1,
"inet6" => 2);
break;
case "ipsec_ph2.mode":
$valuemap = array (
"transport" => 0,
"tunnel" => 1,
"tunnel6" => 2);
break;
case "ipsec_ph2.protocol":
$valuemap = array (
"esp" => 1,
"ah" => 2);
break;
case "ipsec.state":
$valuemap = array (
"established" => 1,
"connecting" => 2,
"installed" => 1,
"rekeyed" => 2);
break;
}
if (array_key_exists($value, $valuemap))
return $valuemap[$value];
return "0";
if (is_array($valuemap)) {
$value = strtolower($value);
if (array_key_exists($value, $valuemap))
return $valuemap[$value];
}
return $default;
}
//Argument parsers for Discovery
@ -514,8 +1054,19 @@ function pfz_discovery($section){
case "interfaces":
pfz_interface_discovery();
break;
<<<<<<< HEAD
case "interfaces_all":
pfz_interface_discovery_all();
=======
case "ipsec_ph1":
pfz_ipsec_discovery_ph1();
break;
case "ipsec_ph2":
pfz_ipsec_discovery_ph2();
break;
case "dhcpfailover":
pfz_dhcpfailover_discovery();
>>>>>>> master
break;
}
}
@ -537,6 +1088,9 @@ switch (strtolower($argv[1])){
case "openvpn_server_uservalue":
pfz_openvpn_server_uservalue($argv[2],$argv[3]);
break;
case "openvpn_server_uservalue_numeric":
pfz_openvpn_server_uservalue($argv[2],$argv[3],"0");
break;
case "openvpn_clientvalue":
pfz_openvpn_clientvalue($argv[2],$argv[3]);
break;
@ -552,6 +1106,15 @@ switch (strtolower($argv[1])){
case "system":
pfz_get_system_value($argv[2]);
break;
case "ipsec_ph1":
pfz_ipsec_ph1($argv[2],$argv[3]);
break;
case "ipsec_ph2":
pfz_ipsec_ph2($argv[2],$argv[3]);
break;
case "dhcp":
pfz_dhcp($argv[2],$argv[3]);
break;
default:
pfz_test();
}

386
template_pfsense_active.xml
View File

@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>4.0</version>
<date>2020-04-28T07:21:17Z</date>
<date>2021-07-04T19:16:51Z</date>
<groups>
<group>
<name>Templates</name>
<name>Templates/Network Devices</name>
</group>
</groups>
<templates>
@ -12,18 +12,15 @@
<template>Template pfSense Active</template>
<name>pfsense Active</name>
<description>Active template for pfsense, requires pfsense_zbx.php installed to pfSense Box.&#13;
Version 1.0.1&#13;
Version 1.0.2&#13;
&#13;
https://github.com/rbicelli/pfsense-zabbix-template</description>
<groups>
<group>
<name>Templates</name>
<name>Templates/Network Devices</name>
</group>
</groups>
<applications>
<application>
<name>CARP</name>
</application>
<application>
<name>CPU</name>
</application>
@ -33,6 +30,9 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<application>
<name>Gateways</name>
</application>
<application>
<name>HA</name>
</application>
<application>
<name>Memory</name>
</application>
@ -271,7 +271,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>CARP</name>
<name>HA</name>
</application>
</applications>
<valuemap>
@ -745,7 +745,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>CARP</name>
<name>HA</name>
</application>
</applications>
<valuemap>
@ -774,6 +774,65 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<verify_host>0</verify_host>
<master_item/>
</item>
<item>
<name>DHCP Failover Pool Problems</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[dhcp,failover]</key>
<delay>120s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>This value indicates, in a HA scenario, if DHCP failover pool partners are out of sync.</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>HA</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<master_item/>
</item>
<item>
<name>Gateway Status Raw</name>
<type>7</type>
@ -953,6 +1012,65 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<verify_host>0</verify_host>
<master_item/>
</item>
<item>
<name>Packages Needing Update</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[system,packages_update]</key>
<delay>1d</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Number of packages needing update.</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>System</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<master_item/>
</item>
<item>
<name>pfSense Available Version</name>
<type>7</type>
@ -2407,7 +2525,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire en cours d'utilisation par les processus</description>
<description>Memory used by processes</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -2586,7 +2704,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire utilisée pour mettre des données en cache</description>
<description>amount of memory used to cache data</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -2645,7 +2763,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire complètement libre et prête a être utilisée directement.</description>
<description>amount of memory completely free and ready to be used directly.</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -2704,7 +2822,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire qui contient des données qui ne sont plus utilisées (peut être directement libéré si besoin)</description>
<description>amount of memory that contains data that is no longer used (can be directly freed if needed)</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -3006,7 +3124,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<publickey/>
<privatekey/>
<port/>
<description>quantité de mémoire utilisée par le kernel, ne peut être ni déchargée en swap, ni compressée.</description>
<description>amount of memory used by the kernel, can neither be unloaded in swap, nor compressed.</description>
<inventory_link>0</inventory_link>
<applications>
<application>
@ -3045,7 +3163,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[gw]</key>
<delay>30s</delay>
<delay>300s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
@ -3077,7 +3195,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[gw_value,{#GATEWAY},delay]</key>
<delay>30s</delay>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
@ -3142,7 +3260,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[gw_value,{#GATEWAY},loss]</key>
<delay>30s</delay>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
@ -3207,7 +3325,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[gw_value,{#GATEWAY},status]</key>
<delay>30s</delay>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
@ -3240,18 +3358,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<name>pfSense Gateway Status</name>
</valuemap>
<logtimefmt/>
<preprocessing>
<step>
<type>5</type>
<params>(.*)
\1:none=0:loss=1:highdelay=2:highloss=3:force_down=4:down=5</params>
</step>
<step>
<type>5</type>
<params>(none|loss|highdelay|highloss|force_down|down)(?=.*:\1=(\d))
\2</params>
</step>
</preprocessing>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
@ -3280,7 +3387,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[gw_value,{#GATEWAY},stddev]</key>
<delay>30s</delay>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
@ -3342,7 +3449,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
</item_prototypes>
<trigger_prototypes>
<trigger_prototype>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last(#3)}=5</expression>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=5</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>Gateway {#GATEWAY} is down</name>
@ -3358,7 +3465,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<tags/>
</trigger_prototype>
<trigger_prototype>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last(#3)}=4</expression>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=4</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>Gateway {#GATEWAY} is forced down</name>
@ -3374,7 +3481,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<tags/>
</trigger_prototype>
<trigger_prototype>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last(#3)}=2</expression>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=2</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>High Delay on gateway {#GATEWAY}</name>
@ -3390,7 +3497,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<tags/>
</trigger_prototype>
<trigger_prototype>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last(#3)}=3</expression>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=3</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>High packet Loss on {#GATEWAY}</name>
@ -3406,7 +3513,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<tags/>
</trigger_prototype>
<trigger_prototype>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last(#3)}=1</expression>
<expression>{Template pfSense Active:pfsense.value[gw_value,{#GATEWAY},status].last()}=1</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>Packet Loss on {#GATEWAY}</name>
@ -3425,8 +3532,8 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<graph_prototypes>
<graph_prototype>
<name>Gateway {#GATEWAY} Availability</name>
<width>640</width>
<height>480</height>
<width>900</width>
<height>200</height>
<yaxismin>0.0000</yaxismin>
<yaxismax>100.0000</yaxismax>
<show_work_period>1</show_work_period>
@ -3469,8 +3576,8 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
</graph_prototype>
<graph_prototype>
<name>Gateway {#GATEWAY} Status</name>
<width>640</width>
<height>480</height>
<width>900</width>
<height>200</height>
<yaxismin>0.0000</yaxismin>
<yaxismax>5.0000</yaxismax>
<show_work_period>1</show_work_period>
@ -3559,6 +3666,71 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<lifetime>7d</lifetime>
<description>Discovery of network interfaces as defined in global regular expression &quot;Network interfaces for discovery&quot;.</description>
<item_prototypes>
<item_prototype>
<name>Incoming Errors on {#IFDESCR}</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>net.if.in[{#IFNAME},errors]</key>
<delay>60</delay>
<history>7d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing>
<step>
<type>10</type>
<params/>
</step>
</preprocessing>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>Incoming network traffic on {#IFDESCR}</name>
<type>7</type>
@ -3628,6 +3800,71 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>Outgoing errors on {#IFDESCR}</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>net.if.out[{#IFNAME},errors]</key>
<delay>60</delay>
<history>7d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing>
<step>
<type>10</type>
<params/>
</step>
</preprocessing>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>Outgoing network traffic on {#IFDESCR}</name>
<type>7</type>
@ -3771,7 +4008,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[openvpn_client]</key>
<delay>30s</delay>
<delay>300s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
@ -3803,7 +4040,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_clientvalue,{#CLIENT},status]</key>
<delay>30s</delay>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
@ -3905,7 +4142,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[openvpn_server]</key>
<delay>30s</delay>
<delay>300s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
@ -4221,7 +4458,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[services]</key>
<delay>30s</delay>
<delay>300s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
@ -4242,14 +4479,21 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<filter>
<evaltype>0</evaltype>
<formula/>
<conditions/>
<conditions>
<condition>
<macro>{#SERVICE}</macro>
<value>@pfSense service names for discovery</value>
<operator>8</operator>
<formulaid>A</formulaid>
</condition>
</conditions>
</filter>
<lifetime>30d</lifetime>
<description/>
<item_prototypes>
<item_prototype>
<name>Service {#DESCRIPTION} enabled on CARP Slave</name>
<type>0</type>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[service_value,{#SERVICE},run_on_carp_slave]</key>
@ -4311,11 +4555,11 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
</item_prototype>
<item_prototype>
<name>Service {#DESCRIPTION} Status</name>
<type>0</type>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[service_value,{#SERVICE},status]</key>
<delay>30s</delay>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
@ -4878,6 +5122,18 @@ or&#13;
</discovery_rules>
<httptests/>
<macros>
<macro>
<macro>{$CARP_SERVICES_STOPPED}</macro>
<value>^(haproxy|openvpn)$</value>
</macro>
<macro>
<macro>{$CARP_SLAVE_SERVICES:&quot;haproxy&quot;}</macro>
<value>0</value>
</macro>
<macro>
<macro>{$CARP_SLAVE_SERVICES:&quot;openvpn&quot;}</macro>
<value>0</value>
</macro>
<macro>
<macro>{$EXPECTED_CARP_STATUS}</macro>
<value>0</value>
@ -5064,6 +5320,22 @@ or&#13;
<dependencies/>
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:pfsense.value[carp_status].last()}&gt;2</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>DHCP Failover Problems on {HOST.NAME}</name>
<correlation_mode>0</correlation_mode>
<correlation_tag/>
<url>https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html</url>
<status>0</status>
<priority>4</priority>
<description>One or more DHCP Pools are experiencing failover problems. This could potentially cause other problems in yourr network.</description>
<type>0</type>
<manual_close>0</manual_close>
<dependencies/>
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:system.uname.diff(0)}&gt;0</expression>
<recovery_mode>0</recovery_mode>
@ -5180,7 +5452,7 @@ or&#13;
<expression>{Template pfSense Active:pfsense.value[system,new_version_available].last()}=1</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>New verson of pfSense Available on {HOST.NAME}</name>
<name>New Version of pfSense Available on {HOST.NAME}</name>
<correlation_mode>0</correlation_mode>
<correlation_tag/>
<url/>
@ -5192,6 +5464,22 @@ or&#13;
<dependencies/>
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:pfsense.value[system,packages_update].last()}&gt;0</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>Packages Update Available on {HOST.NAME}</name>
<correlation_mode>0</correlation_mode>
<correlation_tag/>
<url/>
<status>0</status>
<priority>1</priority>
<description>New version of packages are available</description>
<type>0</type>
<manual_close>0</manual_close>
<dependencies/>
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:pfsense.value[gw_status].diff()}&gt;0</expression>
<recovery_mode>1</recovery_mode>

877
template_pfsense_active_ipsec.xml Normal file
View File

@ -0,0 +1,877 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>4.0</version>
<date>2021-01-18T21:30:16Z</date>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<templates>
<template>
<template>Template pfSense Active IPsec</template>
<name>pfSense Active: IPsec</name>
<description>Extension for pfSense Active Template.&#13;
Monitor IPsec VPN.&#13;
&#13;
Requires pfsense_zbx.php installed to pfSense Box.&#13;
Version 1.0.2&#13;
&#13;
https://github.com/rbicelli/pfsense-zabbix-template</description>
<groups>
<group>
<name>Templates/Network Devices</name>
</group>
</groups>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<items/>
<discovery_rules>
<discovery_rule>
<name>IPsec Phase 1 Discovery</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[ipsec_ph1]</key>
<delay>1200s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<filter>
<evaltype>0</evaltype>
<formula/>
<conditions/>
</filter>
<lifetime>30d</lifetime>
<description>Discovery of IPsec Phase 1</description>
<item_prototypes>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Tunnel Enabled</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph1,{#IKEID},disabled]</key>
<delay>120s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Phase 1 Tunnel Mode</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Enabled</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} IKE Type</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph1,{#IKEID},iketype]</key>
<delay>600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Phase 1 IKE Type</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec IKE Type</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Tunnel Mode</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph1,{#IKEID},mode]</key>
<delay>600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Phase 1 Tunnel Mode</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Tunnel Mode</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Protocol</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph1,{#IKEID},protocol]</key>
<delay>600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Phase 1 Protocol</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Protocol</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Remote Gateway</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph1,{#IKEID},remote-gateway]</key>
<delay>600s</delay>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>4</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Phase 1 Remote Gateway</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID} {#NAME} Phase 1 Status</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph1,{#IKEID},status]</key>
<delay>60s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Phase 1 Tunnel Mode</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Phase 1 Status</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
</item_prototypes>
<trigger_prototypes>
<trigger_prototype>
<expression>{Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},disabled].last()}=0 and {Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},status].last()}&lt;&gt;1 and {Template pfSense Active IPsec:pfsense.value[ipsec_ph1,{#IKEID},status].last()}&lt;10</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>IPsec Tunnel {#IKEID} ({#NAME}) Not Connected</name>
<correlation_mode>0</correlation_mode>
<correlation_tag/>
<url/>
<status>0</status>
<priority>4</priority>
<description>IPsec Phase 1 is not connected.</description>
<type>0</type>
<manual_close>0</manual_close>
<dependencies/>
<tags/>
</trigger_prototype>
</trigger_prototypes>
<graph_prototypes/>
<host_prototypes/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
</discovery_rule>
<discovery_rule>
<name>IPsec Phase 2 Discovery</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[ipsec_ph2]</key>
<delay>1200s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<filter>
<evaltype>0</evaltype>
<formula/>
<conditions/>
</filter>
<lifetime>30d</lifetime>
<description>Discovery of IPsec Phase 2</description>
<item_prototypes>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Enabled</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph2,{#UNIQID},disabled]</key>
<delay>120s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Tunnel Phase 2 Protocol</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Enabled</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Life Time</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph2,{#UNIQID},lifetime]</key>
<delay>600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units>s</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Tunnel Phase 2 Life Time</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Mode</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph2,{#UNIQID},mode]</key>
<delay>600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Tunnel Phase 2 Mode</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>IPsec Tunnel {#IKEID}.{#REQID} {#NAME} Phase 2 Protocol</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[ipsec_ph2,{#UNIQID},protocol]</key>
<delay>600s</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>IPsec Tunnel Phase 2 Protocol</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>IPsec</name>
</application>
</applications>
<valuemap>
<name>pfSense IPsec Phase 2 Protocol</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
</item_prototypes>
<trigger_prototypes/>
<graph_prototypes/>
<host_prototypes/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
</discovery_rule>
</discovery_rules>
<httptests/>
<macros/>
<templates/>
<screens/>
</template>
</templates>
<value_maps>
<value_map>
<name>pfSense IPsec Enabled</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Yes</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>No</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec IKE Type</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Auto</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>IKE v1</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>IKE v2</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Phase 1 Status</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Down</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>Established</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>Connecting</newvalue>
</mapping>
<mapping>
<value>10</value>
<newvalue>Down on CARP Secondary</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Phase 2 Protocol</name>
<mappings>
<mapping>
<value>1</value>
<newvalue>ESP</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>AH</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Protocol</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Dual Stack (IPv4 &amp; IPv6)</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>IPv4</newvalue>
</mapping>
<mapping>
<value>2</value>
<newvalue>IPv6</newvalue>
</mapping>
</mappings>
</value_map>
<value_map>
<name>pfSense IPsec Tunnel Mode</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Main</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>Aggressive</newvalue>
</mapping>
</mappings>
</value_map>
</value_maps>
</zabbix_export>

262
template_pfsense_active_ovpn_user.xml
View File

@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>4.0</version>
<date>2020-04-28T07:22:36Z</date>
<date>2021-01-18T15:02:06Z</date>
<groups>
<group>
<name>Templates</name>
<name>Templates/Network Devices</name>
</group>
</groups>
<templates>
@ -15,12 +15,12 @@
Monitor client Connections of OpenVPN Server.&#13;
&#13;
Requires pfsense_zbx.php installed to pfSense Box.&#13;
Version 1.0.1&#13;
Version 1.0.2&#13;
&#13;
https://github.com/rbicelli/pfsense-zabbix-template</description>
<groups>
<group>
<name>Templates</name>
<name>Templates/Network Devices</name>
</group>
</groups>
<applications>
@ -36,7 +36,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[openvpn_server_user]</key>
<delay>30s</delay>
<delay>60s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
@ -182,66 +182,6 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Client ID</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},client_id]</key>
<delay>120s</delay>
<history>0</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Client ID</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Connection Time</name>
<type>7</type>
@ -249,7 +189,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},connect_time_unix]</key>
<delay>60s</delay>
<history>180d</history>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
@ -302,66 +242,6 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Peer ID</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},peer_id]</key>
<delay>60s</delay>
<history>0</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Peer ID</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Remote Host</name>
<type>7</type>
@ -369,7 +249,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},remote_host]</key>
<delay>60s</delay>
<history>0</history>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>4</value_type>
@ -429,7 +309,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},user_name]</key>
<delay>60s</delay>
<history>0</history>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>4</value_type>
@ -488,7 +368,7 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr6]</key>
<delay>180s</delay>
<delay>60s</delay>
<history>90d</history>
<trends>0</trends>
<status>0</status>
@ -548,8 +428,8 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue,{#UNIQUEID},virtual_addr]</key>
<delay>30s</delay>
<history>180d</history>
<delay>60s</delay>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>4</value_type>
@ -602,6 +482,126 @@ https://github.com/rbicelli/pfsense-zabbix-template</description>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Client ID</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},client_id]</key>
<delay>60s</delay>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Client ID</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>OpenVPN Server {#SERVERNAME}, Client {#USERID}: Peer ID</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[openvpn_server_uservalue_numeric,{#UNIQUEID},peer_id]</key>
<delay>60s</delay>
<history>90d</history>
<trends>0</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description>Peer ID</description>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>OpenVPN Server Clients</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
</item_prototypes>
<trigger_prototypes/>
<graph_prototypes/>