![]() |
1 year ago | |
---|---|---|
LICENSE | 3 years ago | |
README.md | 1 year ago | |
pfsense_zbx.php | 1 year ago | |
template_pfsense_active.xml | 1 year ago | |
template_pfsense_active_ipsec.xml | 1 year ago | |
template_pfsense_active_ovpn_user.xml | 1 year ago |
README.md
pfSense Zabbix Template
This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data. This is forked from https://github.com/rbicelli/pfsense-zabbix-template for FWS needs
Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0
What it does
Template pfSense Active
- Network interface Discovery and Monitoring with User Assigned Names
- Gateway Discovery and Monitoring (Gateway Status/RTT)
- OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status)
- OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status)
- CARP Monitoring (Global CARP State)
- Basic Service Discovery and Monitoring (Service Status)
- pfSense Version/Update Available
- Packages Update Available
Template pfSense Active: OpenVPN Server User Auth
- Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode
- Monitoring of Client Parameters (Bytes sent/received, Connection Time...)
Template pfSense Active: IPsec
- Discovery of IPsec Site-to-Site tunnels
- Monitoring tunnel status (Phase 1 and Phase 2)
Configuration
First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts).
For example, from pfSense shell:
mkdir /root/zabbix
curl -o /root/zabbix/pfsense_zbx.php https://git.fws.fr/fws/pfsense-zabbix/raw/branch/master/pfsense_zbx.php
Then install package "Zabbix Agent 4" on your pfSense Box
In Advanced Features-> User Parameters
UserParameter=pfsense.states.max,grep "limit states" /tmp/rules.limits | cut -f4 -d ' '
UserParameter=pfsense.states.current,grep "current entries" /tmp/pfctl_si_out | tr -s ' ' | cut -f4 -d ' '
UserParameter=pfsense.mbuf.current,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f1
UserParameter=pfsense.mbuf.cache,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f2
UserParameter=pfsense.mbuf.max,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f4
UserParameter=pfsense.discovery[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php discovery $1
UserParameter=pfsense.value[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php $1 $2 $3
_You need to allow zabbix user to exec /usr/local/bin/sudo /usr/local/bin/php /root/zabbix* without password with sudo_
Also increase the Timeout value at least to 5, otherwise some checks will fail.
Then import xml templates in Zabbix and add your pfSense hosts.
If you are running a redundant CARP setup you should adjust the macro {$EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.
Possible values are:
- 0: Disabled
- 1: Master
- 2: Backup
This is useful when monitoring services which could stay stopped on CARP Backup Member.
Credits
Keenton Zabbix Template for Zabbix Agent freeBSD part.