Scripts and config to monitor PfSense with Zabbix. Forked from https://github.com/rbicelli/pfsense-zabbix-template
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Daniel Berteaud 89fb337ff0 Ignore the iperf service as it's only started on demand 2 years ago
LICENSE Create LICENSE 3 years ago
README.md Update README 2 years ago
pfsense_zbx.php Ignore the iperf service as it's only started on demand 2 years ago
template_pfsense_active.xml Added IPsec Template, Detecting Package Update 2 years ago
template_pfsense_active_ipsec.xml Added IPsec Template, Detecting Package Update 2 years ago
template_pfsense_active_ovpn_user.xml Added IPsec Template, Detecting Package Update 2 years ago

README.md

pfSense Zabbix Template

This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data. This is forked from https://github.com/rbicelli/pfsense-zabbix-template for FWS needs

Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0

What it does

Template pfSense Active

  • Network interface Discovery and Monitoring with User Assigned Names
  • Gateway Discovery and Monitoring (Gateway Status/RTT)
  • OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status)
  • OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status)
  • CARP Monitoring (Global CARP State)
  • Basic Service Discovery and Monitoring (Service Status)
  • pfSense Version/Update Available
  • Packages Update Available

Template pfSense Active: OpenVPN Server User Auth

  • Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode
  • Monitoring of Client Parameters (Bytes sent/received, Connection Time...)

Template pfSense Active: IPsec

  • Discovery of IPsec Site-to-Site tunnels
  • Monitoring tunnel status (Phase 1 and Phase 2)

Configuration

First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts).

For example, from pfSense shell:

mkdir /root/zabbix
curl -o /root/zabbix/pfsense_zbx.php https://git.fws.fr/fws/pfsense-zabbix/raw/branch/master/pfsense_zbx.php

Then install package "Zabbix Agent 4" on your pfSense Box

In Advanced Features-> User Parameters

UserParameter=pfsense.states.max,grep "limit states" /tmp/rules.limits | cut -f4 -d ' '
UserParameter=pfsense.states.current,grep "current entries" /tmp/pfctl_si_out | tr -s ' ' | cut -f4 -d ' '
UserParameter=pfsense.mbuf.current,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f1
UserParameter=pfsense.mbuf.cache,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f2
UserParameter=pfsense.mbuf.max,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f4
UserParameter=pfsense.discovery[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php discovery $1
UserParameter=pfsense.value[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php $1 $2 $3

You need to allow zabbix user to exec /usr/local/bin/sudo /usr/local/bin/php /root/zabbix* without password with sudo

Also increase the Timeout value at least to 5, otherwise some checks will fail.

Then import xml templates in Zabbix and add your pfSense hosts.

If you are running a redundant CARP setup you should adjust the macro {$EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.

Possible values are:

  • 0: Disabled
  • 1: Master
  • 2: Backup

This is useful when monitoring services which could stay stopped on CARP Backup Member.

Credits

Keenton Zabbix Template for Zabbix Agent freeBSD part.