fws
/
pfsense-zabbix
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Scripts and config to monitor PfSense with Zabbix. Forked from https://github.com/rbicelli/pfsense-zabbix-template
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 Commits
1 Branch
0 Tags
120 KiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Daniel Berteaud 89fb337ff0
Ignore the iperf service as it's only started on demand 		4 months ago
LICENSE Create LICENSE 1 year ago
README.md Update README 4 months ago
pfsense_zbx.php Ignore the iperf service as it's only started on demand 4 months ago
template_pfsense_active.xml Added IPsec Template, Detecting Package Update 4 months ago
template_pfsense_active_ipsec.xml Added IPsec Template, Detecting Package Update 4 months ago
template_pfsense_active_ovpn_user.xml Added IPsec Template, Detecting Package Update 4 months ago

README.md

pfSense Zabbix Template

This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data. This is forked from https://github.com/rbicelli/pfsense-zabbix-template for FWS needs

Tested with pfSense 2.4.x, Zabbix 4.0, Zabbix 5.0

What it does

Template pfSense Active

  • Network interface Discovery and Monitoring with User Assigned Names
  • Gateway Discovery and Monitoring (Gateway Status/RTT)
  • OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status)
  • OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status)
  • CARP Monitoring (Global CARP State)
  • Basic Service Discovery and Monitoring (Service Status)
  • pfSense Version/Update Available
  • Packages Update Available

Template pfSense Active: OpenVPN Server User Auth

  • Discovery of OpenVPN Clients connected to OpenVPN Servers in user auth mode
  • Monitoring of Client Parameters (Bytes sent/received, Connection Time...)

Template pfSense Active: IPsec

  • Discovery of IPsec Site-to-Site tunnels
  • Monitoring tunnel status (Phase 1 and Phase 2)

Configuration

First copy the file pfsense_zbx.php to your pfsense box (e.g. to /root/scripts).

For example, from pfSense shell:

mkdir /root/zabbix
curl -o /root/zabbix/pfsense_zbx.php https://git.fws.fr/fws/pfsense-zabbix/raw/branch/master/pfsense_zbx.php

Then install package "Zabbix Agent 4" on your pfSense Box

In Advanced Features-> User Parameters

UserParameter=pfsense.states.max,grep "limit states" /tmp/rules.limits | cut -f4 -d ' '
UserParameter=pfsense.states.current,grep "current entries" /tmp/pfctl_si_out | tr -s ' ' | cut -f4 -d ' '
UserParameter=pfsense.mbuf.current,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f1
UserParameter=pfsense.mbuf.cache,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f2
UserParameter=pfsense.mbuf.max,netstat -m | grep "mbuf clusters" | cut -f1 -d ' ' | cut -d '/' -f4
UserParameter=pfsense.discovery[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php discovery $1
UserParameter=pfsense.value[*],/usr/local/bin/sudo /usr/local/bin/php /root/zabbix/pfsense_zbx.php $1 $2 $3

_You need to allow zabbix user to exec /usr/local/bin/sudo /usr/local/bin/php /root/zabbix* without password with sudo_

Also increase the Timeout value at least to 5, otherwise some checks will fail.

Then import xml templates in Zabbix and add your pfSense hosts.

If you are running a redundant CARP setup you should adjust the macro {$EXPECTED_CARP_STATUS} to a value representing what is CARP expected status on monitored box.

Possible values are:

  • 0: Disabled
  • 1: Master
  • 2: Backup

This is useful when monitoring services which could stay stopped on CARP Backup Member.

Credits

Keenton Zabbix Template for Zabbix Agent freeBSD part.