fws
/
pfsense-zabbix
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

WTF

Browse Source
master
Riccardo Bicelli 4 years ago
parent 730fa3f193 0253ad736b
commit e1569d7954
3 changed files with 455 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 28
      README.md
  2. 369
      Template pfSense Active.xml
  3. 89
      pfsense_zbx.php

28
README.md
Unescape View File

@ -1,9 +1,14 @@
# pfSense Zabbix template
[![Buy Me A Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/rbicelli)
<<<<<<< HEAD
This is a pfSense active template for Zabbix, based on [Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for freeBSD part and a php script using pfSense functions library for monitoring specific data.
=======
# pfSense Zabbix Template
>>>>>>> develop
Tested with pfSense 2.4 and Zabbix 4.0
This is a pfSense active template for Zabbix, based on Standard Agent and a php script using pfSense functions library for monitoring specific data.
<<<<<<< HEAD
## What it does
- pfSense Version/Update Available
@ -13,7 +18,19 @@ Tested with pfSense 2.4 and Zabbix 4.0
- OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status)
- CARP Monitoring (Global CARP State)
- Basic Service Discovery and Monitoring (Service Status)
=======
Tested with pfSense 2.4.x and Zabbix 4.0
## What it does
>>>>>>> develop
- Network interface Discovery and Monitoring with User Assigned Names
- Gateway Discovery and Monitoring (Gateway Status/RTT)
- OpenVPN Server Discovery and Monitoring (Server Status/Tunnel Status)
- OpenVPN Clients Discovery and Monitoring (Client Status/Tunnel Status)
- CARP Monitoring (Global CARP State)
- Basic Service Discovery and Monitoring (Service Status)
- pfSense Version/Update Available
## Configuration
@ -55,3 +72,10 @@ Possible values are:
- 2: Backup
This is useful when monitoring services which could stay stopped on CARP Backup Member.
<<<<<<< HEAD
=======
## Credits
[Keenton Zabbix Template](https://github.com/keentonsas/zabbix-template-pfsense) for Zabbix Agent freeBSD part.
>>>>>>> develop

369
Template pfSense Active.xml
Unescape View File

@ -1,7 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>4.0</version>
<<<<<<< HEAD:Template pfSense Active.xml
<date>2020-03-27T10:07:26Z</date>
=======
<date>2020-04-26T16:28:17Z</date>
>>>>>>> develop:template_pfsense_active.xml
<groups>
<group>
<name>Templates</name>
@ -12,7 +16,13 @@
<template>Template pfSense Active</template>
<name>Pfsense Active</name>
<description>Active template for pfsense, requires pfsense_zbx.php installed to pfSense Box.&#13;
<<<<<<< HEAD:Template pfSense Active.xml
Version 1.0.0</description>
=======
Version 1.0.1&#13;
&#13;
https://github.com/rbicelli/pfsense-zabbix-template</description>
>>>>>>> develop:template_pfsense_active.xml
<groups>
<group>
<name>Templates</name>
@ -891,6 +901,67 @@ Version 1.0.0</description>
<master_item/>
</item>
<item>
<name>New Version of pfSense Available</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.value[system,new_version_available]</key>
<delay>1d</delay>
<history>90d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>System</name>
</application>
</applications>
<valuemap>
<name>Generic YesNo</name>
</valuemap>
<logtimefmt/>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<master_item/>
</item>
<item>
<name>pfSense Available Version</name>
<type>7</type>
<snmp_community/>
@ -3252,6 +3323,7 @@ Version 1.0.0</description>
<step>
<type>2</type>
<params>ms</params>
<<<<<<< HEAD:Template pfSense Active.xml
</step>
</preprocessing>
<jmx_endpoint/>
@ -3610,6 +3682,253 @@ Version 1.0.0</description>
<step>
<type>1</type>
<params>8</params>
=======
>>>>>>> develop:template_pfsense_active.xml
</step>
</preprocessing>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
</item_prototypes>
<trigger_prototypes/>
<graph_prototypes>
<graph_prototype>
<name>Network traffic on {#IFDESCR}</name>
<width>900</width>
<height>200</height>
<yaxismin>0.0000</yaxismin>
<yaxismax>100.0000</yaxismax>
<show_work_period>1</show_work_period>
<show_triggers>0</show_triggers>
<type>0</type>
<show_legend>0</show_legend>
<show_3d>0</show_3d>
<percent_left>0.0000</percent_left>
<percent_right>0.0000</percent_right>
<ymin_type_1>1</ymin_type_1>
<ymax_type_1>0</ymax_type_1>
<ymin_item_1>0</ymin_item_1>
<ymax_item_1>0</ymax_item_1>
<graph_items>
<graph_item>
<sortorder>0</sortorder>
<drawtype>5</drawtype>
<color>29E900</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template pfSense Active</host>
<key>net.if.in[{#IFNAME}]</key>
</item>
</graph_item>
<graph_item>
<sortorder>1</sortorder>
<drawtype>5</drawtype>
<color>FD0000</color>
<yaxisside>0</yaxisside>
<calc_fnc>2</calc_fnc>
<type>0</type>
<item>
<host>Template pfSense Active</host>
<key>net.if.out[{#IFNAME}]</key>
</item>
</graph_item>
</graph_items>
</graph_prototype>
</graph_prototypes>
<host_prototypes/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
</discovery_rule>
<discovery_rule>
<name>Network interface discovery</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>pfsense.discovery[interfaces]</key>
<delay>3600s</delay>
<status>0</status>
<allowed_hosts/>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<filter>
<evaltype>0</evaltype>
<formula/>
<conditions>
<condition>
<macro>{#IFNAME}</macro>
<value>@Network interfaces for discovery</value>
<operator>8</operator>
<formulaid>A</formulaid>
</condition>
</conditions>
</filter>
<lifetime>7d</lifetime>
<description>Discovery of network interfaces as defined in global regular expression &quot;Network interfaces for discovery&quot;.</description>
<item_prototypes>
<item_prototype>
<name>Incoming network traffic on {#IFDESCR}</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>net.if.in[{#IFNAME}]</key>
<delay>60</delay>
<history>7d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units>bps</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing>
<step>
<type>10</type>
<params/>
</step>
<step>
<type>1</type>
<params>8</params>
</step>
</preprocessing>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
<query_fields/>
<posts/>
<status_codes>200</status_codes>
<follow_redirects>1</follow_redirects>
<post_type>0</post_type>
<http_proxy/>
<headers/>
<retrieve_mode>0</retrieve_mode>
<request_method>0</request_method>
<output_format>0</output_format>
<allow_traps>0</allow_traps>
<ssl_cert_file/>
<ssl_key_file/>
<ssl_key_password/>
<verify_peer>0</verify_peer>
<verify_host>0</verify_host>
<application_prototypes/>
<master_item/>
</item_prototype>
<item_prototype>
<name>Outgoing network traffic on {#IFDESCR}</name>
<type>7</type>
<snmp_community/>
<snmp_oid/>
<key>net.if.out[{#IFNAME}]</key>
<delay>60</delay>
<history>7d</history>
<trends>365d</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units>bps</units>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<params/>
<ipmi_sensor/>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Network interfaces</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
<preprocessing>
<step>
<type>10</type>
<params/>
</step>
<step>
<type>1</type>
<params>8</params>
</step>
</preprocessing>
<jmx_endpoint/>
@ -3773,18 +4092,7 @@ Version 1.0.0</description>
<name>pfSense OpenVPN Interface Status</name>
</valuemap>
<logtimefmt/>
<preprocessing>
<step>
<type>5</type>
<params>(.*)
\1:up=1:down=0:none=0:reconnecting; ping-restart=2</params>
</step>
<step>
<type>5</type>
<params>(up|down|none|reconnecting; ping-restart)(?=.*:\1=(\d))
\2</params>
</step>
</preprocessing>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
@ -3978,18 +4286,7 @@ Version 1.0.0</description>
<name>pfSense OpenVPN Mode</name>
</valuemap>
<logtimefmt/>
<preprocessing>
<step>
<type>5</type>
<params>(.*)
\1p2p_tls=1:p2p_shared_key=2:server_tls=3:server_user=4:server_tls_user=5</params>
</step>
<step>
<type>5</type>
<params>(p2p_tls|p2p_shared_key|server_tls|server_user|server_tls_user)(?=.*:\1=(\d))
\2</params>
</step>
</preprocessing>
<preprocessing/>
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
@ -4111,6 +4408,7 @@ Version 1.0.0</description>
<name>pfSense OpenVPN Interface Status</name>
</valuemap>
<logtimefmt/>
<<<<<<< HEAD:Template pfSense Active.xml
<preprocessing>
<step>
<type>5</type>
@ -4123,6 +4421,9 @@ Version 1.0.0</description>
\2</params>
</step>
</preprocessing>
=======
<preprocessing/>
>>>>>>> develop:template_pfsense_active.xml
<jmx_endpoint/>
<timeout>3s</timeout>
<url/>
@ -4148,7 +4449,7 @@ Version 1.0.0</description>
</item_prototypes>
<trigger_prototypes>
<trigger_prototype>
<expression>{Template pfSense Active:pfsense.expected_carp_status.last()}&lt;&gt;2 and {Template pfSense Active:pfsense.value[openvpn_servervalue,{#SERVER},status].last()}=2</expression>
<expression>{Template pfSense Active:pfsense.expected_carp_status.last()}&lt;&gt;2 and {Template pfSense Active:pfsense.value[openvpn_servervalue,{#SERVER},status].last()}=0</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>OpenVPN Server {#NAME} is Down</name>
@ -5131,7 +5432,7 @@ or&#13;
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:pfsense.value[system,version].last()}&lt;&gt;{Template pfSense Active:pfsense.value[system,installed_version].last()}</expression>
<expression>({Template pfSense Active:pfsense.value[system,version].last()}&lt;&gt;{Template pfSense Active:pfsense.value[system,installed_version].last()})=1</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>New Version Available on {HOST.NAME}</name>
@ -5147,6 +5448,22 @@ or&#13;
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:pfsense.value[system,new_version_available].last()}=1</expression>
<recovery_mode>0</recovery_mode>
<recovery_expression/>
<name>New verson of pfSense Available on {HOST.NAME}</name>
<correlation_mode>0</correlation_mode>
<correlation_tag/>
<url/>
<status>0</status>
<priority>1</priority>
<description>A new version of pfSense is available for update.</description>
<type>0</type>
<manual_close>1</manual_close>
<dependencies/>
<tags/>
</trigger>
<trigger>
<expression>{Template pfSense Active:pfsense.value[gw_status].diff()}&gt;0</expression>
<recovery_mode>1</recovery_mode>
<recovery_expression>{Template pfSense Active:pfsense.value[gw_status].diff()}=0</recovery_expression>

89
pfsense_zbx.php
Unescape View File

@ -1,7 +1,11 @@
<?php
/***
pfsense_zbx.php - pfSense Zabbix Interface
<<<<<<< HEAD
Version 0.9.2 - 2020-03-29
=======
Version 0.9.3 - 2020-04-26
>>>>>>> develop
Written by Riccardo Bicelli <r.bicelli@gmail.com>
This program is licensed under Apache 2.0 License
@ -95,7 +99,7 @@ function pfz_interface_discovery() {
}
//OpenVPN Server Discovery
// OpenVPN Server Discovery
function pfz_openvpn_get_all_servers(){
$servers = openvpn_get_active_servers();
$sk_servers = openvpn_get_active_servers("p2p");
@ -123,16 +127,22 @@ function pfz_openvpn_serverdiscovery() {
}
<<<<<<< HEAD
/*
* Get OpenVPN Server Value
*/
=======
// Get OpenVPN Server Value
>>>>>>> develop
function pfz_openvpn_servervalue($server_id,$valuekey){
$servers = pfz_openvpn_get_all_servers();
foreach($servers as $server) {
if($server['vpnid']==$server_id)
$value = $server[$valuekey];
}
<<<<<<< HEAD
//Client Connections: is an array so it is sufficient to count elements
if ($valuekey=="conns"){
if (is_array($value))
@ -142,11 +152,33 @@ function pfz_openvpn_servervalue($server_id,$valuekey){
}
if ($value=="") $value="none";
=======
switch ($valuekey){
case "conns":
//Client Connections: is an array so it is sufficient to count elements
if (is_array($value))
$value = count($value);
else
$value = "0";
break;
case "status":
$value = pfz_valuemap("openvpn.server.status", $value);
break;
case "mode":
$value = pfz_valuemap("openvpn.server.mode", $value);
break;
}
//if ($value=="") $value="none";
>>>>>>> develop
echo $value;
}
//OpenVPN Client Discovery
// OpenVPN Client Discovery
function pfz_openvpn_clientdiscovery() {
$clients = openvpn_get_active_clients();
@ -172,6 +204,15 @@ function pfz_openvpn_clientvalue($client_id, $valuekey){
if($client['vpnid']==$client_id)
$value = $client[$valuekey];
}
switch ($valuekey){
case "status":
$value = pfz_valuemap("openvpn.server.client", $value);
break;
}
if ($value=="") $value="none";
echo $value;
}
@ -361,10 +402,52 @@ function pfz_get_system_value($section){
else
echo "1";
break;
<<<<<<< HEAD
=======
}
}
//Argument parsers
// Value mappings
// Each value map is represented by an associative array
function pfz_valuemap($valuename, $value){
switch ($valuename){
case "openvpn.server.status":
$valuemap = array(
"up" => "1",
"down" => "2",
"none" => "3",
"reconnecting; ping-restart" => "4");
break;
case "openvpn.client.status":
$valuemap = array(
"up" => "1",
"down" => "0",
"none" => "0",
"reconnecting; ping-restart" => "2");
break;
case "openvpn.server.mode":
$valuemap = array(
"p2p_tls" => "1",
"p2p_shared_key" => "2",
"server_tls" => "3",
"server_user" => "4",
"server_tls_user" => "5");
break;
>>>>>>> develop
}
if (array_key_exists($value, $valuemap))
return $valuemap[$value];
return "0";
}
//Argument parsers for Discovery
function pfz_discovery($section){
switch (strtolower($section)){
case "gw":

Write Preview
Loading…
Cancel
Save