rbicelli / pfsense-zabbix-template Goto Github PK
View Code? Open in Web Editor NEWZabbix Template for pfSense
License: Apache License 2.0
Zabbix Template for pfSense
License: Apache License 2.0
The service Router Advertisement Daemon(radvd) on a carp ip slave for the RA interface should be stopped. This template flags the trigger.
{removed:pfsense.value[service_value,radvd,status].last()}=0 and ( ({removed:pfsense.value[service_value,radvd,run_on_carp_slave].last()}=1 and {removed:pfsense.value[carp_status].last()}=2) or ( {removed:pfsense.value[carp_status].last()}=1) or ({removed:pfsense.value[carp_status].last()}=0) )
Above is what the discovery rule created. On the Dashboard it shows as "Down (0), Yes (1), Backup (2)"
Ciao Riccardo!
first of all.. kudos and thanks for this great job!
I've tried to import your template on a brand new Zabbix 5.0.3 server.
Everything works fine but autodiscovery rules not. When I try to "Execute Now" I receive this error:
Cannot send request: wrong discovery rule type.
If I change them to "Zabbix Agent" (so passive mode) they works fine. I've double checked and active check are enabled (all other items are working) and there is nothing that can explain why I'm receiving that error.
I've tried also on another setup based on Zabbix 4.4.10 but the error is the same.
I've solved by changing all the discovery rules to passive mode, but I'm trying to understand if there is someway to run them in active mode (I prefere due to better performance)
Thanks for your help!
Hi.
So i am running zabbix 4.2.8 and the pfSense box is on 2.4.4.
The install on the pfSense box was done by a colleague and i am trying to figure out if its an issue on my (Zabbix) side or if the installation was done incorrectly.
4 of the discovery rules come up as unsupported and this is what they say.
(Invalid discovery rule value: cannot parse as a valid JSON object: invalid object format, expected opening character '{' or '[' at: '
I have followed your instructions and used the Zabbix Agent 5.0 on PFSense. I cannot get it to work. If I use the FreeBSD, it connects.
Hello,
Thank you for your great work on this monitoring script. I found a small mistake in the function pfz_service_value that affects services with the space in the names, for example, FRR package.
[1] => Array
(
[name] => FRR zebra
[rcfile] => frr.sh
[executable] => zebra
[description] => FRR core/abstraction daemon
)
[2] => Array
(
[name] => FRR staticd
[rcfile] => frr.sh
[executable] => staticd
[description] => FRR static route daemon
)
[3] => Array
(
[name] => FRR bfdd
[rcfile] => frr.sh
[executable] => bfdd
[description] => FRR BFD daemon
)
[4] => Array
(
[name] => FRR bgpd
[rcfile] => frr.sh
[executable] => bgpd
[description] => FRR BGP routing daemon
)
[5] => Array
(
[name] => FRR ospfd
[rcfile] => frr.sh
[executable] => ospfd
[description] => FRR OSPF routing daemon
)
[6] => Array
(
[name] => FRR ospf6d
[rcfile] => frr.sh
[executable] => ospf6d
[description] => FRR OSPF6 routing daemon
)
When Zabbix discover the items using another function pfz_services_discovery, you are replacing space with the "__"
$json_string .= '{"{#SERVICE}":"' . str_replace(" ", "__", $service['name']) . $id . '"';
Then, when Zabbix checking service status, you are trying to replace "" with the spaces in the original service name and comparing it with the name from Zabbix with the "", which is wrong.
foreach ($services as $service){
$namecfr=str_replace("__"," ",$service["name"]);
...
if ($namecfr == $name){
...
The replace should be in the same way as in the service discovery function. Could you please fix this in your PHP file.
$namecfr=str_replace(" ", "__", $service["name"]);
Thanks a lot again!!
On my pfsense box squid service is detected as down, but it is running. Only reverse proxy service is stopped.
Hi,
Currently installed on a few pfSense boxes but i keep getting false alarms, maybe possible changing to check every 5mins?
I normally get alerts saying WAN gateway down but 3 seconds later it shows resolved
Then i check pfSense on the quality of the gateway and didn't show anything odd.
Thank you
When using PfSense in a redundant setup, not all OpenVPN instances are identified as enabled on CARP Slave = 0
I was able to identify a potential cause.
$stopped_on_carp_slave = array("haproxy","openvpn.");
changed to
$stopped_on_carp_slave = array("haproxy","openvpn.","openvpn");
And all OpenVPN instances now report as disabled on carp slave.
Just downloaded the latest update and my discovery rules are now saying,
Invalid discovery rule value: cannot find pair with name "{#NAME}".
All discovery but, Mounted filesystem discovery, show this.
I'm using the template_pfsense_active.xml.
If I roll back to the previous PHP file these errors go away
You did wrote on your Script the following
//List of service which are stopped on CARP Slave.
//For now this is the best way i found for filtering out the triggers
//Waiting for a way in Zabbix to use Global Regexp in triggers with items discovery
Here an Input/Idea. Don't know if you like to use, because it needs some little work by the user, but i think it's more flexible then hard in the Code.
On your Template you add a Macro called, as an example, which has the value '1' (or '0')
{$CARP.SLAVE.SERVICES}
On your Trigger for the Services, you adding to the expression
and ({$CARP.SLAVE.SERVICES:"{#NAME}"}=1
If you now add the Template to your Slave-Host, you can add the following Macros and no Trigger should be fired. You can also use it on the Master (and Slave) if you did stop any Service (for whatever reason) manually and no Trigger should be fired.
{$CARP.SLAVE.SERVICES:"haproxy"}
{$CARP.SLAVE.SERVICES:"openvpn."}
{$CARP.SLAVE.SERVICES:"openvpn"}
*** Would be better to add also the Name of the Services instead only of the Description. Because with that, the Macro which needs to be added is shorter and more readable.
Hi,
Thanks for your work.
I want to install it to OPNsense... (last version).
I've a Zabbix Agent and no Zabbix Active Agent.
So, I've changed All Item with Zabbix Agent (no Active)
--> OK
Zabbix Agent UserParameter web interface... dont work with specials characters (exemple : *)
So, I've add all UserParameter into a new .conf file to /usr/local/etc/zabbix_agentd.conf.d/ folder
--> OK
After this, I'll try with pfsense.value[gw_status] item, but I've an error on my Zaxxib Server :
Warning: require_once(globals.inc): failed to open stream: No such file or directory in /root/scripts/pfsense_zbx.php on line 10
Fatal error: require_once(): Failed opening required 'globals.inc' (include_path='/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/opnsense/contrib:/usr/local/share/pear:/usr/local/share') in /root/scripts/pfsense_zbx.php on line 10
PHP Script is on
/root/scripts/pfsense_zbx.php
I don't have globals.inc file to OPNsense
Script work it with OPNsense ?
in template_pfsense_active.xml the text within is causing errors in Zabbix 5.0.
When shortening the text the import went smoothly.
Original (failed):
Active template for pfsense, requires pfsense_zbx.php installed to pfSense Box.
Version 1.0.1
https://github.com/rbicelli/pfsense-zabbix-template
Changed to (imported successfully):
Active template for pfsense
Hello
After i updated my pfsense to 2.4.5-p1 i can no longer collect how many users are connected in vpn the intem to return the following error:
Value "Array" of type "string" is not suitable for value type "Numeric (float)"
root@sv-zabbix:/usr/home/ # zabbix_get -s 10.10.0.1 -p 10050 -k "pfsense.value[openvpn_servervalue,2,conns]"
Array
Can someone help me?
tanks
we have this 2 error messages in Services Discovery
Cannot create item: item with the same key "pfsense.value[service_value,captiveportal,run_on_carp_slave]" already exists.
Cannot create item: item with the same key "pfsense.value[service_value,captiveportal,status]" already exists.
Maybe because my pfsense have 2 captive portal instances!
can anyone help me to change this and monitor 2 captive portal services?
Hi,
i have download
template_pfsense_active.xml and template_pfsense_active_ovpn_user.xml
but is same file?
When i import in zabbix, only one template is created
thanks
Hello,
First, thanks for your perfect template and php file, this is exactly what i was looking for my homelab !
I got an error on the New version trigger and this is the details about it :
Cannot evaluate expression: expected numeric token at "2.4.5)<>(2.4.4_3)".
I'm running a Zabbix LTS server with your recently updated template.
Pfsense (fresh install < 4d) is on 2.4.4_3 version with an update pending.
Thanks for your help.
I don't know exactly why, but one of my server when i try get gateway status i receive data line:
none
To fix it i change a link on zabbix agent settins to use | tail -1
...
UserParameter=pfsense.value[*],/usr/local/bin/php /root/scripts/pfsense_zbx.php $1 $2 $3 | tail -1
I hope to help someone who has the same problem
Hi,
I was looking around the template and was getting a tad bit alerts but it goes away real quick, Would it be possible to check every 3mins? i checked on the discovery which is every 30 seconds, but not sure if that's the option
Thank you
In zabbix agent logs:
18062:20201221:132549.756 active check "pfsense.value[openvpn_server_uservalue,3+user@domain,virtual_addr]" is not supported: Special characters ", ', ", `, *, ?, [, ], {, }, ~, $, !, &, ;, (, ), <, >, |, #, @, 0x0a" are not allowed in the parameters.
Hey there,
All my gateways are being shown as down (status 5), even tho they're fully functional and being shown as online in the GUI.
Tested on two installations of pfsense 2.4.5-p1
Good evening.
I applied all the scrippts however
OpenVPN Client UDP4 Tunnel Status only collects 0 as a value, even though it has an active tunnel it does not collect the information, I tried to apply a javscript but even so the collection did not work.
Hi,
I wanted to say thank you for this amazing template. Was just wondering is it possible to add the which user has connected and disconnected from their IP?
Thank you
Excuse me, but I really can't understand the reason for this situation.
I followed the instructions to install and register the Zabbix pfSense template.
I installed the Zabbix 4.0 agent on the pfSense configured with the advanced settings, I copied the php file in the path / root / scripts / inside the pfSense and loaded the templates into the Zabbix Server.
Nothing to do Zabbix does not connect to the pfSense agent.
So I tried to hook a generic template for the network by removing the advanced settings and the server hooks up immediately.
Where am I wrong?
Thank you !
Hi
I was wondering if this has happened to someone else, currently i had pfSense working with the template as zabbix agent active, but i changed the agent that goes though the proxy then to the zabbix server, it shows all the info except the services, i tried to turning it off and back on but it does not show any alert i checked if there was an issue on the discovery so far nothing, only on the data shows out greyed out
currently have the proxy as active rather then passive
Good Morning,
I use the previous php template in some pfsense boxes. I installed a new one this week and used the new php. All my gateways are alarmed as down. With data return 5 in zabbix. I went back to the old php and found that my links returned to receive 0 and returned to the UP status.
Best regards,
RagnarPino
Hello.
First, thank you for the amazing job.
I saw in preprocessor of openvpn server status a code for up, down e none status. One of my tunnels got "reconnecting; ping-restart" status. How can I preprocess that to a value?
Is this in php script?
For me an error appears
"Preprocessing failed for: reconnecting; ping-restart
sorry about my english.
I can't get OpenVPN Server status and port
Hello,
I am using pfSense 2.4.4-p3 and Zabbix4.4. I cant seem to get any data from the pfSense. The following is outputted in my zabbix_server.log
44151:20191221:142609.363 item "pfsense-seattle:kt.mem.used" became not supported: Cannot evaluate expression: "Cannot evaluate function "last()": not enough data.".
44151:20191221:142614.694 item "pfsense-seattle:pfsense.mbuf.ptotal" became not supported: Cannot evaluate expression: "Cannot evaluate function "last()": not enough data.".
44150:20191221:142617.276 item "pfsense-seattle:pfsense.states.pused" became not supported: Cannot evaluate expression: "Cannot evaluate function "last()": not enough data.".
Hi
I just tried the template today and it works great. The only thing I have noticed so far it's that it will show a openvpn server as offline if it's in peer-to-peer mode. The status check seems to only check for the 3 remote access modes.
The check for peer-to-peer mode should be p2p_shared_key and p2p_tls
https://ibb.co/m0X8XPP
https://ibb.co/mDt5QBZ
https://ibb.co/pQSCDNf
https://ibb.co/VqS4Rm0
So for some reason the services feature isn't working for me on my negate SG-5100. All the other features work well but i'm not seeing any of the running services items getting any data.
I can run zabbix_get -s 127.0.0.1 -k pfsense.value and I get the array field as seen in the photo and it lists all the services, but there isn't any data underneath them.
zabbix_get -s 127.0.0.1 -k pfsense.value[services_value,dhcpd,status]
returns no match.
I'm not that worried about the service status but would be nice. Thanks so much for all that you do. I'm running Zabbix 5.0 agent and Server. All the other features work great, just the services don't list for me! I have downloaded the php file as in the read me - hince all the other features work great.
hey getting a error in zabbix stating unkown
pfsense.value[system,new_version_available].last()}=1
Cannot evaluate expression: "Cannot evaluate function "SRS-FW1-COLORED:pfsense.value[system,new_version_available].last()": item is not supported.".
When I use de script my zabbix server (OpenVPN server discovery) show me a message:
Cannot create item: invalid value for preprocessing step #2: unmatched parentheses.
Can you help me with that error ?
I have a few gateway which ‘flap’ so I get a lot of triggers. I just wanted to check that the use of last(#3) was the intended behaviour in the triggers.
I assumed that this meant the value had to be in that state for the last 3 readings but that is not the case reading the following:
The function last uses a different meaning for values when prefixed with the hash mark - it makes it choose the n-th previous value, so given the values 3, 7, 2, 6, 5 (from most recent to least recent), last(#2) would return 7 and last(#5) would return 5.
https://www.zabbix.com/documentation/current/manual/config/triggers/expression
I don't have a root/scripts directory on my pfsense box version 2.4.4 and I can't create one, I don't have permissions.
I'm having an issue with zabbix 4.4 that it won't pull any values - it works fine with the default FreeBSD template but I get the following error: Cannot send request: wrong item type.
Have you seen this anywhere else?
hi. I'm using your template without success. everything was great. I added a new PFsense and got the gataway down event. I found out that there is a difference in /root/scripts/pfsense_zbx.php. But the file version has not changed. Is this an error or were there changes?
Checking status of OpenVPN does not work for mode Remote Access ( SSL/TLS )(server_tls)
Current code in pfsense_zbx.php
if ( ($server['mode']=="server_user") || ($server['mode']=="server_tls_user") ){
Modified code to
if ( ($server['mode']=="server_user") || ($server['mode']=="server_tls_user") || ($server['mode']=="server_tls")){
and the issue I was having appears resolved.
For Netgate appliances they offer a temp reading.
So I've added the user agents
UserParameter=temperature0,sysctl -n dev.cpu.0.temperature
UserParameter=temperature1,sysctl -n dev.cpu.1.temperature
Which returns a text value of 32.0C. I'll try to make a custom trigger for it. Just wanted other netgate users to know.
Hi Riccardo
We've a pfSense Cluster and we did turn on the Option «Disable Gateway Monitoring». With that, the Gateway has the Status «Online (unmonitored)». Now we did some adjustments before using your Template and disabled the option «Disable Gateway Monitoring». So pfSense does active Ping its Gateway.
But your Template/Script does still show the Gateway as «Down» (5). I did not yet have the time to search the issue and check your Script. What i was able to test is, with the Template of Leonardo (https://github.com/lndgoncalves/zabbix-pfsense-gateway) i was successful - with the Template of Leonardo, the Gateway-Status is always correct.
Maybe you have any idea.
2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE
Hello,
There's a typo on the trigger:
New verson of pfSense Available on {HOST.NAME}
Where should be:
New version of pfSense Available on {HOST.NAME}
Great work, the template works great!
Hi, everything works fine, except the OpenVPN Client Status...
I've tried on 3 setup, 2 on production and 1 Lab, the same issue on all of them.
The production Zabbix is 4.0 and the lab is 4.4, everything on lan network, no proxy, no encryption. Authentication using LDAP backend.
Sorry, my english is not the best...
Hey there,
Tried using your template and php, but encountered a problem. When I run php script.php 1 status, in most of the code the status is up, but in the end returns 0. Now when I looked at it I saw this
line 243 $value = pfz_valuemap("openvpn.server.client", $value);
line 457 case "openvpn.client.status":
Am I wrong in assuming, that openvpn.server.client key should be openvpn.client.status instead?
Hey,
Sorry if this isn't an issue with the template (I'm not the best with zabbix yet) but since using this pfsense doesn't connect to the zabbix server. If I look at the log inside /var/zabbix-agent/zabbix-agent.log I can see that there is some sort of issue from the log. I have't changed any network configurations and had it working with a standard template before so I know there is no network setting blocking connections or anything like that.
81929:20200715:001205.264 Starting Zabbix Agent [pfSense]. Zabbix 4.0.17 (revision a528a0a4bc).
81929:20200715:001205.264 **** Enabled features ****
81929:20200715:001205.265 IPv6 support: YES
81929:20200715:001205.265 TLS support: YES
81929:20200715:001205.265 **************************
81929:20200715:001205.265 using configuration file: /usr/local/etc/zabbix40/zabbix_agentd.conf
81929:20200715:001205.265 agent #0 started [main process]
82054:20200715:001205.265 agent #1 started [collector]
82057:20200715:001205.266 agent #2 started [listener #1]
82069:20200715:001205.266 agent #3 started [listener #2]
82140:20200715:001205.266 agent #4 started [listener #3]
82057:20200715:001355.145 failed to accept an incoming connection: select() failed: [4] Interrupted system call
81929:20200715:001355.145 Got signal [signal:15(SIGTERM),sender_pid:59605,sender_uid:0,reason:65537]. Exiting ...
82069:20200715:001355.145 failed to accept an incoming connection: select() failed: [4] Interrupted system call
82140:20200715:001355.145 failed to accept an incoming connection: select() failed: [4] Interrupted system call
As per instructions my timeout is set to 6 and the user parameters are set.
I have openVPN in use so I applied both templates if that makes a difference.
Do you know what is wrong from this or is it me?
... it's probably me being stupid :(
On a system with many OpenVPN tunnels and servers, and many interfaces and VLANs. This increases load from 1% to 50%
It is not usable like this unfortunately...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.