Monitoring service status
-
If you can run a command line check, use:
pfSsh.php playback svc status captiveportal
For example:
: pfSsh.php playback svc status captiveportal thiszone Starting the pfSense developer shell.... Service captiveportal is running.
-
Thanks for the reply!
I don't know why but if launch the command I don't have the status.
Example 1.
pfSsh.php playback svc status captiveportal cpzone Starting the pfSense shell system............... Attempting to issue status to captiveportal service...
Example 2.
pfSsh.php playback svc status squid Starting the pfSense shell system............... Attempting to issue status to squid service...
My pfSenses are 2.1.5 and the services are up.
I tried to shutdown a service but the answer is the same.
The script always exit with error code 0 (echo $?).Any idea?
-
I've found that there is no "status" action in /etc/phpshellsessions/svc
Github shows that it has been introduced in 2.2 beta.Looks like I will have to wait for us to upgrade to 2.2 or do a ugly patch to svc (it should work I think)…
Thank you for showing me the right file.
-
Yes, the status action only works on 2.2.
You could take /etc/phpshellsessions/svc from a 2.2 box and use it on 2.1.5 though, the only changes were in that one file and I believe all the necessary supporting functions were there as well. Worth a shot.
-
Yes but i'm afraid it could break something for the next upgrade to 2.2.
-
overwriting that one file won't hurt anything.
-
OK thank you
-
I have setup those checks with Nagios and NRPE.
If it can help someone :
- Install NRPE via System>Packages
- Download the zipfile (http://www.filedropper.com/checkpfsvc). It contains 2 files : "check_pfsvc" which is the nagios plugin used by nrpe to do the services check and "svc" which is a pfSense 2.2 version of the file /etc/phpshellsessions/svc
- Transfer "check_pfsvc" in /usr/pbi/nrpe-amd64/libexec/nagios (it should be another location for 32b installations) and do a chmod 555 on it ; chown it to root and set the group to wheel
- If your pfSense version is <2.2 backup your /etc/phpshellsessions/svc and replace with the file provided in the archive
After that configure NRPE as you need. See nrpev2.png to see how i've configured it.
-
Hello,
I'm back because I've upgraded to latest pfsense release and my script does not work through NRPE but it works from root account through SSH.
I've tried to port it to sh script but it does not work. The error I catch from the nrpe launch of my script is /usr/pbi/nrpe-amd64/local/libexec/nagios/check_pfsvc: /usr/local/sbin/pfSsh.php: not foundDoes someone has an idea why it does not work anymore?
-
No idea? I think it's a modification on rights or in the nrpe plugin but I can't find it.
-
@rct:
I have setup those checks with Nagios and NRPE.
If it can help someone :
- Install NRPE via System>Packages
- Download the zipfile (http://www.filedropper.com/checkpfsvc). It contains 2 files : "check_pfsvc" which is the nagios plugin used by nrpe to do the services check and "svc" which is a pfSense 2.2 version of the file /etc/phpshellsessions/svc
- Transfer "check_pfsvc" in /usr/pbi/nrpe-amd64/libexec/nagios (it should be another location for 32b installations) and do a chmod 555 on it ; chown it to root and set the group to wheel
- If your pfSense version is <2.2 backup your /etc/phpshellsessions/svc and replace with the file provided in the archive
After that configure NRPE as you need. See nrpev2.png to see how i've configured it.
I can't download the zipfile =(
that link redirects me to filedropper.com
-
It doesn't work anymore on pfSense 2.2.x and I can't find why. Sorry.
-
No problem, i need it for a pfSense 2.1-RELEASE
BTW: Anyone knows this package? https://exchange.nagios.org/directory/Plugins/Software/check_squid/details
check_squid
teorically it must be installed on Nagios Server (in my case, is a Ubuntu 14.04)
idk if this works properly because i can't run it. It says
Can't locate Nagios/Plugin.pm in @INC (you may need to install the Nagios::Plugin module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .)Can't locate Nagios/Plugin.pm in @INC (you may need to install the Nagios::Plugin module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .)
I know this isn't a Nagios forum, but just for share the experience
-
You can find the file attached to this message.
-
-
For your Nagios issue I think you miss the perl lib that has been written as a "template" for creating nagios plugins (https://exchange.nagios.org/directory/Plugins/*-Plugin-Development-Tools/Nagios-3A-3APlugin/details).
-
@rct:
For your Nagios issue I think you miss the perl lib that has been written as a "template" for creating nagios plugins (https://exchange.nagios.org/directory/Plugins/*-Plugin-Development-Tools/Nagios-3A-3APlugin/details).
i guess i need some more dependencies because when i run perl Makefile.PL this is what it shows:
Warning: prerequisite Config::Tiny 0 not found. Warning: prerequisite Math::Calc::Units 0 not found. Warning: prerequisite Params::Validate 0 not found. Writing Makefile for Nagios::Plugin Writing MYMETA.yml and MYMETA.json
i'll take a look to your file and follow your instructions to check squid & squidguard status for my pfsense
Thank you for your attention
-
No problem! I hope it'll do the trick for you :)
-
i've done all the configurations on pfsense side
now i'm on my Nagios Server and i don't know how to add this checks on my status monitor
here's my 'pfsense22.cg" file
# A simple configuration file for monitoring the local host # This can serve as an example for configuring other servers; # Custom services specific to this host are added here, but services # defined in nagios2-common_services.cfg may also apply. # define host{ use generic-host ; Name of host template to use host_name pfsense22 alias virtualprana address 10.0.0.22 } # Define a service to check the disk space of the root partition # on the local machine. Warning if < 20% free, critical if # < 10% free space on partition. define service{ use generic-service ; Name of service template to use host_name pfsense22 service_description Disk Space check_command check_all_disks!20%!10% } # Define a service to check the number of currently logged in # users on the local machine. Warning if > 20 users, critical # if > 50 users. define service{ use generic-service ; Name of service template to use host_name pfsense22 service_description Current Users check_command check_users!20!50 } # Define a service to check the number of currently running procs # on the local machine. Warning if > 250 processes, critical if # > 400 processes. define service{ use generic-service ; Name of service template to use host_name pfsense22 service_description Total Processes check_command check_procs!250!400 } # Define a service to check the load on the local machine. define service{ use generic-service ; Name of service template to use host_name pfsense22 service_description Current Load check_command check_load!5.0!4.0!3.0!10.0!6.0!4.0 } define service{ use generic-service host_name pfsense22 service_description Current Load check_command check_nrpe } # Define a service to check squid status
-
You can add the following to your file according you have setup a command named "check_squid_svc" in the NRPE package.
define service {
use generic-service
host_name pfsense22
service_description Squid service
check_command check_nrpe!check_squid_svc
} -
thanks!
it shows me an UNKNOWN state
details:
Current Status: UNKNOWN (for 0d 0h 25m 45s) Status Information: (No output returned from plugin) NRPE Plugin for Nagios Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org) Version: 2.15 Last Modified: 09-06-2013 License: GPL v2 with exemptions (-l for more info) SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required \nUsage: check_nrpe -H <host>[ -b <bindaddr>] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command></command>] [-a <arglist...>] \nOptions: -h = Print this short help. -l = Print licensing information. -n = Do no use SSL -u = Make socket timeouts return an UNKNOWN state instead of CRITICAL <host>= The address of the host running the NRPE daemon <bindaddr>= bind to local address -4 = user ipv4 only -6 = user ipv6 only [port] = The port on which the daemon is running (default=5666) [timeout] = Number of seconds before connection times out (default=10) [command] = The name of the command that the remote daemon should run [arglist] = Optional arguments that should be passed to the command. Multiple arguments should be separated by a space. If provided, this must be the last option supplied on the command line. \nNote: This plugin requires that you have the NRPE daemon running on the remote host. You must also have configured the daemon to associate a specific plugin command with the [command] option you are specifying here. Upon receipt of the [command] argument, the NRPE daemon will run the appropriate plugin command and send the plugin output and return code back to *this* plugin. This allows you to execute plugins on remote hosts and 'fake' the results to make Nagios think the plugin is being run locally. \n Performance Data: Current Attempt: 4/4 (HARD state) Last Check Time: 2015-06-18 12:50:08 Check Type: ACTIVE Check Latency / Duration: 0.085 / 0.005 seconds Next Scheduled Check: 2015-06-18 12:55:08 Last State Change: 2015-06-18 12:27:08 Last Notification: 2015-06-18 12:30:13 (notification 1) Is This Service Flapping? NO (5.72% state change) In Scheduled Downtime? NO Last Update: 2015-06-18 12:52:53 ( 0d 0h 0m 0s ago) Active Checks: ENABLED Passive Checks: ENABLED Obsessing: ENABLED Notifications: ENABLED Event Handler: ENABLED Flap Detection: ENABLED</bindaddr></host></arglist...></timeout></port></bindaddr></host>
-
NOW IS WORKING
TY V M
I'll nat some ports from some clients now.
Thanks for all, again
-
Ok glad it works for you :)
-
Hi,
I'm trying to use your script on my pfsense 2.2.6.
In shell, it's working.
in nrpe, my remote server give me : Could not read output.
Another check on the pfsense using nrpe (check_load, …) are working as fine.Any suggestions to fix this issue ?
Thanks,
Yannick -
No sorry I've had the same problem when I have upgraded my pfSense and I haven't found a way to resolve this issue. :(
-
a short test with a bash script works as fine.
so it seems that the nagios account use by nrpe don't have rights to execute the php interpreter (/usr/local/bin/php). -
I agree it seems to be a security constraint somewhere but I don't know Freebsd and I haven't found why…
If you try to launch
su -m nagios -c "/usr/pbi/nrpe-amd64/libexec/nagios/check_pfsvc squid"
it will work.But if you launch it throught the nrpe daemon it won't work.
If edit the file to write dumb content (echo 'ok'; exit(0);) it will work.From my tests it's the call to '/usr/local/sbin/pfSsh.php' that is blocked.
I've tried to launch /usr/local/sbin/pfSsh.php via a shell script configured as a nrpe command and it returns the error code 127 (http://tldp.org/LDP/abs/html/exitcodes.html ?).
I don't know how to debug further...
-
Yes, I have rewrite the script in shell and I have an error about "/usr/local/sbin/pfSsh.php not found".
so the user nagios has no sufficent right to invoke this command. -
If you call your script
sudo -m nagios -c "/path/to/your/script"
I think it will work so it's more like if the nrpe service has not access to this file (may be it is jailed or there something else). -
I think nagios account is jailed.