NRPEv2 check_pf
-
Hi,
I'm working to add monitoring on my loved PFSense firewall.
NRPEv2 package is great but it's missing some specif PF features. I have tryed to add the check_pf indicator (https://github.com/kian/nagios-pf-plugin) but once compiled on FreeBSD 8.3, when I'm launching it on PFSense 2.1.3-RELEASE I got a: "PF UNKNOWN - ioctl failed (DIOCGETSTATUS)"
As I'm not a developper I've done a dirty thing doing nearly the same in sh:#!/bin/sh WARN="8000" CRIT="10000" STATES=`pfctl -si | grep "current entries" | awk '{ print $3 }'` LIMIT=`pfctl -sm | grep states | awk '{ print $4 }'` PERC=`echo "scale=2;$STATES*100/$LIMIT"|bc` if [ $STATES -lt $WARN ]; then MSG="OK" STATUS="0" elif [ $STATES -ge $CRIT ]; then MSG="CRITICAL" STATUS="2" elif [ $STATES -ge $WARN ]; then MSG="WARNING" STATUS="1" fi echo "PF $MSG - states: $STATES ( $PERC% - limit: $LIMIT) | states=$STATES;$WARN;$CRIT;0;$LIMIT" exit $STATUS
Sacha.
-
I know it has been a bit since Sacha posted this, but I made a couple of changes to the script. Instead of going off of states, the revised script instead alerts based on state table usage percentage (80 and 90). Thanks Sacha for the original post! – Dallas
#!/bin/sh
WARN="80"
CRIT="90"
STATES=pfctl -si | grep "current entries" | awk '{ print $3 }'
LIMIT=pfctl -sm | grep states | awk '{ print $4 }'
PERC=echo "$((($STATES*100)/$LIMIT))"|bc
#echo $PERC
if [ $PERC -lt $WARN ]; then
MSG="OK"
STATUS="0"
elif [ $PERC -ge $CRIT ]; then
MSG="CRITICAL"
STATUS="2"
elif [ $PERC -ge $WARN ]; then
MSG="WARNING"
STATUS="1"
fi
echo "$MSG - PF state table: $STATES ( $PERC% full - limit: $LIMIT) | states=$STATES;$WARN;$CRIT;0;$LIMIT"
exit $STATUS -
thanks for the hack