Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Monitoring service status

    Scheduled Pinned Locked Moved General pfSense Questions
    31 Posts 4 Posters 10.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rocaembole
      last edited by

      @rct:

      For your Nagios issue I think you miss the perl lib that has been written as a "template" for creating nagios plugins (https://exchange.nagios.org/directory/Plugins/*-Plugin-Development-Tools/Nagios-3A-3APlugin/details).

      i guess i need some more dependencies because when i run perl Makefile.PL this is what it shows:

      Warning: prerequisite Config::Tiny 0 not found.
      Warning: prerequisite Math::Calc::Units 0 not found.
      Warning: prerequisite Params::Validate 0 not found.
      Writing Makefile for Nagios::Plugin
      Writing MYMETA.yml and MYMETA.json
      
      

      i'll take a look to your file and follow your instructions to check squid & squidguard status for my pfsense

      Thank you for your attention

      No Pain
      No Gain

      1 Reply Last reply Reply Quote 0
      • R
        rct
        last edited by

        No problem! I hope it'll do the trick for you :)

        1 Reply Last reply Reply Quote 0
        • R
          rocaembole
          last edited by

          i've done all the configurations on pfsense side

          now i'm on my Nagios Server and i don't know how to add this checks on my status monitor

          here's my 'pfsense22.cg" file

          
          # A simple configuration file for monitoring the local host
          # This can serve as an example for configuring other servers;
          # Custom services specific to this host are added here, but services
          # defined in nagios2-common_services.cfg may also apply.
          # 
          
          define host{
                  use                     generic-host            ; Name of host template to use
                  host_name               pfsense22
                  alias                   virtualprana
                  address                 10.0.0.22
                  }
          
          # Define a service to check the disk space of the root partition
          # on the local machine.  Warning if < 20% free, critical if
          # < 10% free space on partition.
          
          define service{
                  use                             generic-service         ; Name of service template to use
                  host_name                       pfsense22
                  service_description             Disk Space
                  check_command                   check_all_disks!20%!10%
                  }
          
          # Define a service to check the number of currently logged in
          # users on the local machine.  Warning if > 20 users, critical
          # if > 50 users.
          
          define service{
                  use                             generic-service         ; Name of service template to use
                  host_name                       pfsense22
                  service_description             Current Users
                  check_command                   check_users!20!50
                  }
          
          # Define a service to check the number of currently running procs
          # on the local machine.  Warning if > 250 processes, critical if
          # > 400 processes.
          
          define service{
                  use                             generic-service         ; Name of service template to use
                  host_name                       pfsense22
                  service_description             Total Processes
          		check_command                   check_procs!250!400
          	}
          
          # Define a service to check the load on the local machine. 
          
          define service{
                  use                             generic-service         ; Name of service template to use
                  host_name                       pfsense22
                  service_description             Current Load
          		check_command                   check_load!5.0!4.0!3.0!10.0!6.0!4.0
                  }
          
          define service{
          	use				generic-service
          	host_name			pfsense22
          	service_description		Current Load
          		check_command		check_nrpe
          }
          
          # Define a service to check squid status
          
          

          No Pain
          No Gain

          1 Reply Last reply Reply Quote 0
          • R
            rct
            last edited by

            You can add the following to your file according you have setup a command named "check_squid_svc" in the NRPE package.

            define service {
                    use                            generic-service
                    host_name                      pfsense22
                    service_description            Squid service
                    check_command                  check_nrpe!check_squid_svc
            }

            1 Reply Last reply Reply Quote 0
            • R
              rocaembole
              last edited by

              thanks!

              it shows me an UNKNOWN state

              details:

              
              Current Status:	
                UNKNOWN  
               (for 0d 0h 25m 45s)
              Status Information:	(No output returned from plugin)
              NRPE Plugin for Nagios
              Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
              Version: 2.15
              Last Modified: 09-06-2013
              License: GPL v2 with exemptions (-l for more info)
              SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
              \nUsage: check_nrpe -H <host>[ -b <bindaddr>] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command></command>] [-a <arglist...>]
              \nOptions:
              -h = Print this short help.
              -l = Print licensing information.
              -n = Do no use SSL
              -u = Make socket timeouts return an UNKNOWN state instead of CRITICAL
               <host>= The address of the host running the NRPE daemon
               <bindaddr>= bind to local address
              -4 = user ipv4 only
              -6 = user ipv6 only
              [port] = The port on which the daemon is running (default=5666)
              [timeout] = Number of seconds before connection times out (default=10)
              [command] = The name of the command that the remote daemon should run
              [arglist] = Optional arguments that should be passed to the command. Multiple
              arguments should be separated by a space. If provided, this must be
              the last option supplied on the command line.
              \nNote:
              This plugin requires that you have the NRPE daemon running on the remote host.
              You must also have configured the daemon to associate a specific plugin command
              with the [command] option you are specifying here. Upon receipt of the
              [command] argument, the NRPE daemon will run the appropriate plugin command and
              send the plugin output and return code back to *this* plugin. This allows you
              to execute plugins on remote hosts and 'fake' the results to make Nagios think
              the plugin is being run locally.
              \n
              Performance Data:	
              Current Attempt:	4/4  (HARD state)
              Last Check Time:	2015-06-18 12:50:08
              Check Type:	ACTIVE
              Check Latency / Duration:	0.085 / 0.005 seconds
              Next Scheduled Check:  	2015-06-18 12:55:08
              Last State Change:	2015-06-18 12:27:08
              Last Notification:	2015-06-18 12:30:13 (notification 1)
              Is This Service Flapping?	
                NO  
               (5.72% state change)
              In Scheduled Downtime?	
                NO  
              Last Update:	2015-06-18 12:52:53  ( 0d 0h 0m 0s ago)
              Active Checks:	
                ENABLED  
              Passive Checks:	
                ENABLED  
              Obsessing:	
                ENABLED  
              Notifications:	
                ENABLED  
              Event Handler:	
                ENABLED  
              Flap Detection:	
                ENABLED</bindaddr></host></arglist...></timeout></port></bindaddr></host> 
              

              No Pain
              No Gain

              1 Reply Last reply Reply Quote 0
              • R
                rocaembole
                last edited by

                NOW IS WORKING

                TY V M

                I'll nat some ports from some clients now.

                Thanks for all, again

                No Pain
                No Gain

                1 Reply Last reply Reply Quote 0
                • R
                  rct
                  last edited by

                  Ok glad it works for you  :)

                  1 Reply Last reply Reply Quote 0
                  • Y
                    ymolinet
                    last edited by

                    Hi,

                    I'm trying to use your script on my pfsense 2.2.6.
                    In shell, it's working.
                    in nrpe, my remote server give me : Could not read output.
                    Another check on the pfsense using nrpe (check_load, …) are working as fine.

                    Any suggestions to fix this issue ?

                    Thanks,
                    Yannick

                    1 Reply Last reply Reply Quote 0
                    • R
                      rct
                      last edited by

                      No sorry I've had the same problem when I have upgraded my pfSense and I haven't found a way to resolve this issue. :(

                      1 Reply Last reply Reply Quote 0
                      • Y
                        ymolinet
                        last edited by

                        a short test with a bash script works as fine.
                        so it seems that the nagios account use by nrpe don't have rights to execute the php interpreter (/usr/local/bin/php).

                        1 Reply Last reply Reply Quote 0
                        • R
                          rct
                          last edited by

                          I agree it seems to be a security constraint somewhere but I don't know Freebsd and I haven't found why…

                          If you try to launch
                          su -m nagios -c "/usr/pbi/nrpe-amd64/libexec/nagios/check_pfsvc squid"
                          it will work.

                          But if you launch it throught the nrpe daemon it won't work.
                          If edit the file to write dumb content (echo 'ok'; exit(0);) it will work.

                          From my tests it's the call to '/usr/local/sbin/pfSsh.php' that is blocked.

                          I've tried to launch /usr/local/sbin/pfSsh.php via a shell script configured as a nrpe command and it returns the error code 127 (http://tldp.org/LDP/abs/html/exitcodes.html ?).

                          I don't know how to debug further...

                          1 Reply Last reply Reply Quote 0
                          • Y
                            ymolinet
                            last edited by

                            Yes, I have rewrite the script in shell and I have an error about "/usr/local/sbin/pfSsh.php not found".
                            so the user nagios has no sufficent right to invoke this command.

                            1 Reply Last reply Reply Quote 0
                            • R
                              rct
                              last edited by

                              If you call your script
                              sudo -m nagios -c "/path/to/your/script"
                              I think it will work so it's more like if the nrpe service has not access to this file (may be it is jailed or there something else).

                              1 Reply Last reply Reply Quote 0
                              • Y
                                ymolinet
                                last edited by

                                I think nagios account is jailed.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.