Making a CPU usage script
Is there a way to extract the CPU usage number seen on the dashboard so I can use it in a cron shell script?
Since there is no notification event for CPU usage, I thought I would create my own, but do not know what command to use to get the info. I can get temp info, but not CPU usage. None of the sysctl commands give me that info.
When I get it to work, I will post the instructions and code in this thread so others can use this much needed feature.
The purpose of this script is to notify by email when the CPU usage reaches a threshold.
Why do we need this. Because how many times do we set a rule or configure something that makes the CPU usage start creeping up. I know Snort and Suricata can do that. When the CPU starts pinning, it usually slows PFsense down or locks it up let along start cooking the CPU. I want to be notified of that. My CPU usage averages between 3 and 10%, so if I set the threshold to, lets say, 70. I will be warned before the disaster hits and allow me to fix it.
Gertjan last edited by
Nearly every OS as this command :
sysctl can help you also. Check out the pfSense sources and you'll find it ;)
Check out the man sysctl pages.
The firewall shouldn't be handling those kinds of notifications. That's what an NMS is for.
Turn on Services > SNMP, activate the UCD module, and query the usual CPU usage OIDs
: snmpget -v 2c -c xxxxx 198.51.100.6 UCD-SNMP-MIB::ssCpuUser.0
UCD-SNMP-MIB::ssCpuUser.0 = INTEGER: 3
: snmpget -v 2c -c xxxxx 198.51.100.6 UCD-SNMP-MIB::ssCpuSystem.0
UCD-SNMP-MIB::ssCpuSystem.0 = INTEGER: 2
: snmpget -v 2c -c xxxxx 198.51.100.6 UCD-SNMP-MIB::ssCpuIdle.0
UCD-SNMP-MIB::ssCpuIdle.0 = INTEGER: 95
An NMS is probably smarter than that, just tell it to use SNMP and aim it at the firewall (hopefully over LAN or a VPN!)
Is there a setup guide to do this in pfsense somewhere? Not sure I know how to go about it. Also I do not want another piece of hardware doing this job just to monitor a couple of hardware sensors. Seems counter productive to me and just another point of failure. But if I can do it all within the PFsense box, I am ok with it.
You do NOT set up anything like this in pfSense. You have a box where you poll SNMP and do whatever you want with it. Already noted here but you clearly don't get the point. As for another point of failure - when the pfSense box goes AWOL, you won't get any notification whatsoever, so that is just a broken strategy.
Any notification email would be sent before the failure. The point is to detect when a failure may be coming. Not when it happens.
As an example, set the temp threshold to 60C and send an email alert. The system can easily handle 60C, but it alerts that something is causing overheating like a dirty fan or rising CPU usage. The alerts are what they imply. if you don't think this is a good idea to build this feature in the PFsense box then maybe we should call it PFnoSense.
Your logic makes as much sense as the only alert being generated now is when the gateway goes down when it can't possibly alert you because the gateway is down. Only useful with multiple gateways. So essentially there are no useful alerts being generated now.
So your answer is run another computer, with another point of failure, to monitor the first one when the first one is more than capable to monitor itself. So what, build another box to monitor the SNMP box incase it fails and so on. Lets be real here. Unless you need to monitor a lot of remote systems, there is no reason to have to build another computer for such a simple task that theoretically PFsense could handle.
Any notification email would be sent before the failure.
May I ask how exactly are you going to ensure that? Internet connectivity down - no notification. Kernel crashes - no notification. HW fails - no notification. SMTP server down - no notification. …
Unless you need to monitor a lot of remote systems, there is no reason to have to build another computer for such a simple task that theoretically PFsense could handle.
So you have 100+ clients to monitor as you've told us. Going to configure that 100 times. And monitor via email. Well good luck with that.
You obviously don't understand my point or read my posts. I said I have 100+ clients but none of them have PFsense yet, if ever.
And I said alert before the failure, just like it would do if it sent SMNP info. Using your distorted logic, a failure would be no good even with SMNP.
I am getting nowhere with this so I am locking the topic.
Thanks once again Dokornotor for your short sided opinions and no constructive solutions replies. You know, there are more ways than yours to solve a problem.