Last config change in shell



  • Does anyone know how to get the last config change (as seen on the system information widget on the dashboard) from the shell? Thanks!


  • LAYER 8 Global Moderator

    Option 15

    opt15.png



  • Ah ha! That does have what I want but where is that located so I can grep it from a shell script? Thanks!


  • LAYER 8 Global Moderator

    All of the configs are backed up here
    /cf/conf/backup

    So yeah I guess you could script something to restore a previous one..

    Having a hard time coming up with a use case for that..



  • Yeah, I'm trying to make use of the mailreport package for systems that dont have monitoring and/or syslog available. This happens with family and friends sometimes and looking at a report for 10 seconds can save me/someone from an "emergency" repair. (Heaven forbid we are without internet for a short time!) On the other hand if there was more than a few of these people I would ask for $20 for my birthday each year and just spin up a cloud server to throw it at. For now though this works and the line below adds a nice touch to the report, which is still a work in progress. I've been using bash for many years and it provides a lot more leniency with my commands.

    echo "Last config change:" && date -r `cat /cf/conf/backup/backup.cache | awk -F '[;:]' '{print $4}'`
    

  • LAYER 8 Global Moderator

    ah - that is nice.. So your not restoring it you just want to see it.. That makes sense..

    You never stated restore ;) For some reason that was was thinking..

    edit:
    Simpler solution - don't let your friends/family access to change anything on their pfsense, if you are going to have to be the one to fix it ;)

    You know that saying about enough monkeys banging on enough typewriters, that is users - problem is there is a lot of gibberish that comes out before you get shakespeare.. Users tend to just click on shit in a gui, much like a monkey.. Until something works ;) heheheh

    So best thing is if you don't want to waste a lot of paper and ink, and typewriters - best to not like the monkeys bang on them in the first place ;)



  • The monkeys are locked out but they can still cause a lot of trouble, haha. Actually, the cable companies cause the most trouble with connections that just stop working then people go unplugging things before calling the cable company because cable companies suck to deal with then who knows what the "support" person is going to have them do. One of the big reasons to use pfSense in these family/friend/home locations is that I can just say "nope, it's not the router" and have data to back that up if the cable company gives me trouble.

    This is the (very) rough little script that I wrote last night for mailreport to run gives me piece of mind that I am correct without having to log in to look. Also, as I am configured in the advanced > email settings I know that pfSense will email me if something really bad happens and this provides me with just a little extra.

    #!/usr/bin/env sh
    #The purpose of this script is to collect system information for use with mailreport package.
    #TODO: use regex for last config summary? .*\/[0-9]{10}\..* or .*\/[0-9]\{10\}\..*
    
    #Basic system summary
    cat /etc/platform /etc/version
    echo -n "Last config change: " ; date -r `cat /cf/conf/backup/backup.cache | awk -F '[;:]' '{print $4}'` && cat /cf/conf/backup/backup.cache | awk -F '["]' '{print $4}'
    echo
    echo "Summary" ; w
    echo
    echo "Memory" ; vmstat -ah
    echo
    echo "Disk" ; df -hl / /var/run
    
    #Optional troubleshooting information
    #echo
    #echo "Top CPU"
    #ps -auxf | head -1 && ps -auxf | sort -nr -k 3 | head -5
    #echo
    #echo "Top MEM"
    #ps -auxf | head -1 && ps -auxf | sort -nr -k 4 | head -5
    #echo
    #echo "Top TIME"
    #ps -auxf | head -1 && ps -auxf | sort -nr -k 10 | head -5
    
    #Additional logs
    echo
    [ -f /var/log/pfblockerng/error.log ] && echo "Log output: pfblockerng Errors (pfblockerng/error.log)" && tail -n 20 /var/log/pfblockerng/error.log
    echo
    

    Output looks like this followed by whatever logs you have mailreport attach. We will see how quickly the attached logs annoy me before I move them to the script so I can use grep for the date.

    bf3d8ee5-dc63-427c-b31b-ebf7e6526b0a-image.png

    If I get more than a few friends/family doing this then it's going in some monitoring system (or I block their number, ha!), but for now there are just two and it is manageable this way.

    Thanks for your help and listening to me rant!


  • LAYER 8 Global Moderator

    @ex1580 said in Last config change in shell:

    then people go unplugging things

    That is never good with something like pfsense.. Its not a soho router ;)



  • Well this got out of hand pretty fast, haha. At least it was a good learning experience. It's not easy to get memory stats out of this thing! I have not finished editing to make sure everything is perfect and portable but for now this works well on an sg-1100 which is the target system(s). On to the next project!

    #!/usr/bin/env sh
    #The purpose of this script is to collect system information for use with mailreport package.
    #TODO: See notes in comments - rounding memory calculations with bc 
    
    #Variables for searching logs
    datesearchclog="`date '+%b %e'`"
    datesearchpfb="`date '+%m/%d/%y'`"
    
    #Basic system summary
    cat /etc/platform /etc/version
    echo -n "Last config change: " ; date -r `awk -F '[;:]' '{print $4}' /cf/conf/backup/backup.cache` && awk -F '["]' '{print $4}' /cf/conf/backup/backup.cache
    echo
    echo "SUMMARY - See load avg last 1, 5, and 15 minutes" ; w
    
    #CPU utilization checking
    cpuload="`uptime | /usr/bin/sed 's/^.*: //'`"
    cpuload5="`echo $cpuload | awk -F '[. ]' '{print $3}'`"
    if [ "$cpuload5" -gt "1" ]; then
     echo "WARNING! 5 MIN CPU LOAD HIGH:" $cpuload5
     echo "Top CPU"
     ps -auxw | head -1 && ps -auxw | sort -nr -k 3 | head -5
     echo "Top TIME"
     ps -auxw | head -1 && ps -auxw | sort -nr -k 10 | head -5
    fi
    echo
    
    #MEM information and utilization checking
    #vmstat -ah
    top | head -4 | tail -1
    totalmem="`sysctl -n vm.stats.vm.v_page_count`"
    if [ "$totalmem" -gt "0" ]; then
     inactivemem="`sysctl -n vm.stats.vm.v_inactive_count`"
     cachedmem="`sysctl -n vm.stats.vm.v_cache_count`"
     freemem="`sysctl -n vm.stats.vm.v_free_count`"
     usedmem=`echo "$totalmem - ($inactivemem + $cachedmem + $freemem)" | bc`
     memusage=`echo "($usedmem * 100) / $totalmem" | bc` #round with bc?
     physmem=`sysctl -n hw.physmem`
     physmemh=`echo "$physmem / (1024*1024)" | bc` #round with bc?
     echo "Mem:" $memusage"% of" $physmemh"M used."
     if [ "$memusage" -gt "60" ]; then
      echo "WARNING! MEMORY USED HIGH:" $memusage"%" 
      echo "Top MEM"
      ps -auxw | head -1 && ps -auxw | sort -nr -k 4 | head -5
     fi
     else
      echo "ERROR READING MEM PAGE COUNT!"
    fi
    echo
    
    #DISK information and utilization checking
    df -hl / /var/run
    diskused="`df -h / | /usr/bin/tail -n 1 | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d '%' -f 1`"
    if [ "$diskused" -gt "60" ]; then
     echo "WARNING! PERCENT DISK USED HIGH on /:" $diskused"%" 
    fi
    echo
    
    #LOGS - provides more detail and filtering than mailreport package offers
    echo "Filtered Log Output"
    [ -f /var/log/pfblockerng/error.log ] && echo "Log output: pfblockerng Errors (pfblockerng/error.log)" && grep -e "$datesearchpfb" /var/log/pfblockerng/error.log && tail -n 20 #/var/log/pfblockerng/error.log ; echo
    echo
    [ -f /var/log/filter.log ] && echo "Log output: Firewall (raw) - Admin Interfaces GUEST (filter.log)" && clog /var/log/filter.log | grep -e "$datesearchclog" | egrep "1566350082" | tail -n 20
    echo
    [ -f /var/log/filter.log ] && echo "Log output: Firewall (raw) - Combined Blocklist (filter.log)" && clog /var/log/filter.log | grep -e "$datesearchclog" | egrep "1597881531|1597881664" | tail -n 20
    echo
    [ -f /var/log/filter.log ] && echo "Log output: Firewall (raw) - GeoIP Regions (filter.log)" && clog /var/log/filter.log | grep -e "$datesearchclog" | egrep "1599316667|1599316737" | tail -n 20
    echo
    [ -f /var/log/gateways.log ] && echo "Log output: Gateway Events (gateways.log)" && clog /var/log/gateways.log | grep -e "$datesearchclog" | tail -n 20
    echo
    [ -f /var/log/ntpd.log ] && echo "Log output: NTP (ntpd.log)" && clog /var/log/ntpd.log | grep -e "$datesearchclog" | tail -n 20
    echo
    [ -f /var/log/routing.log ] && echo "Log output: Routing (routing.log)" && clog /var/log/routing.log | grep -e "$datesearchclog" | tail -n 20
    echo
    [ -f /var/log/system.log ] && echo "Log output: System (system.log)" && clog /var/log/system.log | grep -e "$datesearchclog" | egrep "fail|emerg|alert|crit|err|warn" | tail -n 20
    echo
    [ -f /var/log/watchdogd.log ] && echo "Log output: watchdogd (watchdogd.log)" && clog /var/log/watchdogd.log | grep -e "$datesearchclog" | tail -n 20
    echo
    

Log in to reply