read pfSense notifcations over cli
-
Hi,
is it possible to extract/read the pfSense alerts/notifications over command line? I want to monitor these, but I don't want to get mails. I need these alerts in my regular monitoring (Check_MK). I could write a check myself, if I could read the alerts somehow from the cli. Another possibiltiy would be an SNMP Trap.
regards,
Christian -
You can enable notifications via smtp in Sys > Adv > Notifiocations.
I've never used this myself but you could do something like:
[2.6.0-DEVELOPMENT][admin@26dev.stevew.lan]/root: php -r 'require_once("notices.inc"); print_r(get_notices()); close_notice("all");' Array ( [1634054531] => Array ( [id] => filter_load [notice] => There were error(s) loading the rules: /tmp/rules.debug:79: could not parse host specification - The line in question reads [79]: rdr on vtnet0 inet6 proto tcp from any to ::1921681010 port 45678 -> ::10:0001 [url] => [category] => Filter Reload [priority] => 1 ) )
Steve
-
@stephenw10 said in read pfSense notifcations over cli:
I've never used this myself but you could do something like:
[2.6.0-DEVELOPMENT][admin@26dev.stevew.lan]/root: php -r 'require_once("notices.inc"); print_r(get_notices()); close_notice("all");'
wow, that's simple.
This is a working Check_MK local check for pfSense
#! /usr/bin/env php <?php require_once("notices.inc"); define("CHECKNAME", "pfSense_ALERTS"); $notices = get_notices(); if( $notices === false ) { echo "0 " . CHECKNAME . " - no alerts found" . PHP_EOL ; } else { $count = count($notices); echo "2 " . CHECKNAME . " - " . $count . " alert(s) detected: "; $maxthreemessages = array_column(array_slice($notices, 0, 3), 'notice'); if( $count> 3 ) { array_push($maxthreemessages, '...'); } echo implode(",", $maxthreemessages); echo PHP_EOL ; }
[edit: removed bug in code]
resulting in
[root@fw-unitymedia /opt/check_mk/lib/local]# ./pfsense_alerts.php 2 pfSense_ALERTS - 1 alert(s) detected: test
or
This is exactly, what I needed
thank you a lot
Christian -
Nice.