Remote monitoring using iOS?



  • Hi,

    I like to be able to remotely monitor pfSense using a iOS device.
    I got a app that uses SSH and works with freeBSD but it's not working with pfSense :(

    Just now I found out that there's a third party app for linux to be used with iStats.
    I'm not able try to install this, so hope someone can help and try it themselves.

    And if it works post how to get it working…
    The linux app can be found here: https://github.com/tiwilliam/istatd
    Info about iStats can be found here: http://bjango.com/ios/istat/

    Thanks in advance


  • Netgate Administrator

    This will need updating for 2.0.1 but:
    http://geekness.eu/content/istat-pfsense-and-server-monitoring

    What was the other app. that didn't work?

    Steve



  • Hi Steve,

    I found that page to, but have no idea how to install that one.
    Can you may help with that ?
    BTW. I'm running the 2.1 beta.

    The other app was ServerMonitor
    https://itunes.apple.com/nl/app/servermonitor/id401491476?mt=8


  • Netgate Administrator

    If it works with FreeBSD it should work with pfSense. What didn't work about it?
    iStat looks like a better program though if one can get it running.  ;)
    It doesn't look too tricky. Just need to compile it on a FreeBSD machine (8.3 for pfSense 2.1) and rearrange some of the directories.
    It could even be a package with some extra effort. There are probably some security implications.

    Steve



  • @stephenw10:

    If it works with FreeBSD it should work with pfSense.

    That's what I thought :)

    @stephenw10:

    What didn't work about it?

    It's not loading anything, just keeps saying "connecting…"

    @stephenw10:

    iStat looks like a better program though if one can get it running.  ;)
    It doesn't look too tricky. Just need to compile it on a FreeBSD machine (8.3 for pfSense 2.1) and rearrange some of the directories.
    It could even be a package with some extra effort. There are probably some security implications.

    I have no idea how to do that, and I currently don't a extra machine here that I could use :(


  • Netgate Administrator

    Unfortunately I don't have an 8.3 install up at the moment. I could try compiling it on 8.1 (for 2.0.X). Also iStat does not run on my iphone. Too much fragmentation in IOS!  :P

    Steve


  • Netgate Administrator

    Hmm. OK it appears that istatd exists as a package for 8.3 so no compiling is necessary. The man page seems to have been added or modified  just today!
    http://www.freebsd.org/cgi/man.cgi?query=istatd&sektion=1&apropos=0&manpath=FreeBSD+Ports+9.0-RELEASE
    So you could try just installing it from the CLI:

    
    pkg_add -r istatd
    

    What pfSense install version are you running?

    Steve

    Edit: Actually there is also a package available for 8.1 but it must be hideously out of date.



  • I'm running 2.1-BETA0 (i386)
    built on Sat Nov 17 03:51:56 EST 2012
    FreeBSD 8.3-RELEASE-p4

    I did install it, and got a error that two files were not v. 3 or something. but files are newer so hope that's not a problem.

    I edited the config and executed: istatd [-c] [-a 172.16.32.1] [-p] [-d]

    On my iPhone I can open the stats, but the webConfigurator wil not work until I reboot the full machine :(
    Any tips ?


  • Netgate Administrator

    Sorry I meant are you running 'full install', embedded or nano? However I assume you are running full instll since you had no problem installing the package.

    It would be useful to have the exact install errors.

    So you are saying that after you edited the config file and started the daemon it worked as expected, you could see all the expected data on the phone?
    However once you had done that you could no longer access the pfSense WebGUI?
    When you rebooted pfSense the webgui was again available but iStats no longer functioned?

    Check the system log for errors. Check the php log for errors.
    What port is istatd listening on?
    What changes did you make to istat.conf?

    Steve



  • @stephenw10:

    It would be useful to have the exact install errors.

    I removed it and reinstalled it again to get the error again.

    
    $ pkg_add -r istatd
    tar: Failed to set default locale
    pkg_add: warning: package 'istatd-0.5.7' requires 'libiconv-1.13.1_2', but 'libiconv-1.14' is installed
    
    ================================================================================
    
    Please copy /usr/local/etc/istat.conf-dist to /usr/local/etc/istat.conf and 
    change necessary variables before starting the daemon.
    
    ================================================================================
    
    

    @stephenw10:

    So you are saying that after you edited the config file and started the daemon it worked as expected, you could see all the expected data on the phone?
    However once you had done that you could no longer access the pfSense WebGUI?
    When you rebooted pfSense the webgui was again available but iStats no longer functioned?

    Yes, it's working. got network traffic, load, uptime and more.
    But the the WebGUI keeps loading and nothing is happening.
    After a reboot (usimg SSH) the WebGUI worked but iStats did not.

    @stephenw10:

    What port is istatd listening on?
    What changes did you make to istat.conf?

    I sent a server code, and changed the network interface to correct one.
    Port is 5109 (default)

    @stephenw10:

    Check the system log for errors. Check the php log for errors.

    I started iStat at about 11:52
    Connected with iPhone for like a one minute and then uses ssh to reboot.

    System.log

    
    Nov 18 11:35:42 gateway php: /index.php: Successful login for user 'admin' from: 172.16.32.108
    Nov 18 11:35:42 gateway php: /index.php: Successful login for user 'admin' from: 172.16.32.108
    Nov 18 11:35:42 gateway sshlockout[5018]: sshlockout/webConfigurator v3.0 starting up
    Nov 18 11:54:51 gateway sshd[3427]: Accepted keyboard-interactive/pam for admin from 172.16.32.108 port 52714 ssh2
    Nov 18 11:54:57 gateway check_reload_status: Syncing firewall
    Nov 18 11:54:58 gateway php: : Stopping all packages.
    Nov 18 11:55:01 gateway shutdown: reboot by admin: 
    Nov 18 11:55:01 gateway shutdown: reboot by admin: 
    
    

    Where can I found the PHP log?
    I did find lighttpd.error.log but that is only showing the shutdown and startup.

    Richard


  • Netgate Administrator

    Hmm, did I imagine the php log? Perhaps from some other discussions about another OS? Possibly.  ::)

    The reason istat stops working after a reboot is that the daemon does not auto start at boot. The pkg includes an rc file (in /usr/local/etc/rc.d) but it probably isn't triggered. If you look at the file it is looking for a start flag set in a conf file. It's probably not appropriate in pfSense. You could modify the rc file to always start it instead.

    Have you tried restarting the webgui via the ssh menu when it isn't working?

    I have no idea why it stops. I could believe that installing istat restarts some critical process.

    After you have rebooted if you manually run istat again (without reinstalling it) does it break the webgui again?

    Steve



  • @stephenw10:

    Hmm, did I imagine the php log? Perhaps from some other discussions about another OS? Possibly.  ::)

    Hahahah

    @stephenw10:

    The reason istat stops working after a reboot is that the daemon does not auto start at boot. The pkg includes an rc file (in /usr/local/etc/rc.d) but it probably isn't triggered. If you look at the file it is looking for a start flag set in a conf file. It's probably not appropriate in pfSense. You could modify the rc file to always start it instead.

    That I did know, but I don't want to let it startup on boot if I can't access the webgui

    @stephenw10:

    Have you tried restarting the webgui via the ssh menu when it isn't working?

    First thing I did, or it will not shutdown, or is just stops after the start.

    @stephenw10:

    I have no idea why it stops. I could believe that installing istat restarts some critical process.

    After you have rebooted if you manually run istat again (without reinstalling it) does it break the webgui again?

    Steve

    Yes, if I start istat again after a reboot the webgui will not work.


  • Netgate Administrator

    @rcktboy:

    @stephenw10:

    Hmm, did I imagine the php log? Perhaps from some other discussions about another OS? Possibly.  ::)

    Hahahah

    Turns out I haven't lost it completely, yet. It's here: /tmp/PHP_errors.log

    Ok, so we've narrowed it down to the istatd process is preventing the webgui from being displayed for some reason. It's not related to the pkg install.
    If you kill istatd does the webgui become available?

    Presumably the box is still routing OK while istatd is running, it's not using all the resources for some reason?

    Steve



  • Here is all whats in PHP_errors.log

    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 49
    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 50
    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 51
    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 52
    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 53
    
    

    How can I kill istas using ssh? and I will try it.
    (Just kill istatd??)

    istat show's the CPU load and that is fine, also internet is up as fast as it should be :)


  • Netgate Administrator

    And is 10.56 a relevant time? Nothing at 11.52 as you mentioned earlier.

    Two ways to kill istatd.
    1. From the CLI, menu option 8, run 'top'. Press 'q' to quit.
    From there you will see the process number for istatd and you can stop it with 'kill 24675' or whatever the number is.
    2. Since there is only one process called istatd (unless something is wrong) you can kill it directly with 'killall istatd'.

    Steve



  • @stephenw10:

    And is 10.56 a relevant time? Nothing at 11.52 as you mentioned earlier.

    Not that I know of…

    @stephenw10:

    Two ways to kill istatd.
    1. From the CLI, menu option 8, run 'top'. Press 'q' to quit.
    From there you will see the process number for istatd and you can stop it with 'kill 24675' or whatever the number is.
    2. Since there is only one process called istatd (unless something is wrong) you can kill it directly with 'killall istatd'.

    Steve

    If I kill it, webgui will work and first time it showed.

    
    $ istatd [-c] [-a 172.16.32.1] [-p] [-d]
    Could not get disk data for '/home'. Device not found.
    
    

    If I command out that line, webgui is still not working after start istat

    Here is the full istat config

    
    #
    # /etc/istat.conf: Configuration for iStat server
    #
    
    #network_addr           127.16.32.1
    network_port           5109
    server_code              12345
    server_user              nobody
    server_group             nobody
    # server_socket          /tmp/istatd.sock
    server_pid               /var/run/istatd.pid
    cache_dir                /var/db/istatd
    
    # Note: Only support for one network interface, limited by client.
    monitor_net            ( re0 )
    
    # Array of disks to monitor. Specify mount path or device name.
    #monitor_disk             ( / /home )
    
    # Set to 1 if you want to use mount path as label instead of the device name.
    disk_mount_path_label    1
    
    # Try to probe the filesystem for disk label, will override the mount path label.
    disk_filesystem_label    1
    
    # Set custom disk label. Will override all other labels.
    # disk_rename_label        /dev/sda1  "root"
    # disk_rename_label        /home      "home"
    
    # End of file
    
    


  • @rcktboy:

    Here is all whats in PHP_errors.log

    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 49
    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 50
    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 51
    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 52
    [18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 53
    
    

    Those are "normal" messages that are spat out when the WebConfigurator is started at boot time.
    Coincidentally, these warnings have been fixed/removed by a recent commit a couple of days ago: https://github.com/bsdperimeter/pfsense/commit/73ebd062315c78bc64adff529ce3862d91ce2e4b
    If you are on a very recent 2.1 snapshot then you should find that /tmp/PHP_errors.txt does not even exist when bootup is finished - there are no warnings any more. The file is only created when the first PHP warning or error happens.


  • Netgate Administrator

    @rcktboy:

    #network_addr           127.16.32.1

    I assume this is a typo and you mean 172.16.32.1?

    If not that is conflicting with the address you are sending via the start command.
    Since the only thing you are specifying via the command line switches is the address, and that's in the config file anyway, you should be able to start it with simply 'istatd'.

    I don't think /home is a mount point, though I only have a Nano install of 2.0.1 to check against.

    Also your monitoring of / doesn't agree with your labeling of /dev/sda1 but since all the precedding options seem to overide each other it's hard to say what should happen there.

    Steve



  • Yes, thats a typo.

    But I tried something else…
    I did not execute the istat [-d] in the webgui
    but in the ssh console and istat runs AND the webgui is still working!

    Can I add the istat rule so it starts as startup somewhere?
    Or do I have to modify the rc file?


  • Netgate Administrator

    Ah that explains it! I didn't realise you were using the gui command tool.
    Yes you can't run a function there that does not finish. It will just cause a php process to wait endlessly and, as you found, kills the webgui. You can breakout of that by killing all the php processes, 'killall php'.

    Here is the file as put in place by the package:

    
    #!/bin/sh
    
    # PROVIDE: istatd
    # REQUIRE: LOGIN
    #
    # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
    # to enable this service:
    #
    # istatd_enable (bool):   Set to NO by default.
    #               Set it to YES to enable istatd.
    #
    
    . /etc/rc.subr
    
    name="istatd"
    rcvar=istatd_enable
    
    command=/usr/local/bin/${name}
    
    load_rc_config $name
    
    : ${istatd_enable="NO"}
    : ${istatd_config="/usr/local/etc/istat.conf"}
    
    command_args="-d -c $istatd_config"
    
    run_rc_command "$1"
    

    It expects you to add 'istatd_enable="YES"' to /etc/rc.conf. However in pfSense all the conf files in /etc are generated at boot by a series of scripts from settings in the pfSense config.xml file. Hence if you add that line it will be overwritten at boot. I'm unsure of the correct way to do this.  :-\

    Steve


  • Netgate Administrator

    You could do something crude, as I have in the past.
    Create a file called, say. istatd.sh in /usr/local/etc/rc.d and put in it:

    
    #!/bin/sh
    #
    #File to start istatd until a proper package is created.
    
    /usr/local/bin/istatd -c /usr/local/etc/istat.conf -d
    
    

    Set the file permissions so it can be executed. Cross your fingers and reboot.  ;)

    Steve



  • I googled and found this :)

    "Executing commands at boot time"

    The hidden config.xml option <shellcmd>will run the command specified towards the end of the boot process.
    Above the line, add a line such as the following:

    <shellcmd>mycommand -a -b -c 123</shellcmd>
    

    Where "mycommand -a -b -c 123" is the command to run. You can add multiple <shellcmd>lines to execute multiple commands. Save your changes and restore the modified configuration.</shellcmd></shellcmd>

    (source: http://doc.pfsense.org/index.php/Executing_commands_at_boot_time)

    Did that, rebooted and YAY, it works :)

    BIG thanks for your help! :)


  • Netgate Administrator

    Good call that's a better way to do it. Don't know why I didn't suggest that.  ::)

    Screenshots (from your phone) to encourage others to try it?

    Steve



  • Working on that :)

    Here is a iPhone 5 screenshot

    And here a iPad one


  • Netgate Administrator

    Nice.  :)

    Steve


Locked