Remote monitoring using iOS?

Mellowlynx · Nov 17, 2012, 4:04 PM

Hi,

I like to be able to remotely monitor pfSense using a iOS device.
I got a app that uses SSH and works with freeBSD but it's not working with pfSense :(

Just now I found out that there's a third party app for linux to be used with iStats.
I'm not able try to install this, so hope someone can help and try it themselves.

And if it works post how to get it working…
The linux app can be found here: https://github.com/tiwilliam/istatd
Info about iStats can be found here: http://bjango.com/ios/istat/

Thanks in advance

stephenw10 · Nov 17, 2012, 4:20 PM

This will need updating for 2.0.1 but:
http://geekness.eu/content/istat-pfsense-and-server-monitoring

What was the other app. that didn't work?

Steve

Mellowlynx · Nov 17, 2012, 4:24 PM

Hi Steve,

I found that page to, but have no idea how to install that one.
Can you may help with that ?
BTW. I'm running the 2.1 beta.

The other app was ServerMonitor
https://itunes.apple.com/nl/app/servermonitor/id401491476?mt=8

stephenw10 · Nov 17, 2012, 4:55 PM

If it works with FreeBSD it should work with pfSense. What didn't work about it?
iStat looks like a better program though if one can get it running. ;)
It doesn't look too tricky. Just need to compile it on a FreeBSD machine (8.3 for pfSense 2.1) and rearrange some of the directories.
It could even be a package with some extra effort. There are probably some security implications.

Steve

Mellowlynx · Nov 17, 2012, 5:12 PM

@stephenw10:

If it works with FreeBSD it should work with pfSense.

That's what I thought :)

@stephenw10:

What didn't work about it?

It's not loading anything, just keeps saying "connecting…"

@stephenw10:

iStat looks like a better program though if one can get it running. ;)
It doesn't look too tricky. Just need to compile it on a FreeBSD machine (8.3 for pfSense 2.1) and rearrange some of the directories.
It could even be a package with some extra effort. There are probably some security implications.

I have no idea how to do that, and I currently don't a extra machine here that I could use :(

stephenw10 · Nov 17, 2012, 5:20 PM

Unfortunately I don't have an 8.3 install up at the moment. I could try compiling it on 8.1 (for 2.0.X). Also iStat does not run on my iphone. Too much fragmentation in IOS! :P

Steve

stephenw10 · Nov 17, 2012, 6:44 PM

Hmm. OK it appears that istatd exists as a package for 8.3 so no compiling is necessary. The man page seems to have been added or modified just today!
http://www.freebsd.org/cgi/man.cgi?query=istatd&sektion=1&apropos=0&manpath=FreeBSD+Ports+9.0-RELEASE
So you could try just installing it from the CLI:


pkg_add -r istatd

What pfSense install version are you running?

Steve

Edit: Actually there is also a package available for 8.1 but it must be hideously out of date.

Mellowlynx · Nov 17, 2012, 7:23 PM

I'm running 2.1-BETA0 (i386)
built on Sat Nov 17 03:51:56 EST 2012
FreeBSD 8.3-RELEASE-p4

I did install it, and got a error that two files were not v. 3 or something. but files are newer so hope that's not a problem.

I edited the config and executed: istatd [-c] [-a 172.16.32.1] [-p] [-d]

On my iPhone I can open the stats, but the webConfigurator wil not work until I reboot the full machine :(
Any tips ?

stephenw10 · Nov 18, 2012, 12:53 AM

Sorry I meant are you running 'full install', embedded or nano? However I assume you are running full instll since you had no problem installing the package.

It would be useful to have the exact install errors.

So you are saying that after you edited the config file and started the daemon it worked as expected, you could see all the expected data on the phone?
However once you had done that you could no longer access the pfSense WebGUI?
When you rebooted pfSense the webgui was again available but iStats no longer functioned?

Check the system log for errors. Check the php log for errors.
What port is istatd listening on?
What changes did you make to istat.conf?

Steve

Mellowlynx · Nov 18, 2012, 11:13 AM

@stephenw10:

It would be useful to have the exact install errors.

I removed it and reinstalled it again to get the error again.


$ pkg_add -r istatd
tar: Failed to set default locale
pkg_add: warning: package 'istatd-0.5.7' requires 'libiconv-1.13.1_2', but 'libiconv-1.14' is installed

================================================================================

Please copy /usr/local/etc/istat.conf-dist to /usr/local/etc/istat.conf and 
change necessary variables before starting the daemon.

================================================================================

@stephenw10:

So you are saying that after you edited the config file and started the daemon it worked as expected, you could see all the expected data on the phone?
However once you had done that you could no longer access the pfSense WebGUI?
When you rebooted pfSense the webgui was again available but iStats no longer functioned?

Yes, it's working. got network traffic, load, uptime and more.
But the the WebGUI keeps loading and nothing is happening.
After a reboot (usimg SSH) the WebGUI worked but iStats did not.

@stephenw10:

What port is istatd listening on?
What changes did you make to istat.conf?

I sent a server code, and changed the network interface to correct one.
Port is 5109 (default)

@stephenw10:

Check the system log for errors. Check the php log for errors.

I started iStat at about 11:52
Connected with iPhone for like a one minute and then uses ssh to reboot.

System.log


Nov 18 11:35:42 gateway php: /index.php: Successful login for user 'admin' from: 172.16.32.108
Nov 18 11:35:42 gateway php: /index.php: Successful login for user 'admin' from: 172.16.32.108
Nov 18 11:35:42 gateway sshlockout[5018]: sshlockout/webConfigurator v3.0 starting up
Nov 18 11:54:51 gateway sshd[3427]: Accepted keyboard-interactive/pam for admin from 172.16.32.108 port 52714 ssh2
Nov 18 11:54:57 gateway check_reload_status: Syncing firewall
Nov 18 11:54:58 gateway php: : Stopping all packages.
Nov 18 11:55:01 gateway shutdown: reboot by admin: 
Nov 18 11:55:01 gateway shutdown: reboot by admin:

Where can I found the PHP log?
I did find lighttpd.error.log but that is only showing the shutdown and startup.

Richard

stephenw10 · Nov 18, 2012, 12:12 PM

Hmm, did I imagine the php log? Perhaps from some other discussions about another OS? Possibly. ::)

The reason istat stops working after a reboot is that the daemon does not auto start at boot. The pkg includes an rc file (in /usr/local/etc/rc.d) but it probably isn't triggered. If you look at the file it is looking for a start flag set in a conf file. It's probably not appropriate in pfSense. You could modify the rc file to always start it instead.

Have you tried restarting the webgui via the ssh menu when it isn't working?

I have no idea why it stops. I could believe that installing istat restarts some critical process.

After you have rebooted if you manually run istat again (without reinstalling it) does it break the webgui again?

Steve

Mellowlynx · Nov 18, 2012, 12:18 PM

@stephenw10:

Hmm, did I imagine the php log? Perhaps from some other discussions about another OS? Possibly. ::)

Hahahah

@stephenw10:

The reason istat stops working after a reboot is that the daemon does not auto start at boot. The pkg includes an rc file (in /usr/local/etc/rc.d) but it probably isn't triggered. If you look at the file it is looking for a start flag set in a conf file. It's probably not appropriate in pfSense. You could modify the rc file to always start it instead.

That I did know, but I don't want to let it startup on boot if I can't access the webgui

@stephenw10:

Have you tried restarting the webgui via the ssh menu when it isn't working?

First thing I did, or it will not shutdown, or is just stops after the start.

@stephenw10:

I have no idea why it stops. I could believe that installing istat restarts some critical process.

After you have rebooted if you manually run istat again (without reinstalling it) does it break the webgui again?

Steve

Yes, if I start istat again after a reboot the webgui will not work.

stephenw10 · Nov 18, 2012, 12:29 PM

@rcktboy:

@stephenw10:

Hmm, did I imagine the php log? Perhaps from some other discussions about another OS? Possibly. ::)

Hahahah

Turns out I haven't lost it completely, yet. It's here: /tmp/PHP_errors.log

Ok, so we've narrowed it down to the istatd process is preventing the webgui from being displayed for some reason. It's not related to the pkg install.
If you kill istatd does the webgui become available?

Presumably the box is still routing OK while istatd is running, it's not using all the resources for some reason?

Steve

Mellowlynx · Nov 18, 2012, 12:39 PM

Here is all whats in PHP_errors.log

[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 49
[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 50
[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 51
[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 52
[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 53

How can I kill istas using ssh? and I will try it.
(Just kill istatd??)

istat show's the CPU load and that is fine, also internet is up as fast as it should be :)

stephenw10 · Nov 18, 2012, 12:41 PM

And is 10.56 a relevant time? Nothing at 11.52 as you mentioned earlier.

Two ways to kill istatd.
1. From the CLI, menu option 8, run 'top'. Press 'q' to quit.
From there you will see the process number for istatd and you can stop it with 'kill 24675' or whatever the number is.
2. Since there is only one process called istatd (unless something is wrong) you can kill it directly with 'killall istatd'.

Steve

Mellowlynx · Nov 18, 2012, 12:54 PM

@stephenw10:

And is 10.56 a relevant time? Nothing at 11.52 as you mentioned earlier.

Not that I know of…

@stephenw10:

Two ways to kill istatd.
1. From the CLI, menu option 8, run 'top'. Press 'q' to quit.
From there you will see the process number for istatd and you can stop it with 'kill 24675' or whatever the number is.
2. Since there is only one process called istatd (unless something is wrong) you can kill it directly with 'killall istatd'.

Steve

If I kill it, webgui will work and first time it showed.


$ istatd [-c] [-a 172.16.32.1] [-p] [-d]
Could not get disk data for '/home'. Device not found.

If I command out that line, webgui is still not working after start istat

Here is the full istat config


#
# /etc/istat.conf: Configuration for iStat server
#

#network_addr           127.16.32.1
network_port           5109
server_code              12345
server_user              nobody
server_group             nobody
# server_socket          /tmp/istatd.sock
server_pid               /var/run/istatd.pid
cache_dir                /var/db/istatd

# Note: Only support for one network interface, limited by client.
monitor_net            ( re0 )

# Array of disks to monitor. Specify mount path or device name.
#monitor_disk             ( / /home )

# Set to 1 if you want to use mount path as label instead of the device name.
disk_mount_path_label    1

# Try to probe the filesystem for disk label, will override the mount path label.
disk_filesystem_label    1

# Set custom disk label. Will override all other labels.
# disk_rename_label        /dev/sda1  "root"
# disk_rename_label        /home      "home"

# End of file

phil.davis · Nov 18, 2012, 1:15 PM

@rcktboy:

Here is all whats in PHP_errors.log

[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 49
[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 50
[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 51
[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 52
[18-Nov-2012 10:56:38 UTC] PHP Warning:  Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:212) in /usr/local/www/guiconfig.inc on line 53

Those are "normal" messages that are spat out when the WebConfigurator is started at boot time.
Coincidentally, these warnings have been fixed/removed by a recent commit a couple of days ago: https://github.com/bsdperimeter/pfsense/commit/73ebd062315c78bc64adff529ce3862d91ce2e4b
If you are on a very recent 2.1 snapshot then you should find that /tmp/PHP_errors.txt does not even exist when bootup is finished - there are no warnings any more. The file is only created when the first PHP warning or error happens.

stephenw10 · Nov 18, 2012, 1:18 PM

@rcktboy:

#network_addr 127.16.32.1

I assume this is a typo and you mean 172.16.32.1?

If not that is conflicting with the address you are sending via the start command.
Since the only thing you are specifying via the command line switches is the address, and that's in the config file anyway, you should be able to start it with simply 'istatd'.

I don't think /home is a mount point, though I only have a Nano install of 2.0.1 to check against.

Also your monitoring of / doesn't agree with your labeling of /dev/sda1 but since all the precedding options seem to overide each other it's hard to say what should happen there.

Steve

Mellowlynx · Nov 18, 2012, 1:30 PM

Yes, thats a typo.

But I tried something else…
I did not execute the istat [-d] in the webgui
but in the ssh console and istat runs AND the webgui is still working!

Can I add the istat rule so it starts as startup somewhere?
Or do I have to modify the rc file?

stephenw10 · Nov 18, 2012, 1:52 PM

Ah that explains it! I didn't realise you were using the gui command tool.
Yes you can't run a function there that does not finish. It will just cause a php process to wait endlessly and, as you found, kills the webgui. You can breakout of that by killing all the php processes, 'killall php'.

Here is the file as put in place by the package:


#!/bin/sh

# PROVIDE: istatd
# REQUIRE: LOGIN
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# istatd_enable (bool):   Set to NO by default.
#               Set it to YES to enable istatd.
#

. /etc/rc.subr

name="istatd"
rcvar=istatd_enable

command=/usr/local/bin/${name}

load_rc_config $name

: ${istatd_enable="NO"}
: ${istatd_config="/usr/local/etc/istat.conf"}

command_args="-d -c $istatd_config"

run_rc_command "$1"

It expects you to add 'istatd_enable="YES"' to /etc/rc.conf. However in pfSense all the conf files in /etc are generated at boot by a series of scripts from settings in the pfSense config.xml file. Hence if you add that line it will be overwritten at boot. I'm unsure of the correct way to do this. :-\

Steve