Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NRPEv2 check_pf

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sachaz
      last edited by

      Hi,

      I'm working to add monitoring on my loved PFSense firewall.
      NRPEv2 package is great but it's missing some specif PF features. I have tryed to add the check_pf indicator (https://github.com/kian/nagios-pf-plugin) but once compiled on FreeBSD 8.3, when I'm launching it on PFSense 2.1.3-RELEASE I got a:  "PF UNKNOWN - ioctl failed (DIOCGETSTATUS)"
      As I'm not a developper I've done a dirty thing doing nearly the same in sh:

      
      #!/bin/sh
      WARN="8000"
      CRIT="10000"
      STATES=`pfctl -si | grep "current entries" | awk '{ print $3 }'`
      LIMIT=`pfctl -sm | grep states | awk '{ print $4 }'`
      PERC=`echo "scale=2;$STATES*100/$LIMIT"|bc`
      
      if [ $STATES -lt $WARN ]; then
              MSG="OK"
              STATUS="0"
      elif [ $STATES -ge $CRIT ]; then
              MSG="CRITICAL"
              STATUS="2"
      elif [ $STATES -ge $WARN ]; then
              MSG="WARNING"
              STATUS="1"
      
      fi
      echo "PF $MSG - states: $STATES ( $PERC% - limit: $LIMIT) | states=$STATES;$WARN;$CRIT;0;$LIMIT"
      exit $STATUS
      
      

      Sacha.

      1 Reply Last reply Reply Quote 0
      • D
        dallash
        last edited by

        I know it has been a bit since Sacha posted this, but I made a couple of changes to the script. Instead of going off of states, the revised script instead alerts based on state table usage percentage (80 and 90). Thanks Sacha for the original post! – Dallas

        #!/bin/sh
        WARN="80"
        CRIT="90"
        STATES=pfctl -si | grep "current entries" | awk '{ print $3 }'
        LIMIT=pfctl -sm | grep states | awk '{ print $4 }'
        PERC=echo "$((($STATES*100)/$LIMIT))"|bc

        #echo $PERC

        if [ $PERC -lt $WARN ]; then
                MSG="OK"
                STATUS="0"
        elif [ $PERC -ge $CRIT ]; then
                MSG="CRITICAL"
                STATUS="2"
        elif [ $PERC -ge $WARN ]; then
                MSG="WARNING"
                STATUS="1"
        fi
        echo "$MSG - PF state table: $STATES ( $PERC% full - limit: $LIMIT) | states=$STATES;$WARN;$CRIT;0;$LIMIT"
        exit $STATUS

        1 Reply Last reply Reply Quote 0
        • S
          sachaz
          last edited by

          thanks for the hack

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.