Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Monitoring service status

    General pfSense Questions
    4
    31
    7607
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rct last edited by

      Hello,

      I would like to monitor services status with our Nagios/NRPE but I wonder which command launch to check, let's say, the captive portal.

      Does somebody knows how?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        If you can run a command line check, use:

        pfSsh.php playback svc status captiveportal 
        

        For example:

        : pfSsh.php playback svc status captiveportal thiszone
        
        Starting the pfSense developer shell....
        
        Service captiveportal is running.
        
        

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          rct last edited by

          Thanks for the reply!

          I don't know why but if launch the command I don't have the status.

          Example 1.

          pfSsh.php playback svc status captiveportal cpzone
          
          Starting the pfSense shell system...............
          
          Attempting to issue status to captiveportal service...
          
          

          Example 2.

          pfSsh.php playback svc status squid
          
          Starting the pfSense shell system...............
          
          Attempting to issue status to squid service...
          
          

          My pfSenses are 2.1.5 and the services are up.
          I tried to shutdown a service but the answer is the same.
          The script always exit with error code 0 (echo $?).

          Any idea?

          1 Reply Last reply Reply Quote 0
          • R
            rct last edited by

            I've found that there is no "status" action in /etc/phpshellsessions/svc
            Github shows that it has been introduced in 2.2 beta.

            Looks like I will have to wait for us to upgrade to 2.2 or do a ugly patch to svc (it should work I think)…

            Thank you for showing me the right file.

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              Yes, the status action only works on 2.2.

              You could take /etc/phpshellsessions/svc from a 2.2 box and use it on 2.1.5 though, the only changes were in that one file and I believe all the necessary supporting functions were there as well. Worth a shot.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • R
                rct last edited by

                Yes but i'm afraid it could break something for the next upgrade to 2.2.

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  overwriting that one file won't hurt anything.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • R
                    rct last edited by

                    OK thank you

                    1 Reply Last reply Reply Quote 0
                    • R
                      rct last edited by

                      I have setup those checks with Nagios and NRPE.

                      If it can help someone :

                      • Install NRPE via System>Packages
                      • Download the zipfile (http://www.filedropper.com/checkpfsvc). It contains 2 files : "check_pfsvc" which is the nagios plugin used by nrpe to do the services check and "svc" which is a pfSense 2.2 version of the file /etc/phpshellsessions/svc
                      • Transfer "check_pfsvc" in /usr/pbi/nrpe-amd64/libexec/nagios (it should be another location for 32b installations) and do a chmod 555 on it ; chown it to root and set the group to wheel
                      • If your pfSense version is <2.2 backup your /etc/phpshellsessions/svc and replace with the file provided in the archive

                      After that configure NRPE as you need. See nrpev2.png to see how i've configured it.


                      1 Reply Last reply Reply Quote 0
                      • R
                        rct last edited by

                        Hello,

                        I'm back because I've upgraded to latest pfsense release and my script does not work through NRPE but it works from root account through SSH.
                        I've tried to port it to sh script but it does not work. The error I catch from the nrpe launch of my script is /usr/pbi/nrpe-amd64/local/libexec/nagios/check_pfsvc: /usr/local/sbin/pfSsh.php: not found

                        Does someone has an idea why it does not work anymore?

                        1 Reply Last reply Reply Quote 0
                        • R
                          rct last edited by

                          No idea? I think it's a modification on rights or in the nrpe plugin but I can't find it.

                          1 Reply Last reply Reply Quote 0
                          • R
                            rocaembole last edited by

                            @rct:

                            I have setup those checks with Nagios and NRPE.

                            If it can help someone :

                            • Install NRPE via System>Packages
                            • Download the zipfile (http://www.filedropper.com/checkpfsvc). It contains 2 files : "check_pfsvc" which is the nagios plugin used by nrpe to do the services check and "svc" which is a pfSense 2.2 version of the file /etc/phpshellsessions/svc
                            • Transfer "check_pfsvc" in /usr/pbi/nrpe-amd64/libexec/nagios (it should be another location for 32b installations) and do a chmod 555 on it ; chown it to root and set the group to wheel
                            • If your pfSense version is <2.2 backup your /etc/phpshellsessions/svc and replace with the file provided in the archive

                            After that configure NRPE as you need. See nrpev2.png to see how i've configured it.

                            I can't download the zipfile =(

                            that link redirects me to filedropper.com

                            No Pain
                            No Gain

                            1 Reply Last reply Reply Quote 0
                            • R
                              rct last edited by

                              It doesn't work anymore on pfSense 2.2.x and I can't find why. Sorry.

                              1 Reply Last reply Reply Quote 0
                              • R
                                rocaembole last edited by

                                No problem, i need it for a pfSense 2.1-RELEASE

                                BTW: Anyone knows this package? https://exchange.nagios.org/directory/Plugins/Software/check_squid/details

                                check_squid

                                teorically it must be installed on Nagios Server (in my case, is a Ubuntu 14.04)

                                idk if this works properly because i can't run it. It says

                                Can't locate Nagios/Plugin.pm in @INC (you may need to install the Nagios::Plugin module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .)Can't locate Nagios/Plugin.pm in @INC (you may need to install the Nagios::Plugin module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .)

                                I know this isn't a Nagios forum, but just for share the experience

                                No Pain
                                No Gain

                                1 Reply Last reply Reply Quote 0
                                • R
                                  rct last edited by

                                  You can find the file attached to this message.

                                  check_pfsvc.zip

                                  1 Reply Last reply Reply Quote 0
                                  • R
                                    rocaembole last edited by

                                    @rct:

                                    You can find the file attached to this message.

                                    thanks, [hippie] i love you [/hippie]

                                    No Pain
                                    No Gain

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      rct last edited by

                                      For your Nagios issue I think you miss the perl lib that has been written as a "template" for creating nagios plugins (https://exchange.nagios.org/directory/Plugins/*-Plugin-Development-Tools/Nagios-3A-3APlugin/details).

                                      1 Reply Last reply Reply Quote 0
                                      • R
                                        rocaembole last edited by

                                        @rct:

                                        For your Nagios issue I think you miss the perl lib that has been written as a "template" for creating nagios plugins (https://exchange.nagios.org/directory/Plugins/*-Plugin-Development-Tools/Nagios-3A-3APlugin/details).

                                        i guess i need some more dependencies because when i run perl Makefile.PL this is what it shows:

                                        Warning: prerequisite Config::Tiny 0 not found.
                                        Warning: prerequisite Math::Calc::Units 0 not found.
                                        Warning: prerequisite Params::Validate 0 not found.
                                        Writing Makefile for Nagios::Plugin
                                        Writing MYMETA.yml and MYMETA.json
                                        
                                        

                                        i'll take a look to your file and follow your instructions to check squid & squidguard status for my pfsense

                                        Thank you for your attention

                                        No Pain
                                        No Gain

                                        1 Reply Last reply Reply Quote 0
                                        • R
                                          rct last edited by

                                          No problem! I hope it'll do the trick for you :)

                                          1 Reply Last reply Reply Quote 0
                                          • R
                                            rocaembole last edited by

                                            i've done all the configurations on pfsense side

                                            now i'm on my Nagios Server and i don't know how to add this checks on my status monitor

                                            here's my 'pfsense22.cg" file

                                            
                                            # A simple configuration file for monitoring the local host
                                            # This can serve as an example for configuring other servers;
                                            # Custom services specific to this host are added here, but services
                                            # defined in nagios2-common_services.cfg may also apply.
                                            # 
                                            
                                            define host{
                                                    use                     generic-host            ; Name of host template to use
                                                    host_name               pfsense22
                                                    alias                   virtualprana
                                                    address                 10.0.0.22
                                                    }
                                            
                                            # Define a service to check the disk space of the root partition
                                            # on the local machine.  Warning if < 20% free, critical if
                                            # < 10% free space on partition.
                                            
                                            define service{
                                                    use                             generic-service         ; Name of service template to use
                                                    host_name                       pfsense22
                                                    service_description             Disk Space
                                                    check_command                   check_all_disks!20%!10%
                                                    }
                                            
                                            # Define a service to check the number of currently logged in
                                            # users on the local machine.  Warning if > 20 users, critical
                                            # if > 50 users.
                                            
                                            define service{
                                                    use                             generic-service         ; Name of service template to use
                                                    host_name                       pfsense22
                                                    service_description             Current Users
                                                    check_command                   check_users!20!50
                                                    }
                                            
                                            # Define a service to check the number of currently running procs
                                            # on the local machine.  Warning if > 250 processes, critical if
                                            # > 400 processes.
                                            
                                            define service{
                                                    use                             generic-service         ; Name of service template to use
                                                    host_name                       pfsense22
                                                    service_description             Total Processes
                                            		check_command                   check_procs!250!400
                                            	}
                                            
                                            # Define a service to check the load on the local machine. 
                                            
                                            define service{
                                                    use                             generic-service         ; Name of service template to use
                                                    host_name                       pfsense22
                                                    service_description             Current Load
                                            		check_command                   check_load!5.0!4.0!3.0!10.0!6.0!4.0
                                                    }
                                            
                                            define service{
                                            	use				generic-service
                                            	host_name			pfsense22
                                            	service_description		Current Load
                                            		check_command		check_nrpe
                                            }
                                            
                                            # Define a service to check squid status
                                            
                                            

                                            No Pain
                                            No Gain

                                            1 Reply Last reply Reply Quote 0
                                            • R
                                              rct last edited by

                                              You can add the following to your file according you have setup a command named "check_squid_svc" in the NRPE package.

                                              define service {
                                                      use                            generic-service
                                                      host_name                      pfsense22
                                                      service_description            Squid service
                                                      check_command                  check_nrpe!check_squid_svc
                                              }

                                              1 Reply Last reply Reply Quote 0
                                              • R
                                                rocaembole last edited by

                                                thanks!

                                                it shows me an UNKNOWN state

                                                details:

                                                
                                                Current Status:	
                                                  UNKNOWN  
                                                 (for 0d 0h 25m 45s)
                                                Status Information:	(No output returned from plugin)
                                                NRPE Plugin for Nagios
                                                Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
                                                Version: 2.15
                                                Last Modified: 09-06-2013
                                                License: GPL v2 with exemptions (-l for more info)
                                                SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
                                                \nUsage: check_nrpe -H <host>[ -b <bindaddr>] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command></command>] [-a <arglist...>]
                                                \nOptions:
                                                -h = Print this short help.
                                                -l = Print licensing information.
                                                -n = Do no use SSL
                                                -u = Make socket timeouts return an UNKNOWN state instead of CRITICAL
                                                 <host>= The address of the host running the NRPE daemon
                                                 <bindaddr>= bind to local address
                                                -4 = user ipv4 only
                                                -6 = user ipv6 only
                                                [port] = The port on which the daemon is running (default=5666)
                                                [timeout] = Number of seconds before connection times out (default=10)
                                                [command] = The name of the command that the remote daemon should run
                                                [arglist] = Optional arguments that should be passed to the command. Multiple
                                                arguments should be separated by a space. If provided, this must be
                                                the last option supplied on the command line.
                                                \nNote:
                                                This plugin requires that you have the NRPE daemon running on the remote host.
                                                You must also have configured the daemon to associate a specific plugin command
                                                with the [command] option you are specifying here. Upon receipt of the
                                                [command] argument, the NRPE daemon will run the appropriate plugin command and
                                                send the plugin output and return code back to *this* plugin. This allows you
                                                to execute plugins on remote hosts and 'fake' the results to make Nagios think
                                                the plugin is being run locally.
                                                \n
                                                Performance Data:	
                                                Current Attempt:	4/4  (HARD state)
                                                Last Check Time:	2015-06-18 12:50:08
                                                Check Type:	ACTIVE
                                                Check Latency / Duration:	0.085 / 0.005 seconds
                                                Next Scheduled Check:  	2015-06-18 12:55:08
                                                Last State Change:	2015-06-18 12:27:08
                                                Last Notification:	2015-06-18 12:30:13 (notification 1)
                                                Is This Service Flapping?	
                                                  NO  
                                                 (5.72% state change)
                                                In Scheduled Downtime?	
                                                  NO  
                                                Last Update:	2015-06-18 12:52:53  ( 0d 0h 0m 0s ago)
                                                Active Checks:	
                                                  ENABLED  
                                                Passive Checks:	
                                                  ENABLED  
                                                Obsessing:	
                                                  ENABLED  
                                                Notifications:	
                                                  ENABLED  
                                                Event Handler:	
                                                  ENABLED  
                                                Flap Detection:	
                                                  ENABLED</bindaddr></host></arglist...></timeout></port></bindaddr></host> 
                                                

                                                No Pain
                                                No Gain

                                                1 Reply Last reply Reply Quote 0
                                                • R
                                                  rocaembole last edited by

                                                  NOW IS WORKING

                                                  TY V M

                                                  I'll nat some ports from some clients now.

                                                  Thanks for all, again

                                                  No Pain
                                                  No Gain

                                                  1 Reply Last reply Reply Quote 0
                                                  • R
                                                    rct last edited by

                                                    Ok glad it works for you  :)

                                                    1 Reply Last reply Reply Quote 0
                                                    • Y
                                                      ymolinet last edited by

                                                      Hi,

                                                      I'm trying to use your script on my pfsense 2.2.6.
                                                      In shell, it's working.
                                                      in nrpe, my remote server give me : Could not read output.
                                                      Another check on the pfsense using nrpe (check_load, …) are working as fine.

                                                      Any suggestions to fix this issue ?

                                                      Thanks,
                                                      Yannick

                                                      1 Reply Last reply Reply Quote 0
                                                      • R
                                                        rct last edited by

                                                        No sorry I've had the same problem when I have upgraded my pfSense and I haven't found a way to resolve this issue. :(

                                                        1 Reply Last reply Reply Quote 0
                                                        • Y
                                                          ymolinet last edited by

                                                          a short test with a bash script works as fine.
                                                          so it seems that the nagios account use by nrpe don't have rights to execute the php interpreter (/usr/local/bin/php).

                                                          1 Reply Last reply Reply Quote 0
                                                          • R
                                                            rct last edited by

                                                            I agree it seems to be a security constraint somewhere but I don't know Freebsd and I haven't found why…

                                                            If you try to launch
                                                            su -m nagios -c "/usr/pbi/nrpe-amd64/libexec/nagios/check_pfsvc squid"
                                                            it will work.

                                                            But if you launch it throught the nrpe daemon it won't work.
                                                            If edit the file to write dumb content (echo 'ok'; exit(0);) it will work.

                                                            From my tests it's the call to '/usr/local/sbin/pfSsh.php' that is blocked.

                                                            I've tried to launch /usr/local/sbin/pfSsh.php via a shell script configured as a nrpe command and it returns the error code 127 (http://tldp.org/LDP/abs/html/exitcodes.html ?).

                                                            I don't know how to debug further...

                                                            1 Reply Last reply Reply Quote 0
                                                            • Y
                                                              ymolinet last edited by

                                                              Yes, I have rewrite the script in shell and I have an error about "/usr/local/sbin/pfSsh.php not found".
                                                              so the user nagios has no sufficent right to invoke this command.

                                                              1 Reply Last reply Reply Quote 0
                                                              • R
                                                                rct last edited by

                                                                If you call your script
                                                                sudo -m nagios -c "/path/to/your/script"
                                                                I think it will work so it's more like if the nrpe service has not access to this file (may be it is jailed or there something else).

                                                                1 Reply Last reply Reply Quote 0
                                                                • Y
                                                                  ymolinet last edited by

                                                                  I think nagios account is jailed.

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • First post
                                                                    Last post