yzl
93958d0fb0
|
1 year ago | |
---|---|---|
.. | ||
README.md | 1 year ago | |
template_app_pfsense_snmp.yaml | 1 year ago |
README.md
PFSense by SNMP
Overview
Template for monitoring pfSense by SNMP
Requirements
Zabbix version: 7.0 and higher.
Tested versions
This template has been tested on:
- pfSense 2.5.0, 2.5.1, 2.5.2
Configuration
Zabbix should be configured according to the instructions in the Templates out of the box section.
Setup
- Import template into Zabbix
- Enable SNMP daemon at Services in pfSense web interface https://docs.netgate.com/pfsense/en/latest/services/snmp.html
- Setup firewall rule to get access from Zabbix proxy or Zabbix server by SNMP https://docs.netgate.com/pfsense/en/latest/firewall/index.html#managing-firewall-rules
- Link template to the host
Macros used
Name | Description | Default |
---|---|---|
{$IF.ERRORS.WARN} | Threshold of error packets rate for warning trigger. Can be used with interface name as context. |
2 |
{$IF.UTIL.MAX} | Threshold of interface bandwidth utilization for warning trigger in %. Can be used with interface name as context. |
90 |
{$IFCONTROL} | Macro for operational state of the interface for link down trigger. Can be used with interface name as context. |
1 |
{$NET.IF.IFADMINSTATUS.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
^.* |
{$NET.IF.IFADMINSTATUS.NOT_MATCHES} | Ignore down(2) administrative status. |
^2$ |
{$NET.IF.IFALIAS.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
.* |
{$NET.IF.IFALIAS.NOT_MATCHES} | This macro is used in filters of network interfaces discovery rule. |
CHANGE_IF_NEEDED |
{$NET.IF.IFDESCR.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
.* |
{$NET.IF.IFDESCR.NOT_MATCHES} | This macro is used in filters of network interfaces discovery rule. |
CHANGE_IF_NEEDED |
{$NET.IF.IFNAME.NOT_MATCHES} | This macro is used in filters of network interfaces discovery rule. |
(^pflog[0-9.]*$|^pfsync[0-9.]*$) |
{$NET.IF.IFOPERSTATUS.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
^.*$ |
{$NET.IF.IFOPERSTATUS.NOT_MATCHES} | Ignore notPresent(6). |
^6$ |
{$NET.IF.IFTYPE.MATCHES} | This macro is used in filters of network interfaces discovery rule. |
.* |
{$NET.IF.IFTYPE.NOT_MATCHES} | This macro is used in filters of network interfaces discovery rule. |
CHANGE_IF_NEEDED |
{$SNMP.TIMEOUT} | The time interval for SNMP availability trigger. |
5m |
{$STATE.TABLE.UTIL.MAX} | Threshold of state table utilization trigger in %. |
90 |
{$SOURCE.TRACKING.TABLE.UTIL.MAX} | Threshold of source tracking table utilization trigger in %. |
90 |
Items
Name | Description | Type | Key and additional info |
---|---|---|---|
PFSense: SNMP agent availability | Availability of SNMP checks on the host. The value of this item corresponds to availability icons in the host list. Possible value: 0 - not available 1 - available 2 - unknown |
Zabbix internal | zabbix[host,snmp,available] |
PFSense: Packet filter running status | MIB: BEGEMOT-PF-MIB True if packet filter is currently enabled. |
SNMP agent | pfsense.pf.status |
PFSense: States table current | MIB: BEGEMOT-PF-MIB Number of entries in the state table. |
SNMP agent | pfsense.state.table.count |
PFSense: States table limit | MIB: BEGEMOT-PF-MIB Maximum number of 'keep state' rules in the ruleset. |
SNMP agent | pfsense.state.table.limit |
PFSense: States table utilization in % | Utilization of state table in %. |
Calculated | pfsense.state.table.pused |
PFSense: Source tracking table current | MIB: BEGEMOT-PF-MIB Number of entries in the source tracking table. |
SNMP agent | pfsense.source.tracking.table.count |
PFSense: Source tracking table limit | MIB: BEGEMOT-PF-MIB Maximum number of 'sticky-address' or 'source-track' rules in the ruleset. |
SNMP agent | pfsense.source.tracking.table.limit |
PFSense: Source tracking table utilization in % | Utilization of source tracking table in %. |
Calculated | pfsense.source.tracking.table.pused |
PFSense: DHCP server status | MIB: HOST-RESOURCES-MIB The status of DHCP server process. |
SNMP agent | pfsense.dhcpd.status Preprocessing
|
PFSense: DNS server status | MIB: HOST-RESOURCES-MIB The status of DNS server process. |
SNMP agent | pfsense.dns.status Preprocessing
|
PFSense: State of nginx process | MIB: HOST-RESOURCES-MIB The status of nginx process. |
SNMP agent | pfsense.nginx.status Preprocessing
|
PFSense: Packets matched a filter rule | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
SNMP agent | pfsense.packets.match Preprocessing
|
PFSense: Packets with bad offset | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
SNMP agent | pfsense.packets.bad.offset Preprocessing
|
PFSense: Fragmented packets | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
SNMP agent | pfsense.packets.fragment Preprocessing
|
PFSense: Short packets | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
SNMP agent | pfsense.packets.short Preprocessing
|
PFSense: Normalized packets | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
SNMP agent | pfsense.packets.normalize Preprocessing
|
PFSense: Packets dropped due to memory limitation | MIB: BEGEMOT-PF-MIB True if the packet was logged with the specified packet filter reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory. |
SNMP agent | pfsense.packets.mem.drop Preprocessing
|
PFSense: Firewall rules count | MIB: BEGEMOT-PF-MIB The number of labeled filter rules on this system. |
SNMP agent | pfsense.rules.count |
Triggers
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
PFSense: No SNMP data collection | SNMP is not available for polling. Please check device connectivity and SNMP settings. |
max(/PFSense by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0 |
Warning | |
PFSense: Packet filter is not running | Please check PF status. |
last(/PFSense by SNMP/pfsense.pf.status)<>1 |
High | |
PFSense: State table usage is high | Please check the number of connections https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#config-advanced-firewall-maxstates |
min(/PFSense by SNMP/pfsense.state.table.pused,#3)>{$STATE.TABLE.UTIL.MAX} |
Warning | |
PFSense: Source tracking table usage is high | Please check the number of sticky connections https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-states-sources.html |
min(/PFSense by SNMP/pfsense.source.tracking.table.pused,#3)>{$SOURCE.TRACKING.TABLE.UTIL.MAX} |
Warning | |
PFSense: DHCP server is not running | Please check DHCP server settings https://docs.netgate.com/pfsense/en/latest/services/dhcp/index.html |
last(/PFSense by SNMP/pfsense.dhcpd.status)=0 |
Average | |
PFSense: DNS server is not running | Please check DNS server settings https://docs.netgate.com/pfsense/en/latest/services/dns/index.html |
last(/PFSense by SNMP/pfsense.dns.status)=0 |
Average | |
PFSense: Web server is not running | Please check nginx service status. |
last(/PFSense by SNMP/pfsense.nginx.status)=0 |
Average |
LLD rule Network interfaces discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Network interfaces discovery | Discovering interfaces from IF-MIB. |
SNMP agent | pfsense.net.if.discovery |
Item prototypes for Network interfaces discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound packets discarded | MIB: IF-MIB The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
SNMP agent | net.if.in.discards[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound packets with errors | MIB: IF-MIB For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
SNMP agent | net.if.in.errors[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Bits received | MIB: IF-MIB The total number of octets received on the interface, including framing characters. This object is a 64-bit version of ifInOctets. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
SNMP agent | net.if.in[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound packets discarded | MIB: IF-MIB The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
SNMP agent | net.if.out.discards[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound packets with errors | MIB: IF-MIB For packet-oriented interfaces, the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
SNMP agent | net.if.out.errors[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Bits sent | MIB: IF-MIB The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of ifOutOctets.Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. |
SNMP agent | net.if.out[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Speed | MIB: IF-MIB An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of |
SNMP agent | net.if.speed[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Operational status | MIB: IF-MIB The current operational state of the interface. - The testing(3) state indicates that no operational packet scan be passed - If ifAdminStatus is down(2) then ifOperStatus should be down(2) - If ifAdminStatus is changed to up(1) then ifOperStatus should change to up(1) if the interface is ready to transmit and receive network traffic - It should change todormant(5) if the interface is waiting for external actions (such as a serial line waiting for an incoming connection) - It should remain in the down(2) state if and only if there is a fault that prevents it from going to the up(1) state - It should remain in the notPresent(6) state if the interface has missing(typically, hardware) components. |
SNMP agent | net.if.status[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Interface type | MIB: IF-MIB The type of interface. Additional values for ifType are assigned by the Internet Assigned Numbers Authority (IANA), through updating the syntax of the IANAifType textual convention. |
SNMP agent | net.if.type[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Rules references count | MIB: BEGEMOT-PF-MIB The number of rules referencing this interface. |
SNMP agent | net.if.rules.refs[{#SNMPINDEX}] |
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv4 traffic passed | MIB: BEGEMOT-PF-MIB IPv4 bits per second passed coming in on this interface. |
SNMP agent | net.if.in.pass.v4.bps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv4 traffic blocked | MIB: BEGEMOT-PF-MIB IPv4 bits per second blocked coming in on this interface. |
SNMP agent | net.if.in.block.v4.bps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv4 traffic passed | MIB: BEGEMOT-PF-MIB IPv4 bits per second passed going out on this interface. |
SNMP agent | net.if.out.pass.v4.bps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv4 traffic blocked | MIB: BEGEMOT-PF-MIB IPv4 bits per second blocked going out on this interface. |
SNMP agent | net.if.out.block.v4.bps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv4 packets passed | MIB: BEGEMOT-PF-MIB The number of IPv4 packets passed coming in on this interface. |
SNMP agent | net.if.in.pass.v4.pps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv4 packets blocked | MIB: BEGEMOT-PF-MIB The number of IPv4 packets blocked coming in on this interface. |
SNMP agent | net.if.in.block.v4.pps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv4 packets passed | MIB: BEGEMOT-PF-MIB The number of IPv4 packets passed going out on this interface. |
SNMP agent | net.if.out.pass.v4.pps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv4 packets blocked | MIB: BEGEMOT-PF-MIB The number of IPv4 packets blocked going out on this interface. |
SNMP agent | net.if.out.block.v4.pps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv6 traffic passed | MIB: BEGEMOT-PF-MIB IPv6 bits per second passed coming in on this interface. |
SNMP agent | net.if.in.pass.v6.bps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv6 traffic blocked | MIB: BEGEMOT-PF-MIB IPv6 bits per second blocked coming in on this interface. |
SNMP agent | net.if.in.block.v6.bps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv6 traffic passed | MIB: BEGEMOT-PF-MIB IPv6 bits per second passed going out on this interface. |
SNMP agent | net.if.out.pass.v6.bps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv6 traffic blocked | MIB: BEGEMOT-PF-MIB IPv6 bits per second blocked going out on this interface. |
SNMP agent | net.if.out.block.v6.bps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv6 packets passed | MIB: BEGEMOT-PF-MIB The number of IPv6 packets passed coming in on this interface. |
SNMP agent | net.if.in.pass.v6.pps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Inbound IPv6 packets blocked | MIB: BEGEMOT-PF-MIB The number of IPv6 packets blocked coming in on this interface. |
SNMP agent | net.if.in.block.v6.pps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv6 packets passed | MIB: BEGEMOT-PF-MIB The number of IPv6 packets passed going out on this interface. |
SNMP agent | net.if.out.pass.v6.pps[{#SNMPINDEX}] Preprocessing
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Outbound IPv6 packets blocked | MIB: BEGEMOT-PF-MIB The number of IPv6 packets blocked going out on this interface. |
SNMP agent | net.if.out.block.v6.pps[{#SNMPINDEX}] Preprocessing
|
Trigger prototypes for Network interfaces discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: High input error rate | It recovers when it is below 80% of the |
min(/PFSense by SNMP/net.if.in.errors[{#SNMPINDEX}],5m)>{$IF.ERRORS.WARN:"{#IFNAME}"} |
Warning | Depends on:
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: High inbound bandwidth usage | The utilization of the network interface is close to its estimated maximum bandwidth. |
(avg(/PFSense by SNMP/net.if.in[{#SNMPINDEX}],15m)>({$IF.UTIL.MAX:"{#IFNAME}"}/100)*last(/PFSense by SNMP/net.if.speed[{#SNMPINDEX}])) and last(/PFSense by SNMP/net.if.speed[{#SNMPINDEX}])>0 |
Warning | Depends on:
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: High output error rate | It recovers when it is below 80% of the |
min(/PFSense by SNMP/net.if.out.errors[{#SNMPINDEX}],5m)>{$IF.ERRORS.WARN:"{#IFNAME}"} |
Warning | Depends on:
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: High outbound bandwidth usage | The utilization of the network interface is close to its estimated maximum bandwidth. |
(avg(/PFSense by SNMP/net.if.out[{#SNMPINDEX}],15m)>({$IF.UTIL.MAX:"{#IFNAME}"}/100)*last(/PFSense by SNMP/net.if.speed[{#SNMPINDEX}])) and last(/PFSense by SNMP/net.if.speed[{#SNMPINDEX}])>0 |
Warning | Depends on:
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Ethernet has changed to lower speed than it was before | This Ethernet connection has transitioned down from its known maximum speed. This might be a sign of autonegotiation issues. Acknowledge to close the problem manually. |
change(/PFSense by SNMP/net.if.speed[{#SNMPINDEX}])<0 and last(/PFSense by SNMP/net.if.speed[{#SNMPINDEX}])>0 and ( last(/PFSense by SNMP/net.if.type[{#SNMPINDEX}])=6 or last(/PFSense by SNMP/net.if.type[{#SNMPINDEX}])=7 or last(/PFSense by SNMP/net.if.type[{#SNMPINDEX}])=11 or last(/PFSense by SNMP/net.if.type[{#SNMPINDEX}])=62 or last(/PFSense by SNMP/net.if.type[{#SNMPINDEX}])=69 or last(/PFSense by SNMP/net.if.type[{#SNMPINDEX}])=117 ) and (last(/PFSense by SNMP/net.if.status[{#SNMPINDEX}])<>2) |
Info | Depends on:
|
PFSense: Interface [{#IFNAME}({#IFALIAS})]: Link down | This trigger expression works as follows: |
{$IFCONTROL:"{#IFNAME}"}=1 and (last(/PFSense by SNMP/net.if.status[{#SNMPINDEX}])=2) |
Average |
Feedback
Please report any issues with the template at https://support.zabbix.com
You can also provide feedback, discuss the template, or ask for help at ZABBIX forums