This template monitors an IPFire appliance or instance
For Zabbix version: 6.0
Supports monitoring of:
- IPFire general stats (Number of current DHCPd clients)
- IPFire services (default IPFire services and possible Addon services)
- Pakfire status (Installed version, Available update(s))
- Network stats (Line quality, Open Connections, Firewall hits)
- OpenVPN clients and stats (OpenVPN client discovery, OpenVPN client properties, Traffic stats, Client/Server/CA Certificate validation)
Use in conjunction with a default Template OS Linux-template for CPU/Memory/Storage monitoring of the IPFire appliance/instance.
This template was created for:
- IPFire 2.29 - Core update 185
Warning: This template will NOT work on earlier versions of IPFire due to changes to the Zabbix Agent addon.
Robin Roevens
- Install and configure IPFire addon
zabbix_agentd
using Pakfire - Make sure the IPFire builtin specific userparameters are enabled in
/etc/zabbix_agentd/zabbix_agentd.conf
(which should be by default) - Copy
template_ipfire_services.conf
into the folder with Zabbix agent configuration (/etc/zabbix_agentd/zabbix_agentd.d/
on IPFire) - Copy
ipfire_services.pl
into the folder with Zabbix agent scripts (/etc/zabbix_agentd/scripts/
on IPFire) and make it executable for userroot
. - Unless you have your own custom sudoers config for zabbix; Copy
zabbix_agentd_user
into the folder with sudoers configuration (/etc/sudoers.d
) to allow Zabbix agent to runipfire_services.pl
as root user. Otherwise, make sure the contents ofzabbix_agentd_user
from this template are added to your custom/etc/sudoers.d/zabbix_agentd_user
file. - Restart Zabbix agent.
No specific Zabbix configuration is required
Name | Description | Default |
---|---|---|
{$IPFIRE.CONN.MAX.WARN} | Max percentage of max open connections used before triggering warning |
95 |
{$IPFIRE.CONN.MAX.RESOLVE} | Percentage of max open connections used before resolving trigger |
85 |
{$IPFIRE.FW_CHAIN.MATCHES} | Only discover firewall chains matching this regex |
^.*$ |
{$IPFIRE.FW_CHAIN.NOT_MATCHES} | Do not discover firewall chains matching this regex |
CHANGE_IF_NEEDED |
{$IPFIRE.SERVICE.TRIGGER} | Whether Zabbix needs to trigger when an IPFire service is down. This variable can be used with context to exclude specific services. |
1 |
{$IPFIRE.SERVICENAME.MATCHES} | All services matching this regex will be discovered |
^.*$ |
{$IPFIRE.SERVICENAME.NOT_MATCHES} | Services matching this regex will not be discovered |
CHANGE_IF_NEEDED |
{$IPFIRE.OVPN.COMMONNAME.MATCHES} | OpenVPN clients with common name matching this regex will be discovered |
^.*$ |
{$IPFIRE.OVPN.COMMONNAME.NOTMATCHES} | OpenVPN clients with common name matching this regex will not be discovered |
CHANGE_IF_NEEDED |
{$IPFIRE.OVPN.STATE.MATCHES} | OpenVPN clients with a state (on/off) matching this regex will be discovered. |
on |
{$IPFIRE.OVPN.CERT.EXPIRY.WARN} | Number of days until the OpenVPN server or CA certificate expires. |
7 |
This template does not 'detect' if you have manually disabled a service in IPFire, so by default it will alarm you when any service is down. This is done on purpose so that you will also be notified if a service is unintentionly disabled.
To disable the trigger for a specific service (because it is disabled or you just don't want notifications about that service) add a host macro {$IPFIRE.SERVICE.TRIGGER:"<service>"}
to the IPFire host and set it to 0
.
For example to disable the OpenVPN service trigger add {$IPFIRE.SERVICE.TRIGGER:"openvpn"}
to the host. Check the discovered IPFire service item-keys for the correct service-name of each service.
Or you could opt to use the variables {$IPFIRE.SERVICENAME.MATCHES}
and/or {$IPFIRE.SERVICENAME.NOT_MATCHES}
to filter out services
you don't want to be monitored at all.
This template is actually a set of 2 and includes a second template IPFire OpenVPN Client by Zabbix agent
specificaly for use by the OpenVPN Client discovery defined in the main template IPFire by Zabbix agent active
.
If the OpenVPN Service of the IPFire instance is enabled, the main template will discover any configured OpenVPN clients (see {$IPFIRE.OVPN.*}
macro's to set filters), create those as new hosts in Zabbix and link the IPFire OpenVPN Client by Zabbix agent
template to them.
Those client hosts will then start collecting OpenVPN statistics specific to those clients.
Alexander Koch for the app Pakfire template.
IPFire Team for the IPFire distro and for accepting my contributions to allow easier/better monitoring using Zabbix Agent.
Please report any issues with the template at https://github.com/RobinR1/zbx-template-ipfire/issues