From patchwork Wed Feb 9 23:26:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 5137 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNl3wGkz3xfw for ; Wed, 9 Feb 2022 23:31:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNh6KJMz5Gg; Wed, 9 Feb 2022 23:31:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JvGNh5cpDz2ykC; Wed, 9 Feb 2022 23:31:32 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNd4Dwbz2yDs for ; Wed, 9 Feb 2022 23:31:29 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNd3Z18z3L8 for ; Wed, 9 Feb 2022 23:31:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 422CE8DC81 for ; Thu, 10 Feb 2022 00:31:29 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GV6ISNdW-_Vq for ; Thu, 10 Feb 2022 00:31:28 +0100 (CET) Received: from chojin.sicho.home (amaterasu.sicho.home [192.168.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 7B2A1EF73; Thu, 10 Feb 2022 00:30:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1644449484; bh=L59Gxnf5zFP1bUCUfoVPLfG7XdFXnLxsGYWSWot/n9o=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=MlHStZtC/IXaGKT20mzJSYFlCRTNIyrTUwmnSzjDhqArPJEUUUak8ayzfHNGe0PnM i+KrrE4TW2tjQp62V/yNzmjvToDWUsugYx3X9WAsDR2JJQzuNEMYj2iexeXqnlg0uR +FJojXMf1p7zhCslu6gTY4+X1RFJ3ScbMTPXTE9s11HetqyODDJH2MtEO1Ocm/5QoD UBaMSuh8lw4gYRdDUxKP4HbCOBuI86hKXEKFOv9T3dzp1OuZyc7/wyqKfilvS35zBT Q1va1/j4FyPQ9JppULCabVKYbMUAJfp1+g6ocuS3WhtSoAKPsZYaZ7m/2zP2Ds1Hqb DHf5IXF2i/pQA== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH v3 5/5] zabbix_agentd: Add IPFire specific userparameters Date: Thu, 10 Feb 2022 00:26:31 +0100 Message-Id: <20220209232631.14673-6-robin.roevens@disroot.org> In-Reply-To: <20220209232631.14673-1-robin.roevens@disroot.org> References: <20220209232631.14673-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-sicho-MailScanner-ID: 7B2A1EF73.A8A80 X-sicho-MailScanner: Found to be clean X-sicho-MailScanner-From: robin.roevens@disroot.org X-sicho-MailScanner-Watermark: 1645054253.8882@d9N9BYArRUUvvlU3MB5bJA ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1644449489; a=rsa-sha256; cv=none; b=NCO3/4IHUYOt/Z2UVgZ74XpepulYqw70TLOo+Ux379mQ5NP2jPu0/O4oRTl2iuNPny3S36 9c6YDPVVHi8fdoVxYFRDe/ugaX+21k8jyF3IZw48gUKLDXC51/r5RMjcN4tdBNZB75NehV jCF8sQBAqF4JEGXMNPVqXm+sl7NVyheOty11TnVwY66v1oaEfRlX/cjQFdgyWgPoaKBkOy hglfgqIMDoGgYxCQ11hVTli6NNSjvSINcskGr2AE4ebxNMCvc3uXkYo56ltLycNGKE+Q36 1lmcTjFjm8nSdJ1IPX7NJZKEbV+v7elbQVQLlqRuPDqwFR+/6bAxdFWUiDW82w== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=MlHStZtC; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1644449489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hsyLHdMOThM39VKa0R3DTCHBS5elt4IURjVERJun3Jc=; b=m+sZUyGj2jxCJ6AJBC9Yb/3Cn0J8WOeucr/QBlXtrixLMUKkGqUadhwIytXMuXd3q2aoO4 WGTAadZ8jt6jhCN3iTFcy3e91EB2s/pv2wJUi6/eelpnXZ62RS28W4RfvWjKNDedb8LnLs 4VLTozzKpz8c//5G4Lxav4Jkbwodcv7uUvDRU4nkzMDpDryYRbAII3qvqM/N7R5RgElIc9 IUhHdwz9nBZ2LYlQiRxnH84YlZo214Hy59Tfma5lBEM0egsuUvWg2cEGcB44ZaNVeU1OEi U5mnXDtJkdUqPpckGm+TZUqasgK/UK/LEKQMwajo4Dox0VSs2k0IeZFwVfUfww== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=MlHStZtC; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-4.83 / 11.00]; BAYES_HAM(-3.00)[99.99%]; IP_REPUTATION_HAM(-1.12)[asn: 50673(-0.32), country: NL(-0.01), ip: 178.21.23.139(-0.80)]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.99)[-0.995]; SPF_REPUTATION_HAM(-0.70)[-0.70437930609794]; MV_CASE(0.50)[]; R_MISSING_CHARSET(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; R_SPF_ALLOW(-0.20)[+a:c]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; TO_DN_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4JvGNd3Z18z3L8 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Provide IPFire specific items for the Zabbix server to monitor: - ipfire.net.gateway.pingtime: Internet Line Quality - ipfire.net.gateway.ping: Internet connection - ipfire.net.fw.hits.raw: JSON formatted list of Firewall hits/chain - ipfire.dhcpd.clients: Number of active DHCP leases - ipfire.captive.clients: Number of Captive Portal clients Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 1 + config/zabbix_agentd/sudoers | 2 +- config/zabbix_agentd/userparameter_ipfire.conf | 18 ++++++++++++++++++ lfs/zabbix_agentd | 5 ++++- src/paks/zabbix_agentd/uninstall.sh | 2 +- 5 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 config/zabbix_agentd/userparameter_ipfire.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 6f7090fe7..fc62217f2 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -6,6 +6,7 @@ etc/zabbix_agentd/scripts etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew etc/zabbix_agentd/zabbix_agentd.d etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf +etc/zabbix_agentd/zabbix_agentd.d/userparameter_ipfire.conf usr/bin/zabbix_get usr/bin/zabbix_sender #usr/lib/modules diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 1b362a4fd..c73a95667 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -14,4 +14,4 @@ # Append / edit the following list of commands to fit your needs: # Defaults:zabbix !requiretty -zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status +zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf new file mode 100644 index 000000000..88f5447e7 --- /dev/null +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -0,0 +1,18 @@ +# IPFire specific configuration file +# +# +# DO NOT MODIFY - Changes will be overwritten when zabbix_agentd addon is +# updated. +# +# Parameters for monitoring IPFire specific metrics +# +# Internet Gateway ping timings, can be used to measure "Internet Line Quality" +UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 +# Internet Gateway availability, can be used to check Internet connection +UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? ]; echo $? +# Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain +UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "\/\* DROP_.* \*\/$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{\"chain\": \"%s\", \"bytes\": \"%s\"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }' +# Number of currently Active DHCP leases +UserParameter=ipfire.dhcpd.clients,grep -s -E 'lease|bind' /var/state/dhcp/dhcpd.leases | sed ':a;/{$/{N;s/\n//;ba}' | grep "state active" | wc -l +# Number of Captive Portal clients +UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients \ No newline at end of file diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index dae59fe48..f909b8faa 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -33,7 +33,8 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd PAK_VER = 5 -DEPS = + +DEPS = fping ############################################################################### # Top-level Rules @@ -97,6 +98,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \ /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ipfire.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/userparameter_ipfire.conf # Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uninstall.sh index 0770b40f1..f87ef8c17 100644 --- a/src/paks/zabbix_agentd/uninstall.sh +++ b/src/paks/zabbix_agentd/uninstall.sh @@ -27,7 +27,7 @@ stop_service ${NAME} # Remove .ipfirenew files in advance so they won't be included in backup rm -rfv /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew /etc/sudoers.d/zabbix.ipfirenew # Remove IPFire provided userparameter config files in advance -rm -rfv /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf +rm -rfv /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf /etc/zabbix_agentd/zabbix_agentd.d/userparameter_ipfire.conf make_backup ${NAME} remove_files