check_pf - NRPE pf state count

From TykWiki
Jump to navigationJump to search

You can check the number of states in the pf firewall using Nagios and NRPE using this port:

$ cat /usr/ports/net-mgmt/nagios-pf-plugin/pkg-descr
check_pf is a plugin intended for use with the Nagios network
monitoring system.  This plugin checks the status of PF, the OpenBSD
packet filter, and compares the current state count to given or default
thresholds, returning the result.  It is written in C.


Configuring Nagios

First I define a new service on the Nagios server, in /usr/local/etc/nagios/objects/services.cfg:

define service{
        use                             generic-service
        hostgroup_name                  pf-servers
        service_description             pf-statecount
        check_command                   check_nrpe2!check_pf

I then add the hosts that I want to run this check on to the group pf-servers on the nagios server, which makes Nagios run the check check_nrpe2!check_pf on all members of the group.

Install the plugin

Install the port:

sudo portmaster /usr/ports/net-mgmt/nagios-pf-plugin/

And change the permissions on /dev/pf as the pkg-message suggests:

$ pkg_info -D -x nagios-pf-plugin
Information for nagios-pf-plugin-0.1:

Install notice:

check_pf has been installed to /usr/local/libexec/nagios/.

check_pf needs read permission to the pf(4) pseudo-device, i.e. /dev/pf.

Assuming check_pf will be run by user `nagios', the following will work:

        # chmod 640 /dev/pf
        # chgrp nagios /dev/pf

To make sure the change persists across reboots, add the following
to /etc/devfs.conf:

        # nrpe2/nagios needs to be able to read statistics
        own     pf    root:nagios
        perm    pf    0640

Please refer to the online documentation for additional information.

Configuring NRPE

Add the following line to /usr/local/etc/nrpe.cfg:


Remember to restart NRPE after changing the config:

sudo /usr/local/etc/rc.d/nrpe2 restart