diff --git a/Network_Appliances/template_ipfire/6.0/README.md b/Network_Appliances/template_ipfire/6.0/README.md
new file mode 100644
index 000000000..7104450a5
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.0/README.md
@@ -0,0 +1,76 @@
+# IPFire by Zabbix Agent Active
+
+## Description
+
+This template monitors an [IPFire](https://www.ipfire.org/) [appliance](https://www.lightningwirelabs.com/products/ipfire/appliances) or [instance](https://www.ipfire.org/download)
+
+## Overview
+
+For Zabbix version: 6.0
+
+Supports monitoring of:
+- IPFire general stats (Number of current DHCPd clients)
+- IPFire services (default IPFire services and possible Addon services)
+- Pakfire status (Installed version, Available update(s))
+- Network stats (Line quality, Open Connections, Firewall hits)
+- OpenVPN clients and stats (OpenVPN client discovery, OpenVPN client properties, Traffic stats)
+
+Use in conjunction with a default Template OS Linux-template for CPU/Memory/Storage monitoring of the IPFire appliance/instance.
+
+This template was created for:
+
+- IPFire 2.27 - Core update 179
+
+**Warning**: This template will *NOT* work on earlier versions of IPFire due to changes to the Zabbix Agent addon.
+
+## Author
+
+Robin Roevens
+
+## Setup
+
+- Install and configure [IPFire addon `zabbix_agentd`](https://wiki.ipfire.org/addons/zabbix_agentd) using Pakfire
+- Make sure the IPFire builtin specific userparameters are enabled in `/etc/zabbix_agentd/zabbix_agentd.conf` (which should be by default)
+- Copy `template_ipfire_services.conf` into the folder with Zabbix agent configuration (`/etc/zabbix_agentd/zabbix_agentd.d/` on IPFire)
+- Copy `ipfire_services.pl` into the folder with Zabbix agent scripts (`/etc/zabbix_agentd/scripts/` on IPFire) and make it executable for user `root`.
+- Unless you have your own custom sudoers config for zabbix; Copy `zabbix_agentd_user` into the folder with sudoers configuration (`/etc/sudoers.d`) to allow Zabbix agent to run `ipfire_services.pl` as root user.
+ Otherwise, make sure the contents of `zabbix_agentd_user` from this template are added to your custom `/etc/sudoers.d/zabbix_agentd_user` file.
+- Restart Zabbix agent.
+
+## Zabbix configuration
+
+No specific Zabbix configuration is required
+
+### Macros used
+|Name|Description|Default|
+|----|-----------|-------|
+|{$IPFIRE.CONN.MAX.WARN} |
Max percentage of max open connections used before triggering warning
|`95` |
+|{$IPFIRE.CONN.MAX.RESOLVE} |Percentage of max open connections used before resolving trigger
|`85` |
+|{$IPFIRE.FW_CHAIN.MATCHES} |Only discover firewall chains matching this regex
|`^.*$` |
+|{$IPFIRE.FW_CHAIN.NOT_MATCHES} |Do not discover firewall chains matching this regex
|`CHANGE_IF_NEEDED` |
+|{$IPFIRE.SERVICE.TRIGGER} |Whether Zabbix needs to trigger when an IPFire service is down. This variable can be used with context to exclude specific services.
|`1` |
+|{$IPFIRE.SERVICENAME.MATCHES} |All services matching this regex will be discovered
|`^.*$` |
+|{$IPFIRE.SERVICENAME.NOT_MATCHES} |Services matching this regex will not be discovered
|`CHANGE_IF_NEEDED` |
+|{$IPFIRE.OVPN.COMMONNAME.MATCHES} |OpenVPN clients with common name matching this regex will be discovered
|`^.*$` |
+|{$IPFIRE.OVPN.COMMONNAME.NOTMATCHES} |OpenVPN clients with common name matching this regex will not be discovered
|`CHANGE_IF_NEEDED` |
+|{$IPFIRE.OVPN.STATE.MATCHES} |OpenVPN clients with a state (on/off) matching this regex will be discovered.
|`on` |
+
+#### Notes about $IPFIRE.SERVICE.TRIGGER
+This template does not 'detect' if you have manually disabled a service in IPFire, so by default it will alarm you when any service is down. This is done on purpose so that you will also be notified if a service is unintentionly disabled.
+
+To disable the trigger for a specific service (because it is disabled or you just don't want notifications about that service) add a host macro `{$IPFIRE.SERVICE.TRIGGER:""}` to the IPFire host and set it to `0`.
+
+For example to disable the OpenVPN service trigger add `{$IPFIRE.SERVICE.TRIGGER:"openvpn"}` to the host. Check the discovered IPFire service item-keys for the correct service-name of each service.
+
+Or you could opt to use the variables `{$IPFIRE.SERVICENAME.MATCHES}` and/or `{$IPFIRE.SERVICENAME.NOT_MATCHES}` to filter out services
+you don't want to be monitored at all.
+
+## Credits
+
+[Alexander Koch](https://community.ipfire.org/t/looking-for-the-zabbix-agent-template/1459/2) for the app Pakfire template.
+
+[IPFire Team](https://www.ipfire.org) for the IPFire distro and for accepting my contributions to allow easier/better monitoring using Zabbix Agent.
+
+## Feedback
+
+Please report any issues with the template at https://github.com/RobinR1/zbx-template-ipfire/issues
diff --git a/Network_Appliances/template_ipfire/6.0/files/scripts/ipfire_services.pl b/Network_Appliances/template_ipfire/6.0/files/scripts/ipfire_services.pl
new file mode 100755
index 000000000..8683e1a3a
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.0/files/scripts/ipfire_services.pl
@@ -0,0 +1,232 @@
+#!/usr/bin/perl
+###############################################################################
+# ipfire_services.pl - Retrieves available IPFire services information and
+# return this as a JSON array suitable for easy processing
+# by Zabbix server
+#
+# Author: robin.roevens (at) disroot.org
+# Version: 2.0
+#
+# Based on: services.cgi by IPFire Team
+# Copyright (C) 2007-2021 IPFire Team
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+# use warnings;
+
+# Load pakfire "library"
+require "/opt/pakfire/lib/functions.pl";
+
+# Maps a nice printable name to the changing part of the pid file, which
+# is also the name of the program
+my %servicenames = (
+ 'DHCP Server' => 'dhcpd',
+ 'Web Server' => 'httpd',
+ 'CRON Server' => 'fcron',
+ 'DNS Proxy Server' => 'unbound',
+ 'Logging Server' => 'syslogd',
+ 'Kernel Logging Server' => 'klogd',
+ 'NTP Server' => 'ntpd',
+ 'Secure Shell Server' => 'sshd',
+ 'VPN' => 'charon',
+ 'Web Proxy' => 'squid',
+ 'Intrusion Detection System' => 'suricata',
+ 'OpenVPN' => 'openvpn'
+);
+
+# Hash to overwrite the process name of a process if it differs from the launch command.
+my %overwrite_exename_hash = (
+ "suricata" => "Suricata-Main"
+);
+
+my $first = 1;
+
+print "[";
+
+# Built-in services
+my $key = '';
+foreach $key (sort keys %servicenames){
+ print "," if not $first;
+ $first = 0;
+
+ print "{";
+ print "\"service\":\"$key\",";
+
+ my $shortname = $servicenames{$key};
+ print &servicestats($shortname);
+
+ print "}";
+}
+
+# Generate list of installed addon pak's
+my %paklist = &Pakfire::dblist("installed");
+
+foreach my $pak (keys %paklist) {
+ my %metadata = &Pakfire::getmetadata($pak, "installed");
+
+ # If addon contains services
+ if ("$metadata{'Services'}") {
+ foreach my $service (split(/ /, "$metadata{'Services'}")) {
+ print ",";
+ print "{";
+
+ print "\"service\":\"Addon: $metadata{'Name'}\",";
+ print "\"servicename\":\"$service\",";
+
+ my $onboot = isautorun($service);
+ print "\"onboot\":$onboot,";
+
+ print &addonservicestats($service);
+
+ print "}";
+ }
+ }
+}
+
+print "]";
+
+sub servicestats {
+ my $cmd = $_[0];
+ my $status = "\"servicename\":\"$cmd\",\"state\":\"0\"";
+ my $pid = '';
+ my $testcmd = '';
+ my $exename;
+ my $memory;
+
+
+ $cmd =~ /(^[a-z]+)/;
+
+ # Check if the exename needs to be overwritten.
+ # This happens if the expected process name string
+ # differs from the real one. This may happened if
+ # a service uses multiple processes or threads.
+ if (exists($overwrite_exename_hash{$cmd})) {
+ # Grab the string which will be reported by
+ # the process from the corresponding hash.
+ $exename = $overwrite_exename_hash{$1};
+ } else {
+ # Directly expect the launched command as
+ # process name.
+ $exename = $1;
+ }
+
+ if (open(FILE, "/var/run/${cmd}.pid")){
+ $pid = ; chomp $pid;
+ close FILE;
+ if (open(FILE, "/proc/${pid}/status")){
+ while (){
+ if (/^Name:\W+(.*)/) {
+ $testcmd = $1;
+ }
+ }
+ close FILE;
+ }
+ if (open(FILE, "/proc/${pid}/status")) {
+ while () {
+ my ($key, $val) = split(":", $_, 2);
+ if ($key eq 'VmRSS') {
+ $val =~ /\s*([0-9]*)\s+kB/;
+ # Convert kB to B
+ $memory = $1*1024;
+ last;
+ }
+ }
+ close(FILE);
+ }
+ if ($testcmd =~ /$exename/){
+ $status = "\"servicename\":\"$cmd\",\"state\":1,\"pid\":$pid,\"memory\":$memory";
+ }
+ }
+ return $status;
+}
+
+sub isautorun {
+ my $cmd = $_[0];
+
+ # Init directory.
+ my $initdir = "/etc/rc.d/rc3.d/";
+
+ return &find_init("$cmd", "$initdir") ? 1 : 0;
+}
+
+sub find_init {
+ my ($cmd, $dir) = @_;
+
+ # Open given init directory.
+ opendir (INITDIR, "$dir") || die "Cannot opendir $dir: $!";
+
+ # Read-in init files from directory.
+ my @inits = readdir(INITDIR);
+
+ # Close directory handle.
+ closedir(INITDIR);
+
+ # Loop through the directory.
+ foreach my $init (@inits) {
+ # Check if the current processed file belongs to the given command.
+ if ($init =~ /S\d+\d+$cmd\z/) {
+ # Found, return "1" - True.
+ return "1";
+ }
+ }
+
+ # Nothing found, return nothing.
+ return;
+}
+
+sub addonservicestats {
+ my $cmd = $_[0];
+ my $status = "0";
+ my $pid = '';
+ my $testcmd = '';
+ my $exename;
+ my @memory = (0);
+
+ $testcmd = `/usr/local/bin/addonctrl $cmd status 2>/dev/null`;
+
+ if ( $testcmd =~ /is\ running/ && $testcmd !~ /is\ not\ running/){
+ $status = "\"state\":1";
+
+ $testcmd =~ s/.* //gi;
+ $testcmd =~ s/[a-z_]//gi;
+ $testcmd =~ s/\[[0-1]\;[0-9]+//gi;
+ $testcmd =~ s/[\(\)\.]//gi;
+ $testcmd =~ s/ //gi;
+ $testcmd =~ s///gi;
+
+ my @pid = split(/\s/,$testcmd);
+ $status .=",\"pid\":\"$pid[0]\"";
+
+ my $memory = 0;
+
+ foreach (@pid){
+ chomp($_);
+ if (open(FILE, "/proc/$_/statm")){
+ my $temp = ;
+ @memory = split(/ /,$temp);
+ }
+ $memory+=$memory[0];
+ }
+ $memory*=1024;
+ $status .=",\"memory\":$memory";
+ }else{
+ $status = "\"state\":0";
+ }
+ return $status;
+}
diff --git a/Network_Appliances/template_ipfire/6.0/files/sudoers.d/zabbix_agentd_user b/Network_Appliances/template_ipfire/6.0/files/sudoers.d/zabbix_agentd_user
new file mode 100644
index 000000000..9bed622a0
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.0/files/sudoers.d/zabbix_agentd_user
@@ -0,0 +1,15 @@
+# Include file for sudoers file
+#
+# This is needed for some userparameters to be able to execute commands that only run as root (using sudo)
+# e.g. /usr/bin/openssl or /usr/sbin/smartctl
+#
+# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BREACH!
+#
+# Some hints:
+# - It is strongly recommended to edit this file only using the visudo -f command. If you mess up this file,
+# you might end up locking yourself out of your system!
+# - Append the full path incl. parameters to each command, using "," as separator.
+# - Only add commands you really need. Zabbix should not have more rights than it has to.
+#
+
+zabbix ALL=(ALL) NOPASSWD: /etc/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/Network_Appliances/template_ipfire/6.0/files/zabbix_agentd.d/template_ipfire_services.conf b/Network_Appliances/template_ipfire/6.0/files/zabbix_agentd.d/template_ipfire_services.conf
new file mode 100644
index 000000000..d214ad971
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.0/files/zabbix_agentd.d/template_ipfire_services.conf
@@ -0,0 +1,2 @@
+### Parameter for monitoring IPFire services
+UserParameter=ipfire.services,sudo /etc/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/Network_Appliances/template_ipfire/6.0/ipfire_by_zabbix_agent_active.yaml b/Network_Appliances/template_ipfire/6.0/ipfire_by_zabbix_agent_active.yaml
new file mode 100644
index 000000000..4a25e0c95
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.0/ipfire_by_zabbix_agent_active.yaml
@@ -0,0 +1,1335 @@
+zabbix_export:
+ version: '6.0'
+ date: '2023-10-11T19:48:42Z'
+ groups:
+ - uuid: 6a9e41a5ef934d2196aca8b4abdafff5
+ name: 'OpenVPN Clients'
+ - uuid: a571c0d144b14fd4a87a9d9b2aa9fcd6
+ name: Templates/Applications
+ - uuid: 57b7ae836ca64446ba2c296389c009b7
+ name: Templates/Modules
+ templates:
+ - uuid: 80543e3dcb9641a8a5a33554ad6638a9
+ template: 'IPFire by Zabbix agent active'
+ name: 'IPFire by Zabbix agent active'
+ description: |
+ Monitor an IPFire appliance
+
+ Requirements for template operation:
+ 1.Install Zabbix agent addon using Pakfire
+ 2.Copy zabbix_agentd_user sudoers-file into /etc/sudoers.d
+ 3.Copy ipfire_services.pl into /etc/zabbix_agentd/scripts and make sure it is executable by the root user.
+ 4.Copy template_ipfire_services.conf into /etc/zabbix_agentd/zabbix_agentd.d/.
+ Don't forget to restart zabbix-agent.
+
+ Created by Robin Roevens (robin.roevens (at) disroot.org)
+ groups:
+ - name: Templates/Applications
+ items:
+ - uuid: 9be0495e730a476fac68b91583bb4146
+ name: 'Captive Portal: # of active clients'
+ type: ZABBIX_ACTIVE
+ key: ipfire.captive.clients
+ history: 7d
+ description: 'Number of active users on captive portal'
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: captive-portal
+ - uuid: da3ef4de97f343d4a3d0d420e4e0df36
+ name: 'DHCP Server: # of active leases'
+ type: ZABBIX_ACTIVE
+ key: ipfire.dhcpd.clients
+ history: 7d
+ description: 'Number of active dhcpd leases'
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: dhcpd
+ - uuid: d7752458935c4e40adaacd4e1107f40e
+ name: 'Firewall hits: Get'
+ type: ZABBIX_ACTIVE
+ key: ipfire.net.fw.hits.raw
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ description: 'Raw data item for retrieving firewall hits on all forwarding chains'
+ tags:
+ - tag: component
+ value: firewall
+ - tag: component
+ value: network
+ - tag: component
+ value: raw
+ - uuid: 2e0173990de34061b2e743ef22518c6a
+ name: 'Network: Internet gateway available'
+ type: ZABBIX_ACTIVE
+ key: ipfire.net.gateway.ping
+ history: 7d
+ description: 'Checks if the internet gateway on RED is reachable'
+ tags:
+ - tag: component
+ value: gateway
+ - tag: component
+ value: network
+ triggers:
+ - uuid: 750db20bec7c46e6ab9943e516f52947
+ expression: 'last(/IPFire by Zabbix agent active/ipfire.net.gateway.ping)<>1'
+ name: 'Internet Gateway is not reachable'
+ priority: HIGH
+ description: 'Internet Gateway on interface RED is unreachable. Internet connection is lost or intermittent.'
+ tags:
+ - tag: scope
+ value: availability
+ - uuid: f548b019c57a42cd8b6d4cf0a244f098
+ name: 'Network: Internet gateway ping timings'
+ type: ZABBIX_ACTIVE
+ key: ipfire.net.gateway.pingtime
+ history: 7d
+ value_type: FLOAT
+ units: ms
+ description: 'Checks the response time of the internet gateway on RED indicating Line Quality.'
+ tags:
+ - tag: component
+ value: gateway
+ - tag: component
+ value: network
+ - uuid: a01561b00aab4406a38e34440658848d
+ name: 'IPFire Services: Get'
+ type: ZABBIX_ACTIVE
+ key: ipfire.services
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ description: 'Get a list of IPFire service using agent script ipfire_services.pl'
+ tags:
+ - tag: component
+ value: raw
+ - tag: component
+ value: service
+ - uuid: 45efac8b0c984815b9cf5c2790373911
+ name: 'System: Core-Update available'
+ type: DEPENDENT
+ key: pakfire.core-update-available
+ delay: '0'
+ history: 7d
+ valuemap:
+ name: 'Boolean Yes/no'
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Core-Update available: (.*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: JAVASCRIPT
+ parameters:
+ - |
+ // Convert Bool String to Bool Integer
+ switch(value) {
+ case "yes":
+ return 1;
+ case "no":
+ return 0;
+ default:
+ return 99;
+ }
+ - type: IN_RANGE
+ parameters:
+ - '0'
+ - '1'
+ error_handler: CUSTOM_ERROR
+ error_handler_params: 'Unknown value received'
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 10fdaa47927d4638b62ec43deff34360
+ expression: 'last(/IPFire by Zabbix agent active/pakfire.core-update-available)=1'
+ name: 'Pakfire: Core-Update available'
+ url: 'https://{HOST.CONN}:444/cgi-bin/pakfire.cgi'
+ priority: INFO
+ description: 'A Core-Update for IPFire is available. Go to the IPFire webgui > IPFire Pakfire to perform an update.'
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 059cebb808634b35a3c2f2304e8cfaf5
+ expression: 'nodata(/IPFire by Zabbix agent active/pakfire.core-update-available,4h)=1'
+ name: 'Pakfire: Last Pakfire status update > 4h ago'
+ priority: WARNING
+ description: 'Zabbix was unable to retrieve Pakfire status for more than 4h. Check if Pakfire is still correctly working.'
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 3c87cd1c09ec4fc2910c2572d9a4f5e9
+ name: 'System: Core-Update level'
+ type: DEPENDENT
+ key: pakfire.core-update-level
+ delay: '0'
+ history: 7d
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Core-Update-Level: ([0-9]*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 315ab087e6b3408eb463eaecbab289f7
+ expression: 'change(/IPFire by Zabbix agent active/pakfire.core-update-level)>0'
+ name: 'Pakfire: Core-Update-Level has changed'
+ priority: INFO
+ manual_close: 'YES'
+ dependencies:
+ - name: 'Pakfire: Core-Version has changed'
+ expression: '(last(/IPFire by Zabbix agent active/pakfire.core-version,#1)<>last(/IPFire by Zabbix agent active/pakfire.core-version,#2))=1'
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 96e3883bf9784f45b5ff7a9acaeeb5a9
+ name: 'System: Core version'
+ type: DEPENDENT
+ key: pakfire.core-version
+ delay: '0'
+ history: 7d
+ value_type: FLOAT
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Core-Version: ([0-9.]*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 743e14e27c1141cdb08c895e768e9931
+ expression: '(last(/IPFire by Zabbix agent active/pakfire.core-version,#1)<>last(/IPFire by Zabbix agent active/pakfire.core-version,#2))=1'
+ name: 'Pakfire: Core-Version has changed'
+ priority: INFO
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 299ed0d3aa97435088fd805646ffe649
+ name: 'System: # of addon updates available'
+ type: DEPENDENT
+ key: pakfire.package-updates-available
+ delay: '0'
+ history: 7d
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Package-Updates available: ([0-9]*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 39bc50b094cf40ab86588b909eef2db7
+ expression: 'last(/IPFire by Zabbix agent active/pakfire.package-updates-available)>0'
+ name: 'Pakfire: Package-Updates available'
+ priority: INFO
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 8dbec81630674c7c89a74ba12cdae84b
+ name: 'System: Reboot required'
+ type: DEPENDENT
+ key: pakfire.reboot-required
+ delay: '0'
+ history: 7d
+ valuemap:
+ name: 'Boolean Yes/no'
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Reboot required: (.*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: JAVASCRIPT
+ parameters:
+ - |
+ // Convert Bool String to Bool Integer
+ switch(value) {
+ case "yes":
+ return 1;
+ case "no":
+ return 0;
+ default:
+ return 99;
+ }
+ - type: IN_RANGE
+ parameters:
+ - '0'
+ - '1'
+ error_handler: CUSTOM_ERROR
+ error_handler_params: 'Unknown value received'
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 5bf0656d2f9f46258ee36ca10096a9bb
+ expression: 'last(/IPFire by Zabbix agent active/pakfire.reboot-required)=1'
+ name: 'Pakfire: Reboot required'
+ url: 'https://{HOST.CONN}:444/cgi-bin/shutdown.cgi'
+ priority: INFO
+ description: 'An update requires a reboot of IPFire to complete. Please reboot the host as soon as possible. Go to the IPFire webgui > System > Shutdown to perform a reboot.'
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 0593a390fa7f40e1b23c94fe845eff09
+ name: 'Pakfire Status: Get'
+ type: ZABBIX_ACTIVE
+ key: pakfire.status
+ delay: 10m
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: raw
+ - tag: component
+ value: system
+ - uuid: 7349c0e5921440f5bf1e8be3111acb7f
+ name: 'Network: # of open connections'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_count"]'
+ history: 7d
+ tags:
+ - tag: component
+ value: network
+ - uuid: aaa91f7fdd3949d0adf4a6f90e9ddc87
+ name: 'Network: Max # of open connections'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_max"]'
+ delay: 1h
+ history: 7d
+ tags:
+ - tag: component
+ value: network
+ - uuid: cdc1d6590ab044cc8e9684119238c1db
+ name: 'System: Last update'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.time["/opt/pakfire/db/core/mine",modify]'
+ delay: 10m
+ history: 7d
+ units: unixtime
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ - uuid: 8614cc5f14364b8d851631850a0d0ce9
+ name: 'Pakfire: Last core-list update'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.time["/opt/pakfire/db/lists/core-list.db",modify]'
+ delay: 10m
+ history: 7d
+ units: unixtime
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ tags:
+ - tag: component
+ value: application
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: a490e3a3d0be4fd88f6890afc61e4826
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/core-list.db",modify],49h)=0'
+ recovery_mode: RECOVERY_EXPRESSION
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/core-list.db",modify],1h)=1'
+ name: 'Pakfire: Last core-list update > 49h ago'
+ priority: WARNING
+ description: 'Auslösung bei Delta > 49h / Recovery bei Delta < 1h'
+ dependencies:
+ - name: 'Pakfire: Last server-list update > 49h ago'
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],49h)=0'
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],1h)=1'
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 72d6284952044ff58795e6076e6ad3c8
+ name: 'Pakfire: Last packages-list update'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.time["/opt/pakfire/db/lists/packages_list.db",modify]'
+ delay: 10m
+ history: 7d
+ units: unixtime
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ tags:
+ - tag: component
+ value: application
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 9a7dfe94a226472bb36f9d1c4f5a86e6
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/packages_list.db",modify],49h)=0'
+ recovery_mode: RECOVERY_EXPRESSION
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/packages_list.db",modify],1h)=1'
+ name: 'Pakfire: Last packages-list update > 49h ago'
+ priority: WARNING
+ description: 'Auslösung bei Delta > 49h / Recovery bei Delta < 1h'
+ dependencies:
+ - name: 'Pakfire: Last server-list update > 49h ago'
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],49h)=0'
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],1h)=1'
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 0dd0776c8b91489784d45bf06893d1c3
+ name: 'Pakfire: Last server-list update'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify]'
+ delay: 10m
+ history: 7d
+ units: unixtime
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ tags:
+ - tag: component
+ value: application
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: da2d132b5dd142a2a047413fc2ed3bc7
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],49h)=0'
+ recovery_mode: RECOVERY_EXPRESSION
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],1h)=1'
+ name: 'Pakfire: Last server-list update > 49h ago'
+ priority: WARNING
+ description: 'Auslösung bei Delta > 49h / Recovery bei Delta < 1h'
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ discovery_rules:
+ - uuid: 61c015898168475892226c0d1cc752d8
+ name: 'Firewall chains discovery'
+ type: DEPENDENT
+ key: ipfire.net.fw.hits.discovery
+ delay: '0'
+ filter:
+ conditions:
+ - macro: '{#FW_CHAIN}'
+ value: '{$IPFIRE.FW_CHAIN.MATCHES}'
+ formulaid: A
+ - macro: '{#FW_CHAIN}'
+ value: '{$IPFIRE.FW_CHAIN.NOT_MATCHES}'
+ operator: NOT_MATCHES_REGEX
+ formulaid: B
+ description: 'Discovery of firewall chains in filter table to create "firewall hits" items/chain'
+ item_prototypes:
+ - uuid: e754323822f04c6b9e2e77bca43344fe
+ name: 'Firewall: Hits on chain {#FW_CHAIN}'
+ type: DEPENDENT
+ key: 'ipfire.net.fw.hits[{#FW_CHAIN}]'
+ delay: '0'
+ history: 7d
+ units: bps
+ description: 'Bytes dropped on firewall chain {#FW_CHAIN} of the Filter table'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.chain=="{#FW_CHAIN}")].bytes.first()'
+ - type: CHANGE_PER_SECOND
+ parameters:
+ - ''
+ master_item:
+ key: ipfire.net.fw.hits.raw
+ tags:
+ - tag: component
+ value: firewall
+ - tag: component
+ value: network
+ - tag: component
+ value: os
+ - tag: firewall-chain
+ value: '{#FW_CHAIN}'
+ master_item:
+ key: ipfire.net.fw.hits.raw
+ lld_macro_paths:
+ - lld_macro: '{#FW_CHAIN}'
+ path: $.chain
+ preprocessing:
+ - type: JAVASCRIPT
+ parameters:
+ - |
+ // Filter out toggling part: bytes
+ discovery_items = JSON.parse(value);
+ discovery_items.map(function (item) { delete item['bytes']; });
+ return JSON.stringify(discovery_items);
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ - uuid: 4255351b82de467ea643cb15b5f2297e
+ name: 'OpenVPN clients discovery'
+ type: ZABBIX_ACTIVE
+ key: ipfire.ovpn.clients.discovery
+ delay: 1h
+ filter:
+ evaltype: AND
+ conditions:
+ - macro: '{#COMMONNAME}'
+ value: '{$IPFIRE.OVPN.COMMONNAME.MATCHES}'
+ formulaid: A
+ - macro: '{#COMMONNAME}'
+ value: '{$IPFIRE.OVPN.COMMONNAME.NOTMATCHES}'
+ operator: NOT_MATCHES_REGEX
+ formulaid: B
+ - macro: '{#STATE}'
+ value: '{$IPFIRE.OVPN.STATE.MATCHES}'
+ formulaid: C
+ description: 'Discovers configured OpenVPN clients'
+ host_prototypes:
+ - uuid: 37dc62b5f94c4979bfca33e8ab7ae7cb
+ host: '{#COMMONNAME}'
+ name: '{#NAME}'
+ group_links:
+ - group:
+ name: 'OpenVPN Clients'
+ templates:
+ - name: 'IPFire OpenVPN Client by Zabbix agent'
+ macros:
+ - macro: '{$IPFIRE.OVPN.CLIENT.COMMONNAME}'
+ value: '{#COMMONNAME}'
+ description: 'OpenVPN client Common Name'
+ - macro: '{$IPFIRE.OVPN.CLIENT.NAME}'
+ value: '{#NAME}'
+ description: 'OpenVPN client Name'
+ - macro: '{$IPFIRE.OVPN.CLIENT.REMARK}'
+ value: '{#REMARK}'
+ description: 'OpenVPN client remark'
+ - macro: '{$IPFIRE.OVPN.CLIENT.STATE}'
+ value: '{#STATE}'
+ description: 'OpenVPN client state'
+ - macro: '{$IPFIRE.OVPN.CLIENT.TYPE}'
+ value: '{#TYPE}'
+ description: 'OpenVPN client type'
+ tags:
+ - tag: type
+ value: '{#TYPE}'
+ - uuid: 0724a9154c924222a1495a4665929039
+ name: 'IPFire Services discovery'
+ type: DEPENDENT
+ key: ipfire.services.discovery
+ delay: '0'
+ filter:
+ evaltype: AND
+ conditions:
+ - macro: '{#SERVICENAME}'
+ value: '{$IPFIRE.SERVICENAME.MATCHES}'
+ formulaid: A
+ - macro: '{#SERVICENAME}'
+ value: '{$IPFIRE.SERVICENAME.NOT_MATCHES}'
+ operator: NOT_MATCHES_REGEX
+ formulaid: B
+ item_prototypes:
+ - uuid: bd1d7dfffc65492fb3eb7ade56c07bf8
+ name: 'OpenVPN: # clients connected'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.clients.count[{#SINGLETON}]'
+ delay: '0'
+ description: 'Number of clients currently connected with OpenVPN'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - $.clients.length()
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '0'
+ master_item:
+ key: 'ipfire.ovpn.statusreport.get[{#SINGLETON}]'
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 17b4f2e8a9b944c7b09f81c6b6f8699b
+ name: 'OpenVPN: Statusreport: Get'
+ type: ZABBIX_ACTIVE
+ key: 'ipfire.ovpn.statusreport.get[{#SINGLETON}]'
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ description: 'Get OpenVPN status report containing list of connected clients and routing tables'
+ preprocessing:
+ - type: DISCARD_UNCHANGED
+ parameters:
+ - ''
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: raw
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 9f207a283c4347569f02374f8e548b69
+ name: 'OpenVPN: Last status report update'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.statusreport.timestamp[{#SINGLETON}]'
+ delay: '0'
+ history: 1d
+ units: unixtime
+ description: 'Timestamp of last OpenVPN server statusreport update'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - $.timestamp
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: 'ipfire.ovpn.statusreport.get[{#SINGLETON}]'
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 64ab99104e5c4a748745fbc1d02b1803
+ name: '{#SERVICE}: Memory usage'
+ type: DEPENDENT
+ key: 'ipfire.services.memory[{#SERVICENAME}]'
+ delay: '0'
+ history: 7d
+ units: b
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.servicename == "{#SERVICENAME}")].memory.first()'
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: ipfire.services
+ tags:
+ - tag: component
+ value: memory
+ - tag: component
+ value: service
+ - tag: service
+ value: '{#SERVICENAME}'
+ - uuid: 3d679fd91a334de1949e5cc5afdcc8a3
+ name: '{#SERVICE}: Start on boot'
+ type: DEPENDENT
+ key: 'ipfire.services.onboot[{#SERVICENAME}]'
+ delay: '0'
+ history: 7d
+ valuemap:
+ name: 'Boolean Yes/no'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.servicename == "{#SERVICENAME}")].onboot.first()'
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '1'
+ master_item:
+ key: ipfire.services
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: '{#SERVICENAME}'
+ - uuid: 865fe738cfb34752b83605930b3cf180
+ name: '{#SERVICE}: Pid'
+ type: DEPENDENT
+ key: 'ipfire.services.pid[{#SERVICENAME}]'
+ delay: '0'
+ history: 7d
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.servicename == "{#SERVICENAME}")].pid.first()'
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.services
+ tags:
+ - tag: component
+ value: os
+ - tag: component
+ value: service
+ - tag: service
+ value: '{#SERVICENAME}'
+ - uuid: 7fa6c6e4b6cf4a018ac3002122b0e0e5
+ name: '{#SERVICE}: State'
+ type: DEPENDENT
+ key: 'ipfire.services.state[{#SERVICENAME}]'
+ delay: '0'
+ history: 7d
+ valuemap:
+ name: 'Service state'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.servicename == "{#SERVICENAME}")].state.first()'
+ master_item:
+ key: ipfire.services
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: '{#SERVICENAME}'
+ trigger_prototypes:
+ - uuid: 71d4baaa724140179fbde0bbdd170dfa
+ expression: '{$IPFIRE.SERVICE.TRIGGER:"{#SERVICENAME}"} and last(/IPFire by Zabbix agent active/ipfire.services.state[{#SERVICENAME}])<>1'
+ name: '{#SERVICE}: Service not running'
+ priority: HIGH
+ description: 'The IPFire service {#SERVICE} is not running. If this service is manually disabled, set host macro $IPFIRE.SERVICE.TRIGGER:"{#SERVICENAME}" to 0 to disable this trigger.'
+ tags:
+ - tag: scope
+ value: availability
+ trigger_prototypes:
+ - uuid: adf12fb393704b90b3bd5541a447e2a1
+ expression: |
+ last(/IPFire by Zabbix agent active/ipfire.services.onboot[{#SERVICENAME}])=1 and
+ (nodata(/IPFire by Zabbix agent active/ipfire.ovpn.statusreport.get[{#SINGLETON}],5m)=1 or
+ time()-last(/IPFire by Zabbix agent active/ipfire.ovpn.statusreport.timestamp[{#SINGLETON}])>5m)
+ name: 'OpenVPN: Statusreport outdated'
+ priority: AVERAGE
+ description: |
+ Did not receive a recent OpenVPN status report. OpenVPN client data is probably outdated and/or inaccurate.
+ Check if Zabbix Agent is running and properly configured to send OpenVPN status reports (UserParameter: ipfire.ovpn.statusreport.get) and/or OpenVPN server configuration is the IPFire default.
+ dependencies:
+ - name: '{#SERVICE}: Service not running'
+ expression: '{$IPFIRE.SERVICE.TRIGGER:"{#SERVICENAME}"} and last(/IPFire by Zabbix agent active/ipfire.services.state[{#SERVICENAME}])<>1'
+ tags:
+ - tag: scope
+ value: availability
+ master_item:
+ key: ipfire.services
+ lld_macro_paths:
+ - lld_macro: '{#SERVICENAME}'
+ path: $.servicename
+ - lld_macro: '{#SERVICE}'
+ path: $.service
+ - lld_macro: '{#SINGLETON}'
+ path: $.singleton
+ preprocessing:
+ - type: JAVASCRIPT
+ parameters:
+ - |
+ // Filter out toggling parts: state, pid, memory, onboot & add singleton
+ discovery_items = JSON.parse(value);
+ discovery_items.map(function (item) { ['state','pid','memory', 'onboot'].forEach(function(key) { delete item[key] }); item['singleton'] = "" });
+ return JSON.stringify(discovery_items);
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ overrides:
+ - name: 'Don''t discover OpenVPN specific items/triggers on other services'
+ step: '1'
+ filter:
+ conditions:
+ - macro: '{#SERVICENAME}'
+ value: openvpn
+ operator: NOT_MATCHES_REGEX
+ formulaid: A
+ operations:
+ - operationobject: ITEM_PROTOTYPE
+ operator: REGEXP
+ value: '^OpenVPN: .*'
+ discover: NO_DISCOVER
+ - operationobject: TRIGGER_PROTOTYPE
+ operator: REGEXP
+ value: '^OpenVPN: .*'
+ discover: NO_DISCOVER
+ tags:
+ - tag: class
+ value: software
+ - tag: target
+ value: ipfire
+ macros:
+ - macro: '{$IPFIRE.CONN.MAX.RESOLVE}'
+ value: '85'
+ description: 'Percentage of max open connections used before resolving trigger'
+ - macro: '{$IPFIRE.CONN.MAX.WARN}'
+ value: '95'
+ description: 'Max percentage of max open connections used before triggering warning'
+ - macro: '{$IPFIRE.FW_CHAIN.MATCHES}'
+ value: '^.*$'
+ description: 'Only discover firewall chains matching this regex'
+ - macro: '{$IPFIRE.FW_CHAIN.NOT_MATCHES}'
+ value: CHANGE_IF_NEEDED
+ description: 'Do not discover firewall chains matching this regex'
+ - macro: '{$IPFIRE.OVPN.COMMONNAME.MATCHES}'
+ value: '^.*$'
+ description: 'OpenVPN clients with common name matching this regex will be discovered'
+ - macro: '{$IPFIRE.OVPN.COMMONNAME.NOTMATCHES}'
+ value: CHANGE_IF_NEEDED
+ description: 'OpenVPN clients with common name matching this regex will not be discovered'
+ - macro: '{$IPFIRE.OVPN.STATE.MATCHES}'
+ value: 'on'
+ description: 'OpenVPN clients with a state (on/off) matching this regex will be discovered.'
+ - macro: '{$IPFIRE.SERVICE.TRIGGER}'
+ value: '1'
+ description: 'Whether Zabbix needs to trigger when an IPFire service is down. This variable can be used with context to exclude specific services.'
+ - macro: '{$IPFIRE.SERVICENAME.MATCHES}'
+ value: '^.*$'
+ description: 'All services matching this regex will be discovered'
+ - macro: '{$IPFIRE.SERVICENAME.NOT_MATCHES}'
+ value: CHANGE_IF_NEEDED
+ description: 'Services matching this regex will not be discovered'
+ valuemaps:
+ - uuid: 57ac5ee3ecd34a36a30119db05e5a738
+ name: 'Boolean Yes/no'
+ mappings:
+ - value: '0'
+ newvalue: 'No'
+ - value: '1'
+ newvalue: 'Yes'
+ - uuid: 9f0de9d59823477b9e8788e0c4b100d2
+ name: 'OpenVPN Connection state'
+ mappings:
+ - value: '0'
+ newvalue: 'not connected'
+ - value: '1'
+ newvalue: connected
+ - uuid: 7517e6ba802e42abaf567ae383a32414
+ name: 'Service state'
+ mappings:
+ - value: '0'
+ newvalue: Down
+ - value: '1'
+ newvalue: Up
+ - uuid: 52850149b8ad443184ee95d3da3cd195
+ template: 'IPFire OpenVPN Client by Zabbix agent'
+ name: 'IPFire OpenVPN Client by Zabbix agent'
+ description: |
+ Monitor an IPFire OpenVPN client
+
+ This template is applied to discovered OpenVPN client hosts by the template IPFire by Zabbix agent and is not meant to be applied manually to any hosts.
+ groups:
+ - name: Templates/Modules
+ items:
+ - uuid: bead53bd8f1f4382b4c36733db3ab0f3
+ name: 'OpenVPN: Client common name'
+ type: SCRIPT
+ key: ipfire.ovpn.client.commonname
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ params: 'return "{$IPFIRE.OVPN.CLIENT.COMMONNAME}";'
+ description: 'OpenVPN Client connection name as configured in IPFire WUI'
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: add7fbf01d384c0bab9ded620fa9f958
+ name: 'OpenVPN: Last connection duration'
+ type: CALCULATED
+ key: 'ipfire.ovpn.client.connection[{$IPFIRE.OVPN.CLIENT.COMMONNAME},duration]'
+ history: 7d
+ units: s
+ params: 'last(//ipfire.ovpn.routing_table[{$IPFIRE.OVPN.CLIENT.COMMONNAME},last_ref])-last(//ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},connected_since])'
+ description: 'Duration of current or last connection'
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 12b42114672c4f698fa3e9407d0f0346
+ name: 'OpenVPN: Client name'
+ type: SCRIPT
+ key: ipfire.ovpn.client.name
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ params: 'return "{$IPFIRE.OVPN.CLIENT.NAME}";'
+ description: 'OpenVPN Client name as configured in IPFire WUI'
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 7eeabe63f0ba4f3dbd32403ed37c5acb
+ name: 'OpenVPN: Client remark'
+ type: SCRIPT
+ key: ipfire.ovpn.client.remark
+ history: 7d
+ trends: '0'
+ value_type: TEXT
+ params: 'return "{$IPFIRE.OVPN.CLIENT.REMARK}";'
+ description: 'OpenVPN Client remark as configured in IPFire WUI'
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 108aef4c2b184624a00961f5b64500c4
+ name: 'OpenVPN: Client access status'
+ type: SCRIPT
+ key: ipfire.ovpn.client.state
+ history: 7d
+ params: 'return "{$IPFIRE.OVPN.CLIENT.STATE}";'
+ description: 'Whether the client is enabled to access the IPFire OpenVPN server.'
+ preprocessing:
+ - type: STR_REPLACE
+ parameters:
+ - 'off'
+ - '0'
+ - type: STR_REPLACE
+ parameters:
+ - 'on'
+ - '1'
+ - type: IN_RANGE
+ parameters:
+ - '0'
+ - '1'
+ error_handler: CUSTOM_ERROR
+ error_handler_params: 'Unknown client state'
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 08411efa83e3490da6858c96fe8e406f
+ name: 'OpenVPN: Client type'
+ type: SCRIPT
+ key: ipfire.ovpn.client.type
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ params: 'return "{$IPFIRE.OVPN.CLIENT.TYPE}";'
+ description: 'OpenVPN Client type'
+ valuemap:
+ name: 'OpenVPN Client type'
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 713f21c4059a452d8aa6746dbb4c024d
+ name: 'OpenVPN: Bytes received'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},bytes_in]'
+ delay: '0'
+ history: 7d
+ units: b
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].bytes_in.first()'
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '0'
+ - type: SIMPLE_CHANGE
+ parameters:
+ - ''
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 57993d21e1d04b319b4adc5f70385a30
+ name: 'OpenVPN: Bytes received total'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},bytes_in_total]'
+ delay: '0'
+ history: 7d
+ units: b
+ description: 'Total amount of bytes received during current/last connection'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].bytes_in.first()'
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 130de3a8a8bf4e4987ac563eabb88602
+ name: 'OpenVPN: Bytes sent'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},bytes_out]'
+ delay: '0'
+ history: 7d
+ units: b
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].bytes_out.first()'
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '0'
+ - type: SIMPLE_CHANGE
+ parameters:
+ - ''
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 81bdb6e42bdd46a58308531d0cffac32
+ name: 'OpenVPN: Bytes sent total'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},bytes_out_total]'
+ delay: '0'
+ history: 7d
+ units: b
+ description: 'Total amount of bytes sent during current/last connection'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].bytes_out.first()'
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: e035d6315a7e4403a25185d17bbe6489
+ name: 'OpenVPN: Connection state'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},connected]'
+ delay: '0'
+ history: 7d
+ description: 'Whether the client is currently connected'
+ valuemap:
+ name: 'OpenVPN Connection state'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].length()'
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 8b0ba4b88ae549a0a4a2346e1cf40133
+ name: 'OpenVPN: Last connection time'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},connected_since]'
+ delay: '0'
+ history: 7d
+ units: unixtime
+ description: 'Timestamp of last client connection initiation'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].connected_since.first()'
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: fd22e3d29b4c4c358c77d100cd412990
+ name: 'OpenVPN: Remote IP Address'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},real_address]'
+ delay: '0'
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ description: 'Real IP address of client'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].real_address.first()'
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '0.0.0.0:0'
+ - type: REGEX
+ parameters:
+ - '^(\d+\.\d+\.\d+\.\d+):\d+$'
+ - \1
+ - type: STR_REPLACE
+ parameters:
+ - 0.0.0.0
+ - ''
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 175a8220c2e04e42884e1a5b67de263f
+ name: 'OpenVPN: Last activity'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.routing_table[{$IPFIRE.OVPN.CLIENT.COMMONNAME},last_ref]'
+ delay: '0'
+ history: 7d
+ units: unixtime
+ description: 'Timestamp of last client network activity'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.routing_table[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].last_ref.first()'
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: c1c65e8f92b84008a69eb40db7907d61
+ name: 'OpenVPN: VPN IP Address'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.routing_table[{$IPFIRE.OVPN.CLIENT.COMMONNAME},virtual_address]'
+ delay: '0'
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ description: 'Virtual IP address of client'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.routing_table[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].virtual_address.first()'
+ error_handler: CUSTOM_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 5c6b95eedb1a47d99dfba1bb092d56bf
+ name: 'OpenVPN statusreport: Get'
+ key: ipfire.ovpn.statusreport.get
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ description: 'Get OpenVPN status report containing list of connected clients and routing tables'
+ preprocessing:
+ - type: DISCARD_UNCHANGED
+ parameters:
+ - ''
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: raw
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ tags:
+ - tag: class
+ value: device
+ - tag: target
+ value: ipfire
+ - tag: target
+ value: openvpn-client
+ macros:
+ - macro: '{$IPFIRE.OVPN.CLIENT.COMMONNAME}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client Common Name'
+ - macro: '{$IPFIRE.OVPN.CLIENT.NAME}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client Name'
+ - macro: '{$IPFIRE.OVPN.CLIENT.REMARK}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client remark'
+ - macro: '{$IPFIRE.OVPN.CLIENT.STATE}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client state'
+ - macro: '{$IPFIRE.OVPN.CLIENT.TYPE}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client type'
+ valuemaps:
+ - uuid: 87dfebb2a9784886b12efe44d8044ee3
+ name: 'OpenVPN Client access status'
+ mappings:
+ - value: '0'
+ newvalue: disabled
+ - value: '1'
+ newvalue: enabled
+ - uuid: 142e2748979147cb8b8f887825575a72
+ name: 'OpenVPN Client type'
+ mappings:
+ - value: host
+ newvalue: Roadwarior
+ - type: REGEXP
+ value: '^net.*'
+ newvalue: 'Remote network'
+ - uuid: 486bcaed8ba049c7b9b7c811482b6ad8
+ name: 'OpenVPN Connection state'
+ mappings:
+ - value: '0'
+ newvalue: 'not connected'
+ - value: '1'
+ newvalue: connected
+ triggers:
+ - uuid: ed954859a31b4e658e1c1ac42545a6f6
+ expression: 'last(/IPFire by Zabbix agent active/vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_count"])/last(/IPFire by Zabbix agent active/vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_max"])*100>{$IPFIRE.CONN.MAX.WARN}'
+ recovery_mode: RECOVERY_EXPRESSION
+ recovery_expression: 'last(/IPFire by Zabbix agent active/vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_count"])/last(/IPFire by Zabbix agent active/vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_max"])*100<={$IPFIRE.CONN.MAX.RESOLVE}'
+ name: 'Number of open connection is too high (> 90% of max open connections)'
+ opdata: 'Open connections: {ITEM.LASTVALUE1}, Max open connections: {ITEM.LASTVALUE2}'
+ priority: WARNING
+ description: |
+ The current number of open connections is at {$IPFIRE.CONN.MAX}% of the max allowed number of open connections. When the max allowed number of open connections is reached, new connections will be dropped.
+ Consider increasing the net.netfilter.nf_conntrack_max system variable.
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: capacity
+ graphs:
+ - uuid: f9acf1d3482f4af3b619a649eb81b844
+ name: 'Line Quality'
+ graph_items:
+ - sortorder: '1'
+ drawtype: GRADIENT_LINE
+ color: 1A7C11
+ item:
+ host: 'IPFire by Zabbix agent active'
+ key: ipfire.net.gateway.pingtime
+ - uuid: f4bf7726c930427aa2a99bad42d7fa7f
+ name: 'Open Connections'
+ graph_items:
+ - sortorder: '1'
+ color: FF0000
+ item:
+ host: 'IPFire by Zabbix agent active'
+ key: 'vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_count"]'
diff --git a/Network_Appliances/template_ipfire/6.4/README.md b/Network_Appliances/template_ipfire/6.4/README.md
new file mode 100644
index 000000000..97c691659
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.4/README.md
@@ -0,0 +1,76 @@
+# IPFire by Zabbix Agent Active
+
+## Description
+
+This template monitors an [IPFire](https://www.ipfire.org/) [appliance](https://www.lightningwirelabs.com/products/ipfire/appliances) or [instance](https://www.ipfire.org/download)
+
+## Overview
+
+For Zabbix version: 6.4
+
+Supports monitoring of:
+- IPFire general stats (Number of current DHCPd clients)
+- IPFire services (default IPFire services and possible Addon services)
+- Pakfire status (Installed version, Available update(s))
+- Network stats (Line quality, Open Connections, Firewall hits)
+- OpenVPN clients and stats (OpenVPN client discovery, OpenVPN client properties, Traffic stats)
+
+Use in conjunction with a default Template OS Linux-template for CPU/Memory/Storage monitoring of the IPFire appliance/instance.
+
+This template was created for:
+
+- IPFire 2.27 - Core update 179
+
+**Warning**: This template will *NOT* work on earlier versions of IPFire due to changes to the Zabbix Agent addon.
+
+## Author
+
+Robin Roevens
+
+## Setup
+
+- Install and configure [IPFire addon `zabbix_agentd`](https://wiki.ipfire.org/addons/zabbix_agentd) using Pakfire
+- Make sure the IPFire builtin specific userparameters are enabled in `/etc/zabbix_agentd/zabbix_agentd.conf` (which should be by default)
+- Copy `template_ipfire_services.conf` into the folder with Zabbix agent configuration (`/etc/zabbix_agentd/zabbix_agentd.d/` on IPFire)
+- Copy `ipfire_services.pl` into the folder with Zabbix agent scripts (`/etc/zabbix_agentd/scripts/` on IPFire) and make it executable for user `root`.
+- Unless you have your own custom sudoers config for zabbix; Copy `zabbix_agentd_user` into the folder with sudoers configuration (`/etc/sudoers.d`) to allow Zabbix agent to run `ipfire_services.pl` as root user.
+ Otherwise, make sure the contents of `zabbix_agentd_user` from this template are added to your custom `/etc/sudoers.d/zabbix_agentd_user` file.
+- Restart Zabbix agent.
+
+## Zabbix configuration
+
+No specific Zabbix configuration is required
+
+### Macros used
+|Name|Description|Default|
+|----|-----------|-------|
+|{$IPFIRE.CONN.MAX.WARN} |Max percentage of max open connections used before triggering warning
|`95` |
+|{$IPFIRE.CONN.MAX.RESOLVE} |Percentage of max open connections used before resolving trigger
|`85` |
+|{$IPFIRE.FW_CHAIN.MATCHES} |Only discover firewall chains matching this regex
|`^.*$` |
+|{$IPFIRE.FW_CHAIN.NOT_MATCHES} |Do not discover firewall chains matching this regex
|`CHANGE_IF_NEEDED` |
+|{$IPFIRE.SERVICE.TRIGGER} |Whether Zabbix needs to trigger when an IPFire service is down. This variable can be used with context to exclude specific services.
|`1` |
+|{$IPFIRE.SERVICENAME.MATCHES} |All services matching this regex will be discovered
|`^.*$` |
+|{$IPFIRE.SERVICENAME.NOT_MATCHES} |Services matching this regex will not be discovered
|`CHANGE_IF_NEEDED` |
+|{$IPFIRE.OVPN.COMMONNAME.MATCHES} |OpenVPN clients with common name matching this regex will be discovered
|`^.*$` |
+|{$IPFIRE.OVPN.COMMONNAME.NOTMATCHES} |OpenVPN clients with common name matching this regex will not be discovered
|`CHANGE_IF_NEEDED` |
+|{$IPFIRE.OVPN.STATE.MATCHES} |OpenVPN clients with a state (on/off) matching this regex will be discovered.
|`on` |
+
+#### Notes about $IPFIRE.SERVICE.TRIGGER
+This template does not 'detect' if you have manually disabled a service in IPFire, so by default it will alarm you when any service is down. This is done on purpose so that you will also be notified if a service is unintentionly disabled.
+
+To disable the trigger for a specific service (because it is disabled or you just don't want notifications about that service) add a host macro `{$IPFIRE.SERVICE.TRIGGER:""}` to the IPFire host and set it to `0`.
+
+For example to disable the OpenVPN service trigger add `{$IPFIRE.SERVICE.TRIGGER:"openvpn"}` to the host. Check the discovered IPFire service item-keys for the correct service-name of each service.
+
+Or you could opt to use the variables `{$IPFIRE.SERVICENAME.MATCHES}` and/or `{$IPFIRE.SERVICENAME.NOT_MATCHES}` to filter out services
+you don't want to be monitored at all.
+
+## Credits
+
+[Alexander Koch](https://community.ipfire.org/t/looking-for-the-zabbix-agent-template/1459/2) for the app Pakfire template.
+
+[IPFire Team](https://www.ipfire.org) for the IPFire distro and for accepting my contributions to allow easier/better monitoring using Zabbix Agent.
+
+## Feedback
+
+Please report any issues with the template at https://github.com/RobinR1/zbx-template-ipfire/issues
diff --git a/Network_Appliances/template_ipfire/6.4/files/scripts/ipfire_services.pl b/Network_Appliances/template_ipfire/6.4/files/scripts/ipfire_services.pl
new file mode 100755
index 000000000..8683e1a3a
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.4/files/scripts/ipfire_services.pl
@@ -0,0 +1,232 @@
+#!/usr/bin/perl
+###############################################################################
+# ipfire_services.pl - Retrieves available IPFire services information and
+# return this as a JSON array suitable for easy processing
+# by Zabbix server
+#
+# Author: robin.roevens (at) disroot.org
+# Version: 2.0
+#
+# Based on: services.cgi by IPFire Team
+# Copyright (C) 2007-2021 IPFire Team
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+# use warnings;
+
+# Load pakfire "library"
+require "/opt/pakfire/lib/functions.pl";
+
+# Maps a nice printable name to the changing part of the pid file, which
+# is also the name of the program
+my %servicenames = (
+ 'DHCP Server' => 'dhcpd',
+ 'Web Server' => 'httpd',
+ 'CRON Server' => 'fcron',
+ 'DNS Proxy Server' => 'unbound',
+ 'Logging Server' => 'syslogd',
+ 'Kernel Logging Server' => 'klogd',
+ 'NTP Server' => 'ntpd',
+ 'Secure Shell Server' => 'sshd',
+ 'VPN' => 'charon',
+ 'Web Proxy' => 'squid',
+ 'Intrusion Detection System' => 'suricata',
+ 'OpenVPN' => 'openvpn'
+);
+
+# Hash to overwrite the process name of a process if it differs from the launch command.
+my %overwrite_exename_hash = (
+ "suricata" => "Suricata-Main"
+);
+
+my $first = 1;
+
+print "[";
+
+# Built-in services
+my $key = '';
+foreach $key (sort keys %servicenames){
+ print "," if not $first;
+ $first = 0;
+
+ print "{";
+ print "\"service\":\"$key\",";
+
+ my $shortname = $servicenames{$key};
+ print &servicestats($shortname);
+
+ print "}";
+}
+
+# Generate list of installed addon pak's
+my %paklist = &Pakfire::dblist("installed");
+
+foreach my $pak (keys %paklist) {
+ my %metadata = &Pakfire::getmetadata($pak, "installed");
+
+ # If addon contains services
+ if ("$metadata{'Services'}") {
+ foreach my $service (split(/ /, "$metadata{'Services'}")) {
+ print ",";
+ print "{";
+
+ print "\"service\":\"Addon: $metadata{'Name'}\",";
+ print "\"servicename\":\"$service\",";
+
+ my $onboot = isautorun($service);
+ print "\"onboot\":$onboot,";
+
+ print &addonservicestats($service);
+
+ print "}";
+ }
+ }
+}
+
+print "]";
+
+sub servicestats {
+ my $cmd = $_[0];
+ my $status = "\"servicename\":\"$cmd\",\"state\":\"0\"";
+ my $pid = '';
+ my $testcmd = '';
+ my $exename;
+ my $memory;
+
+
+ $cmd =~ /(^[a-z]+)/;
+
+ # Check if the exename needs to be overwritten.
+ # This happens if the expected process name string
+ # differs from the real one. This may happened if
+ # a service uses multiple processes or threads.
+ if (exists($overwrite_exename_hash{$cmd})) {
+ # Grab the string which will be reported by
+ # the process from the corresponding hash.
+ $exename = $overwrite_exename_hash{$1};
+ } else {
+ # Directly expect the launched command as
+ # process name.
+ $exename = $1;
+ }
+
+ if (open(FILE, "/var/run/${cmd}.pid")){
+ $pid = ; chomp $pid;
+ close FILE;
+ if (open(FILE, "/proc/${pid}/status")){
+ while (){
+ if (/^Name:\W+(.*)/) {
+ $testcmd = $1;
+ }
+ }
+ close FILE;
+ }
+ if (open(FILE, "/proc/${pid}/status")) {
+ while () {
+ my ($key, $val) = split(":", $_, 2);
+ if ($key eq 'VmRSS') {
+ $val =~ /\s*([0-9]*)\s+kB/;
+ # Convert kB to B
+ $memory = $1*1024;
+ last;
+ }
+ }
+ close(FILE);
+ }
+ if ($testcmd =~ /$exename/){
+ $status = "\"servicename\":\"$cmd\",\"state\":1,\"pid\":$pid,\"memory\":$memory";
+ }
+ }
+ return $status;
+}
+
+sub isautorun {
+ my $cmd = $_[0];
+
+ # Init directory.
+ my $initdir = "/etc/rc.d/rc3.d/";
+
+ return &find_init("$cmd", "$initdir") ? 1 : 0;
+}
+
+sub find_init {
+ my ($cmd, $dir) = @_;
+
+ # Open given init directory.
+ opendir (INITDIR, "$dir") || die "Cannot opendir $dir: $!";
+
+ # Read-in init files from directory.
+ my @inits = readdir(INITDIR);
+
+ # Close directory handle.
+ closedir(INITDIR);
+
+ # Loop through the directory.
+ foreach my $init (@inits) {
+ # Check if the current processed file belongs to the given command.
+ if ($init =~ /S\d+\d+$cmd\z/) {
+ # Found, return "1" - True.
+ return "1";
+ }
+ }
+
+ # Nothing found, return nothing.
+ return;
+}
+
+sub addonservicestats {
+ my $cmd = $_[0];
+ my $status = "0";
+ my $pid = '';
+ my $testcmd = '';
+ my $exename;
+ my @memory = (0);
+
+ $testcmd = `/usr/local/bin/addonctrl $cmd status 2>/dev/null`;
+
+ if ( $testcmd =~ /is\ running/ && $testcmd !~ /is\ not\ running/){
+ $status = "\"state\":1";
+
+ $testcmd =~ s/.* //gi;
+ $testcmd =~ s/[a-z_]//gi;
+ $testcmd =~ s/\[[0-1]\;[0-9]+//gi;
+ $testcmd =~ s/[\(\)\.]//gi;
+ $testcmd =~ s/ //gi;
+ $testcmd =~ s///gi;
+
+ my @pid = split(/\s/,$testcmd);
+ $status .=",\"pid\":\"$pid[0]\"";
+
+ my $memory = 0;
+
+ foreach (@pid){
+ chomp($_);
+ if (open(FILE, "/proc/$_/statm")){
+ my $temp = ;
+ @memory = split(/ /,$temp);
+ }
+ $memory+=$memory[0];
+ }
+ $memory*=1024;
+ $status .=",\"memory\":$memory";
+ }else{
+ $status = "\"state\":0";
+ }
+ return $status;
+}
diff --git a/Network_Appliances/template_ipfire/6.4/files/sudoers.d/zabbix_agentd_user b/Network_Appliances/template_ipfire/6.4/files/sudoers.d/zabbix_agentd_user
new file mode 100644
index 000000000..9bed622a0
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.4/files/sudoers.d/zabbix_agentd_user
@@ -0,0 +1,15 @@
+# Include file for sudoers file
+#
+# This is needed for some userparameters to be able to execute commands that only run as root (using sudo)
+# e.g. /usr/bin/openssl or /usr/sbin/smartctl
+#
+# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BREACH!
+#
+# Some hints:
+# - It is strongly recommended to edit this file only using the visudo -f command. If you mess up this file,
+# you might end up locking yourself out of your system!
+# - Append the full path incl. parameters to each command, using "," as separator.
+# - Only add commands you really need. Zabbix should not have more rights than it has to.
+#
+
+zabbix ALL=(ALL) NOPASSWD: /etc/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/Network_Appliances/template_ipfire/6.4/files/zabbix_agentd.d/template_ipfire_services.conf b/Network_Appliances/template_ipfire/6.4/files/zabbix_agentd.d/template_ipfire_services.conf
new file mode 100644
index 000000000..d214ad971
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.4/files/zabbix_agentd.d/template_ipfire_services.conf
@@ -0,0 +1,2 @@
+### Parameter for monitoring IPFire services
+UserParameter=ipfire.services,sudo /etc/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/Network_Appliances/template_ipfire/6.4/ipfire_by_zabbix_agent_active.yaml b/Network_Appliances/template_ipfire/6.4/ipfire_by_zabbix_agent_active.yaml
new file mode 100644
index 000000000..9baa227fb
--- /dev/null
+++ b/Network_Appliances/template_ipfire/6.4/ipfire_by_zabbix_agent_active.yaml
@@ -0,0 +1,1341 @@
+zabbix_export:
+ version: '6.4'
+ template_groups:
+ - uuid: a571c0d144b14fd4a87a9d9b2aa9fcd6
+ name: Templates/Applications
+ - uuid: 57b7ae836ca64446ba2c296389c009b7
+ name: Templates/Modules
+ host_groups:
+ - uuid: 6a9e41a5ef934d2196aca8b4abdafff5
+ name: 'OpenVPN Clients'
+ templates:
+ - uuid: 80543e3dcb9641a8a5a33554ad6638a9
+ template: 'IPFire by Zabbix agent active'
+ name: 'IPFire by Zabbix agent active'
+ description: |
+ Monitor an IPFire appliance
+
+ Requirements for template operation:
+ 1.Install Zabbix agent addon using Pakfire
+ 2.Copy zabbix_agentd_user sudoers-file into /etc/sudoers.d
+ 3.Copy ipfire_services.pl into /etc/zabbix_agentd/scripts and make sure it is executable by the root user.
+ 4.Copy template_ipfire_services.conf into /etc/zabbix_agentd/zabbix_agentd.d/.
+ Don't forget to restart zabbix-agent.
+
+ Created by Robin Roevens (robin.roevens (at) disroot.org)
+ vendor:
+ name: RobinR1
+ version: 6.4-0.3
+ groups:
+ - name: Templates/Applications
+ items:
+ - uuid: 9be0495e730a476fac68b91583bb4146
+ name: 'Captive Portal: # of active clients'
+ type: ZABBIX_ACTIVE
+ key: ipfire.captive.clients
+ history: 7d
+ description: 'Number of active users on captive portal'
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: captive-portal
+ - uuid: da3ef4de97f343d4a3d0d420e4e0df36
+ name: 'DHCP Server: # of active leases'
+ type: ZABBIX_ACTIVE
+ key: ipfire.dhcpd.clients
+ history: 7d
+ description: 'Number of active dhcpd leases'
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: dhcpd
+ - uuid: d7752458935c4e40adaacd4e1107f40e
+ name: 'Firewall hits: Get'
+ type: ZABBIX_ACTIVE
+ key: ipfire.net.fw.hits.raw
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ description: 'Raw data item for retrieving firewall hits on all forwarding chains'
+ tags:
+ - tag: component
+ value: firewall
+ - tag: component
+ value: network
+ - tag: component
+ value: raw
+ - uuid: 2e0173990de34061b2e743ef22518c6a
+ name: 'Network: Internet gateway available'
+ type: ZABBIX_ACTIVE
+ key: ipfire.net.gateway.ping
+ history: 7d
+ description: 'Checks if the internet gateway on RED is reachable'
+ tags:
+ - tag: component
+ value: gateway
+ - tag: component
+ value: network
+ triggers:
+ - uuid: 750db20bec7c46e6ab9943e516f52947
+ expression: 'last(/IPFire by Zabbix agent active/ipfire.net.gateway.ping)<>1'
+ name: 'Internet Gateway is not reachable'
+ priority: HIGH
+ description: 'Internet Gateway on interface RED is unreachable. Internet connection is lost or intermittent.'
+ tags:
+ - tag: scope
+ value: availability
+ - uuid: f548b019c57a42cd8b6d4cf0a244f098
+ name: 'Network: Internet gateway ping timings'
+ type: ZABBIX_ACTIVE
+ key: ipfire.net.gateway.pingtime
+ history: 7d
+ value_type: FLOAT
+ units: ms
+ description: 'Checks the response time of the internet gateway on RED indicating Line Quality.'
+ tags:
+ - tag: component
+ value: gateway
+ - tag: component
+ value: network
+ - uuid: a01561b00aab4406a38e34440658848d
+ name: 'IPFire Services: Get'
+ type: ZABBIX_ACTIVE
+ key: ipfire.services
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ description: 'Get a list of IPFire service using agent script ipfire_services.pl'
+ tags:
+ - tag: component
+ value: raw
+ - tag: component
+ value: service
+ - uuid: 45efac8b0c984815b9cf5c2790373911
+ name: 'System: Core-Update available'
+ type: DEPENDENT
+ key: pakfire.core-update-available
+ delay: '0'
+ history: 7d
+ valuemap:
+ name: 'Boolean Yes/no'
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Core-Update available: (.*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: JAVASCRIPT
+ parameters:
+ - |
+ // Convert Bool String to Bool Integer
+ switch(value) {
+ case "yes":
+ return 1;
+ case "no":
+ return 0;
+ default:
+ return 99;
+ }
+ - type: IN_RANGE
+ parameters:
+ - '0'
+ - '1'
+ error_handler: CUSTOM_ERROR
+ error_handler_params: 'Unknown value received'
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 10fdaa47927d4638b62ec43deff34360
+ expression: 'last(/IPFire by Zabbix agent active/pakfire.core-update-available)=1'
+ name: 'Pakfire: Core-Update available'
+ url: 'https://{HOST.CONN}:444/cgi-bin/pakfire.cgi'
+ priority: INFO
+ description: 'A Core-Update for IPFire is available. Go to the IPFire webgui > IPFire Pakfire to perform an update.'
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 059cebb808634b35a3c2f2304e8cfaf5
+ expression: 'nodata(/IPFire by Zabbix agent active/pakfire.core-update-available,4h)=1'
+ name: 'Pakfire: Last Pakfire status update > 4h ago'
+ priority: WARNING
+ description: 'Zabbix was unable to retrieve Pakfire status for more than 4h. Check if Pakfire is still correctly working.'
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 3c87cd1c09ec4fc2910c2572d9a4f5e9
+ name: 'System: Core-Update level'
+ type: DEPENDENT
+ key: pakfire.core-update-level
+ delay: '0'
+ history: 7d
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Core-Update-Level: ([0-9]*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 315ab087e6b3408eb463eaecbab289f7
+ expression: 'change(/IPFire by Zabbix agent active/pakfire.core-update-level)>0'
+ name: 'Pakfire: Core-Update-Level has changed'
+ priority: INFO
+ manual_close: 'YES'
+ dependencies:
+ - name: 'Pakfire: Core-Version has changed'
+ expression: '(last(/IPFire by Zabbix agent active/pakfire.core-version,#1)<>last(/IPFire by Zabbix agent active/pakfire.core-version,#2))=1'
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 96e3883bf9784f45b5ff7a9acaeeb5a9
+ name: 'System: Core version'
+ type: DEPENDENT
+ key: pakfire.core-version
+ delay: '0'
+ history: 7d
+ value_type: FLOAT
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Core-Version: ([0-9.]*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 743e14e27c1141cdb08c895e768e9931
+ expression: '(last(/IPFire by Zabbix agent active/pakfire.core-version,#1)<>last(/IPFire by Zabbix agent active/pakfire.core-version,#2))=1'
+ name: 'Pakfire: Core-Version has changed'
+ priority: INFO
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 299ed0d3aa97435088fd805646ffe649
+ name: 'System: # of addon updates available'
+ type: DEPENDENT
+ key: pakfire.package-updates-available
+ delay: '0'
+ history: 7d
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Package-Updates available: ([0-9]*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 39bc50b094cf40ab86588b909eef2db7
+ expression: 'last(/IPFire by Zabbix agent active/pakfire.package-updates-available)>0'
+ name: 'Pakfire: Package-Updates available'
+ priority: INFO
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 8dbec81630674c7c89a74ba12cdae84b
+ name: 'System: Reboot required'
+ type: DEPENDENT
+ key: pakfire.reboot-required
+ delay: '0'
+ history: 7d
+ valuemap:
+ name: 'Boolean Yes/no'
+ preprocessing:
+ - type: REGEX
+ parameters:
+ - 'Reboot required: (.*)'
+ - \1
+ error_handler: DISCARD_VALUE
+ - type: JAVASCRIPT
+ parameters:
+ - |
+ // Convert Bool String to Bool Integer
+ switch(value) {
+ case "yes":
+ return 1;
+ case "no":
+ return 0;
+ default:
+ return 99;
+ }
+ - type: IN_RANGE
+ parameters:
+ - '0'
+ - '1'
+ error_handler: CUSTOM_ERROR
+ error_handler_params: 'Unknown value received'
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: pakfire.status
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 5bf0656d2f9f46258ee36ca10096a9bb
+ expression: 'last(/IPFire by Zabbix agent active/pakfire.reboot-required)=1'
+ name: 'Pakfire: Reboot required'
+ url: 'https://{HOST.CONN}:444/cgi-bin/shutdown.cgi'
+ priority: INFO
+ description: 'An update requires a reboot of IPFire to complete. Please reboot the host as soon as possible. Go to the IPFire webgui > System > Shutdown to perform a reboot.'
+ tags:
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 0593a390fa7f40e1b23c94fe845eff09
+ name: 'Pakfire Status: Get'
+ type: ZABBIX_ACTIVE
+ key: pakfire.status
+ delay: 10m
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: raw
+ - tag: component
+ value: system
+ - uuid: 7349c0e5921440f5bf1e8be3111acb7f
+ name: 'Network: # of open connections'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_count"]'
+ history: 7d
+ tags:
+ - tag: component
+ value: network
+ - uuid: aaa91f7fdd3949d0adf4a6f90e9ddc87
+ name: 'Network: Max # of open connections'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_max"]'
+ delay: 1h
+ history: 7d
+ tags:
+ - tag: component
+ value: network
+ - uuid: cdc1d6590ab044cc8e9684119238c1db
+ name: 'System: Last update'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.time["/opt/pakfire/db/core/mine",modify]'
+ delay: 10m
+ history: 7d
+ units: unixtime
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ tags:
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ - uuid: 8614cc5f14364b8d851631850a0d0ce9
+ name: 'Pakfire: Last core-list update'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.time["/opt/pakfire/db/lists/core-list.db",modify]'
+ delay: 10m
+ history: 7d
+ units: unixtime
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ tags:
+ - tag: component
+ value: application
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: a490e3a3d0be4fd88f6890afc61e4826
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/core-list.db",modify],49h)=0'
+ recovery_mode: RECOVERY_EXPRESSION
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/core-list.db",modify],1h)=1'
+ name: 'Pakfire: Last core-list update > 49h ago'
+ priority: WARNING
+ description: 'Auslösung bei Delta > 49h / Recovery bei Delta < 1h'
+ dependencies:
+ - name: 'Pakfire: Last server-list update > 49h ago'
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],49h)=0'
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],1h)=1'
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 72d6284952044ff58795e6076e6ad3c8
+ name: 'Pakfire: Last packages-list update'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.time["/opt/pakfire/db/lists/packages_list.db",modify]'
+ delay: 10m
+ history: 7d
+ units: unixtime
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ tags:
+ - tag: component
+ value: application
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: 9a7dfe94a226472bb36f9d1c4f5a86e6
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/packages_list.db",modify],49h)=0'
+ recovery_mode: RECOVERY_EXPRESSION
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/packages_list.db",modify],1h)=1'
+ name: 'Pakfire: Last packages-list update > 49h ago'
+ priority: WARNING
+ description: 'Auslösung bei Delta > 49h / Recovery bei Delta < 1h'
+ dependencies:
+ - name: 'Pakfire: Last server-list update > 49h ago'
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],49h)=0'
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],1h)=1'
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ - uuid: 0dd0776c8b91489784d45bf06893d1c3
+ name: 'Pakfire: Last server-list update'
+ type: ZABBIX_ACTIVE
+ key: 'vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify]'
+ delay: 10m
+ history: 7d
+ units: unixtime
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ tags:
+ - tag: component
+ value: application
+ - tag: component
+ value: pakfire
+ - tag: component
+ value: system
+ triggers:
+ - uuid: da2d132b5dd142a2a047413fc2ed3bc7
+ expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],49h)=0'
+ recovery_mode: RECOVERY_EXPRESSION
+ recovery_expression: 'fuzzytime(/IPFire by Zabbix agent active/vfs.file.time["/opt/pakfire/db/lists/server-list.db",modify],1h)=1'
+ name: 'Pakfire: Last server-list update > 49h ago'
+ priority: WARNING
+ description: 'Auslösung bei Delta > 49h / Recovery bei Delta < 1h'
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: notice
+ - tag: scope
+ value: security
+ discovery_rules:
+ - uuid: 61c015898168475892226c0d1cc752d8
+ name: 'Firewall chains discovery'
+ type: DEPENDENT
+ key: ipfire.net.fw.hits.discovery
+ delay: '0'
+ filter:
+ conditions:
+ - macro: '{#FW_CHAIN}'
+ value: '{$IPFIRE.FW_CHAIN.MATCHES}'
+ formulaid: A
+ - macro: '{#FW_CHAIN}'
+ value: '{$IPFIRE.FW_CHAIN.NOT_MATCHES}'
+ operator: NOT_MATCHES_REGEX
+ formulaid: B
+ description: 'Discovery of firewall chains in filter table to create "firewall hits" items/chain'
+ item_prototypes:
+ - uuid: e754323822f04c6b9e2e77bca43344fe
+ name: 'Firewall: Hits on chain {#FW_CHAIN}'
+ type: DEPENDENT
+ key: 'ipfire.net.fw.hits[{#FW_CHAIN}]'
+ delay: '0'
+ history: 7d
+ units: bps
+ description: 'Bytes dropped on firewall chain {#FW_CHAIN} of the Filter table'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.chain=="{#FW_CHAIN}")].bytes.first()'
+ - type: CHANGE_PER_SECOND
+ parameters:
+ - ''
+ master_item:
+ key: ipfire.net.fw.hits.raw
+ tags:
+ - tag: component
+ value: firewall
+ - tag: component
+ value: network
+ - tag: component
+ value: os
+ - tag: firewall-chain
+ value: '{#FW_CHAIN}'
+ master_item:
+ key: ipfire.net.fw.hits.raw
+ lld_macro_paths:
+ - lld_macro: '{#FW_CHAIN}'
+ path: $.chain
+ preprocessing:
+ - type: JAVASCRIPT
+ parameters:
+ - |
+ // Filter out toggling part: bytes
+ discovery_items = JSON.parse(value);
+ discovery_items.map(function (item) { delete item['bytes']; });
+ return JSON.stringify(discovery_items);
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ - uuid: 4255351b82de467ea643cb15b5f2297e
+ name: 'OpenVPN clients discovery'
+ type: ZABBIX_ACTIVE
+ key: ipfire.ovpn.clients.discovery
+ delay: 1h
+ filter:
+ evaltype: AND
+ conditions:
+ - macro: '{#COMMONNAME}'
+ value: '{$IPFIRE.OVPN.COMMONNAME.MATCHES}'
+ formulaid: A
+ - macro: '{#COMMONNAME}'
+ value: '{$IPFIRE.OVPN.COMMONNAME.NOTMATCHES}'
+ operator: NOT_MATCHES_REGEX
+ formulaid: B
+ - macro: '{#STATE}'
+ value: '{$IPFIRE.OVPN.STATE.MATCHES}'
+ formulaid: C
+ description: 'Discovers configured OpenVPN clients'
+ host_prototypes:
+ - uuid: 37dc62b5f94c4979bfca33e8ab7ae7cb
+ host: '{#COMMONNAME}'
+ name: '{#NAME}'
+ group_links:
+ - group:
+ name: 'OpenVPN Clients'
+ templates:
+ - name: 'IPFire OpenVPN Client by Zabbix agent'
+ macros:
+ - macro: '{$IPFIRE.OVPN.CLIENT.COMMONNAME}'
+ value: '{#COMMONNAME}'
+ description: 'OpenVPN client Common Name'
+ - macro: '{$IPFIRE.OVPN.CLIENT.NAME}'
+ value: '{#NAME}'
+ description: 'OpenVPN client Name'
+ - macro: '{$IPFIRE.OVPN.CLIENT.REMARK}'
+ value: '{#REMARK}'
+ description: 'OpenVPN client remark'
+ - macro: '{$IPFIRE.OVPN.CLIENT.STATE}'
+ value: '{#STATE}'
+ description: 'OpenVPN client state'
+ - macro: '{$IPFIRE.OVPN.CLIENT.TYPE}'
+ value: '{#TYPE}'
+ description: 'OpenVPN client type'
+ tags:
+ - tag: type
+ value: '{#TYPE}'
+ - uuid: 0724a9154c924222a1495a4665929039
+ name: 'IPFire Services discovery'
+ type: DEPENDENT
+ key: ipfire.services.discovery
+ delay: '0'
+ filter:
+ evaltype: AND
+ conditions:
+ - macro: '{#SERVICENAME}'
+ value: '{$IPFIRE.SERVICENAME.MATCHES}'
+ formulaid: A
+ - macro: '{#SERVICENAME}'
+ value: '{$IPFIRE.SERVICENAME.NOT_MATCHES}'
+ operator: NOT_MATCHES_REGEX
+ formulaid: B
+ item_prototypes:
+ - uuid: bd1d7dfffc65492fb3eb7ade56c07bf8
+ name: 'OpenVPN: # clients connected'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.clients.count[{#SINGLETON}]'
+ delay: '0'
+ description: 'Number of clients currently connected with OpenVPN'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - $.clients.length()
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '0'
+ master_item:
+ key: 'ipfire.ovpn.statusreport.get[{#SINGLETON}]'
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 17b4f2e8a9b944c7b09f81c6b6f8699b
+ name: 'OpenVPN: Statusreport: Get'
+ type: ZABBIX_ACTIVE
+ key: 'ipfire.ovpn.statusreport.get[{#SINGLETON}]'
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ description: 'Get OpenVPN status report containing list of connected clients and routing tables'
+ preprocessing:
+ - type: DISCARD_UNCHANGED
+ parameters:
+ - ''
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: raw
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 9f207a283c4347569f02374f8e548b69
+ name: 'OpenVPN: Last status report update'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.statusreport.timestamp[{#SINGLETON}]'
+ delay: '0'
+ history: 1d
+ units: unixtime
+ description: 'Timestamp of last OpenVPN server statusreport update'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - $.timestamp
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: 'ipfire.ovpn.statusreport.get[{#SINGLETON}]'
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 64ab99104e5c4a748745fbc1d02b1803
+ name: '{#SERVICE}: Memory usage'
+ type: DEPENDENT
+ key: 'ipfire.services.memory[{#SERVICENAME}]'
+ delay: '0'
+ history: 7d
+ units: b
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.servicename == "{#SERVICENAME}")].memory.first()'
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: ipfire.services
+ tags:
+ - tag: component
+ value: memory
+ - tag: component
+ value: service
+ - tag: service
+ value: '{#SERVICENAME}'
+ - uuid: 3d679fd91a334de1949e5cc5afdcc8a3
+ name: '{#SERVICE}: Start on boot'
+ type: DEPENDENT
+ key: 'ipfire.services.onboot[{#SERVICENAME}]'
+ delay: '0'
+ history: 7d
+ valuemap:
+ name: 'Boolean Yes/no'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.servicename == "{#SERVICENAME}")].onboot.first()'
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '1'
+ master_item:
+ key: ipfire.services
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: '{#SERVICENAME}'
+ - uuid: 865fe738cfb34752b83605930b3cf180
+ name: '{#SERVICE}: Pid'
+ type: DEPENDENT
+ key: 'ipfire.services.pid[{#SERVICENAME}]'
+ delay: '0'
+ history: 7d
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.servicename == "{#SERVICENAME}")].pid.first()'
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.services
+ tags:
+ - tag: component
+ value: os
+ - tag: component
+ value: service
+ - tag: service
+ value: '{#SERVICENAME}'
+ - uuid: 7fa6c6e4b6cf4a018ac3002122b0e0e5
+ name: '{#SERVICE}: State'
+ type: DEPENDENT
+ key: 'ipfire.services.state[{#SERVICENAME}]'
+ delay: '0'
+ history: 7d
+ valuemap:
+ name: 'Service state'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$[?(@.servicename == "{#SERVICENAME}")].state.first()'
+ master_item:
+ key: ipfire.services
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: '{#SERVICENAME}'
+ trigger_prototypes:
+ - uuid: 71d4baaa724140179fbde0bbdd170dfa
+ expression: '{$IPFIRE.SERVICE.TRIGGER:"{#SERVICENAME}"} and last(/IPFire by Zabbix agent active/ipfire.services.state[{#SERVICENAME}])<>1'
+ name: '{#SERVICE}: Service not running'
+ priority: HIGH
+ description: 'The IPFire service {#SERVICE} is not running. If this service is manually disabled, set host macro $IPFIRE.SERVICE.TRIGGER:"{#SERVICENAME}" to 0 to disable this trigger.'
+ tags:
+ - tag: scope
+ value: availability
+ trigger_prototypes:
+ - uuid: adf12fb393704b90b3bd5541a447e2a1
+ expression: |
+ last(/IPFire by Zabbix agent active/ipfire.services.onboot[{#SERVICENAME}])=1 and
+ (nodata(/IPFire by Zabbix agent active/ipfire.ovpn.statusreport.get[{#SINGLETON}],5m)=1 or
+ time()-last(/IPFire by Zabbix agent active/ipfire.ovpn.statusreport.timestamp[{#SINGLETON}])>5m)
+ name: 'OpenVPN: Statusreport outdated'
+ priority: AVERAGE
+ description: |
+ Did not receive a recent OpenVPN status report. OpenVPN client data is probably outdated and/or inaccurate.
+ Check if Zabbix Agent is running and properly configured to send OpenVPN status reports (UserParameter: ipfire.ovpn.statusreport.get) and/or OpenVPN server configuration is the IPFire default.
+ dependencies:
+ - name: '{#SERVICE}: Service not running'
+ expression: '{$IPFIRE.SERVICE.TRIGGER:"{#SERVICENAME}"} and last(/IPFire by Zabbix agent active/ipfire.services.state[{#SERVICENAME}])<>1'
+ tags:
+ - tag: scope
+ value: availability
+ master_item:
+ key: ipfire.services
+ lld_macro_paths:
+ - lld_macro: '{#SERVICENAME}'
+ path: $.servicename
+ - lld_macro: '{#SERVICE}'
+ path: $.service
+ - lld_macro: '{#SINGLETON}'
+ path: $.singleton
+ preprocessing:
+ - type: JAVASCRIPT
+ parameters:
+ - |
+ // Filter out toggling parts: state, pid, memory, onboot & add singleton
+ discovery_items = JSON.parse(value);
+ discovery_items.map(function (item) { ['state','pid','memory', 'onboot'].forEach(function(key) { delete item[key] }); item['singleton'] = "" });
+ return JSON.stringify(discovery_items);
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ overrides:
+ - name: 'Don''t discover OpenVPN specific items/triggers on other services'
+ step: '1'
+ filter:
+ conditions:
+ - macro: '{#SERVICENAME}'
+ value: openvpn
+ operator: NOT_MATCHES_REGEX
+ formulaid: A
+ operations:
+ - operationobject: ITEM_PROTOTYPE
+ operator: REGEXP
+ value: '^OpenVPN: .*'
+ discover: NO_DISCOVER
+ - operationobject: TRIGGER_PROTOTYPE
+ operator: REGEXP
+ value: '^OpenVPN: .*'
+ discover: NO_DISCOVER
+ tags:
+ - tag: class
+ value: software
+ - tag: target
+ value: ipfire
+ macros:
+ - macro: '{$IPFIRE.CONN.MAX.RESOLVE}'
+ value: '85'
+ description: 'Percentage of max open connections used before resolving trigger'
+ - macro: '{$IPFIRE.CONN.MAX.WARN}'
+ value: '95'
+ description: 'Max percentage of max open connections used before triggering warning'
+ - macro: '{$IPFIRE.FW_CHAIN.MATCHES}'
+ value: '^.*$'
+ description: 'Only discover firewall chains matching this regex'
+ - macro: '{$IPFIRE.FW_CHAIN.NOT_MATCHES}'
+ value: CHANGE_IF_NEEDED
+ description: 'Do not discover firewall chains matching this regex'
+ - macro: '{$IPFIRE.OVPN.COMMONNAME.MATCHES}'
+ value: '^.*$'
+ description: 'OpenVPN clients with common name matching this regex will be discovered'
+ - macro: '{$IPFIRE.OVPN.COMMONNAME.NOTMATCHES}'
+ value: CHANGE_IF_NEEDED
+ description: 'OpenVPN clients with common name matching this regex will not be discovered'
+ - macro: '{$IPFIRE.OVPN.STATE.MATCHES}'
+ value: 'on'
+ description: 'OpenVPN clients with a state (on/off) matching this regex will be discovered.'
+ - macro: '{$IPFIRE.SERVICE.TRIGGER}'
+ value: '1'
+ description: 'Whether Zabbix needs to trigger when an IPFire service is down. This variable can be used with context to exclude specific services.'
+ - macro: '{$IPFIRE.SERVICENAME.MATCHES}'
+ value: '^.*$'
+ description: 'All services matching this regex will be discovered'
+ - macro: '{$IPFIRE.SERVICENAME.NOT_MATCHES}'
+ value: CHANGE_IF_NEEDED
+ description: 'Services matching this regex will not be discovered'
+ valuemaps:
+ - uuid: 57ac5ee3ecd34a36a30119db05e5a738
+ name: 'Boolean Yes/no'
+ mappings:
+ - value: '0'
+ newvalue: 'No'
+ - value: '1'
+ newvalue: 'Yes'
+ - uuid: 9f0de9d59823477b9e8788e0c4b100d2
+ name: 'OpenVPN Connection state'
+ mappings:
+ - value: '0'
+ newvalue: 'not connected'
+ - value: '1'
+ newvalue: connected
+ - uuid: 7517e6ba802e42abaf567ae383a32414
+ name: 'Service state'
+ mappings:
+ - value: '0'
+ newvalue: Down
+ - value: '1'
+ newvalue: Up
+ - uuid: 52850149b8ad443184ee95d3da3cd195
+ template: 'IPFire OpenVPN Client by Zabbix agent'
+ name: 'IPFire OpenVPN Client by Zabbix agent'
+ description: |
+ Monitor an IPFire OpenVPN client
+
+ This template is applied to discovered OpenVPN client hosts by the template IPFire by Zabbix agent and is not meant to be applied manually to any hosts.
+ vendor:
+ name: RobinR1
+ version: 6.4-0.3
+ groups:
+ - name: Templates/Modules
+ items:
+ - uuid: bead53bd8f1f4382b4c36733db3ab0f3
+ name: 'OpenVPN: Client common name'
+ type: SCRIPT
+ key: ipfire.ovpn.client.commonname
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ params: 'return "{$IPFIRE.OVPN.CLIENT.COMMONNAME}";'
+ description: 'OpenVPN Client connection name as configured in IPFire WUI'
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: add7fbf01d384c0bab9ded620fa9f958
+ name: 'OpenVPN: Last connection duration'
+ type: CALCULATED
+ key: 'ipfire.ovpn.client.connection[{$IPFIRE.OVPN.CLIENT.COMMONNAME},duration]'
+ history: 7d
+ units: s
+ params: 'last(//ipfire.ovpn.routing_table[{$IPFIRE.OVPN.CLIENT.COMMONNAME},last_ref])-last(//ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},connected_since])'
+ description: 'Duration of current or last connection'
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 12b42114672c4f698fa3e9407d0f0346
+ name: 'OpenVPN: Client name'
+ type: SCRIPT
+ key: ipfire.ovpn.client.name
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ params: 'return "{$IPFIRE.OVPN.CLIENT.NAME}";'
+ description: 'OpenVPN Client name as configured in IPFire WUI'
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 7eeabe63f0ba4f3dbd32403ed37c5acb
+ name: 'OpenVPN: Client remark'
+ type: SCRIPT
+ key: ipfire.ovpn.client.remark
+ history: 7d
+ trends: '0'
+ value_type: TEXT
+ params: 'return "{$IPFIRE.OVPN.CLIENT.REMARK}";'
+ description: 'OpenVPN Client remark as configured in IPFire WUI'
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 108aef4c2b184624a00961f5b64500c4
+ name: 'OpenVPN: Client access status'
+ type: SCRIPT
+ key: ipfire.ovpn.client.state
+ history: 7d
+ params: 'return "{$IPFIRE.OVPN.CLIENT.STATE}";'
+ description: 'Whether the client is enabled to access the IPFire OpenVPN server.'
+ preprocessing:
+ - type: STR_REPLACE
+ parameters:
+ - 'off'
+ - '0'
+ - type: STR_REPLACE
+ parameters:
+ - 'on'
+ - '1'
+ - type: IN_RANGE
+ parameters:
+ - '0'
+ - '1'
+ error_handler: CUSTOM_ERROR
+ error_handler_params: 'Unknown client state'
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 08411efa83e3490da6858c96fe8e406f
+ name: 'OpenVPN: Client type'
+ type: SCRIPT
+ key: ipfire.ovpn.client.type
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ params: 'return "{$IPFIRE.OVPN.CLIENT.TYPE}";'
+ description: 'OpenVPN Client type'
+ valuemap:
+ name: 'OpenVPN Client type'
+ preprocessing:
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1d
+ tags:
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 713f21c4059a452d8aa6746dbb4c024d
+ name: 'OpenVPN: Bytes received'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},bytes_in]'
+ delay: '0'
+ history: 7d
+ units: b
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].bytes_in.first()'
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '0'
+ - type: SIMPLE_CHANGE
+ parameters:
+ - ''
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 57993d21e1d04b319b4adc5f70385a30
+ name: 'OpenVPN: Bytes received total'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},bytes_in_total]'
+ delay: '0'
+ history: 7d
+ units: b
+ description: 'Total amount of bytes received during current/last connection'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].bytes_in.first()'
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 130de3a8a8bf4e4987ac563eabb88602
+ name: 'OpenVPN: Bytes sent'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},bytes_out]'
+ delay: '0'
+ history: 7d
+ units: b
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].bytes_out.first()'
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '0'
+ - type: SIMPLE_CHANGE
+ parameters:
+ - ''
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 81bdb6e42bdd46a58308531d0cffac32
+ name: 'OpenVPN: Bytes sent total'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},bytes_out_total]'
+ delay: '0'
+ history: 7d
+ units: b
+ description: 'Total amount of bytes sent during current/last connection'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].bytes_out.first()'
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: e035d6315a7e4403a25185d17bbe6489
+ name: 'OpenVPN: Connection state'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},connected]'
+ delay: '0'
+ history: 7d
+ description: 'Whether the client is currently connected'
+ valuemap:
+ name: 'OpenVPN Connection state'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].length()'
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 8b0ba4b88ae549a0a4a2346e1cf40133
+ name: 'OpenVPN: Last connection time'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},connected_since]'
+ delay: '0'
+ history: 7d
+ units: unixtime
+ description: 'Timestamp of last client connection initiation'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].connected_since.first()'
+ error_handler: DISCARD_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: fd22e3d29b4c4c358c77d100cd412990
+ name: 'OpenVPN: Remote IP Address'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.client[{$IPFIRE.OVPN.CLIENT.COMMONNAME},real_address]'
+ delay: '0'
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ description: 'Real IP address of client'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.clients[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].real_address.first()'
+ error_handler: CUSTOM_VALUE
+ error_handler_params: '0.0.0.0:0'
+ - type: REGEX
+ parameters:
+ - '^(\d+\.\d+\.\d+\.\d+):\d+$'
+ - \1
+ - type: STR_REPLACE
+ parameters:
+ - 0.0.0.0
+ - ''
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 175a8220c2e04e42884e1a5b67de263f
+ name: 'OpenVPN: Last activity'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.routing_table[{$IPFIRE.OVPN.CLIENT.COMMONNAME},last_ref]'
+ delay: '0'
+ history: 7d
+ units: unixtime
+ description: 'Timestamp of last client network activity'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.routing_table[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].last_ref.first()'
+ error_handler: DISCARD_VALUE
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: c1c65e8f92b84008a69eb40db7907d61
+ name: 'OpenVPN: VPN IP Address'
+ type: DEPENDENT
+ key: 'ipfire.ovpn.routing_table[{$IPFIRE.OVPN.CLIENT.COMMONNAME},virtual_address]'
+ delay: '0'
+ history: 7d
+ trends: '0'
+ value_type: CHAR
+ description: 'Virtual IP address of client'
+ preprocessing:
+ - type: JSONPATH
+ parameters:
+ - '$.routing_table[?(@.common_name == "{$IPFIRE.OVPN.CLIENT.COMMONNAME}")].virtual_address.first()'
+ error_handler: CUSTOM_VALUE
+ - type: DISCARD_UNCHANGED_HEARTBEAT
+ parameters:
+ - 1h
+ master_item:
+ key: ipfire.ovpn.statusreport.get
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ - uuid: 5c6b95eedb1a47d99dfba1bb092d56bf
+ name: 'OpenVPN statusreport: Get'
+ key: ipfire.ovpn.statusreport.get
+ history: '0'
+ trends: '0'
+ value_type: TEXT
+ description: 'Get OpenVPN status report containing list of connected clients and routing tables'
+ preprocessing:
+ - type: DISCARD_UNCHANGED
+ parameters:
+ - ''
+ tags:
+ - tag: component
+ value: network
+ - tag: component
+ value: raw
+ - tag: component
+ value: service
+ - tag: service
+ value: openvpn
+ tags:
+ - tag: class
+ value: device
+ - tag: target
+ value: ipfire
+ - tag: target
+ value: openvpn-client
+ macros:
+ - macro: '{$IPFIRE.OVPN.CLIENT.COMMONNAME}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client Common Name'
+ - macro: '{$IPFIRE.OVPN.CLIENT.NAME}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client Name'
+ - macro: '{$IPFIRE.OVPN.CLIENT.REMARK}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client remark'
+ - macro: '{$IPFIRE.OVPN.CLIENT.STATE}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client state'
+ - macro: '{$IPFIRE.OVPN.CLIENT.TYPE}'
+ value: FILLED_IN_BY_HOST_DISCOVERY
+ description: 'OpenVPN client type'
+ valuemaps:
+ - uuid: 87dfebb2a9784886b12efe44d8044ee3
+ name: 'OpenVPN Client access status'
+ mappings:
+ - value: '0'
+ newvalue: disabled
+ - value: '1'
+ newvalue: enabled
+ - uuid: 142e2748979147cb8b8f887825575a72
+ name: 'OpenVPN Client type'
+ mappings:
+ - value: host
+ newvalue: Roadwarior
+ - type: REGEXP
+ value: '^net.*'
+ newvalue: 'Remote network'
+ - uuid: 486bcaed8ba049c7b9b7c811482b6ad8
+ name: 'OpenVPN Connection state'
+ mappings:
+ - value: '0'
+ newvalue: 'not connected'
+ - value: '1'
+ newvalue: connected
+ triggers:
+ - uuid: ed954859a31b4e658e1c1ac42545a6f6
+ expression: 'last(/IPFire by Zabbix agent active/vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_count"])/last(/IPFire by Zabbix agent active/vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_max"])*100>{$IPFIRE.CONN.MAX.WARN}'
+ recovery_mode: RECOVERY_EXPRESSION
+ recovery_expression: 'last(/IPFire by Zabbix agent active/vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_count"])/last(/IPFire by Zabbix agent active/vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_max"])*100<={$IPFIRE.CONN.MAX.RESOLVE}'
+ name: 'Number of open connection is too high (> 90% of max open connections)'
+ opdata: 'Open connections: {ITEM.LASTVALUE1}, Max open connections: {ITEM.LASTVALUE2}'
+ priority: WARNING
+ description: |
+ The current number of open connections is at {$IPFIRE.CONN.MAX}% of the max allowed number of open connections. When the max allowed number of open connections is reached, new connections will be dropped.
+ Consider increasing the net.netfilter.nf_conntrack_max system variable.
+ tags:
+ - tag: scope
+ value: availability
+ - tag: scope
+ value: capacity
+ graphs:
+ - uuid: f9acf1d3482f4af3b619a649eb81b844
+ name: 'Line Quality'
+ graph_items:
+ - sortorder: '1'
+ drawtype: GRADIENT_LINE
+ color: 1A7C11
+ item:
+ host: 'IPFire by Zabbix agent active'
+ key: ipfire.net.gateway.pingtime
+ - uuid: f4bf7726c930427aa2a99bad42d7fa7f
+ name: 'Open Connections'
+ graph_items:
+ - sortorder: '1'
+ color: FF0000
+ item:
+ host: 'IPFire by Zabbix agent active'
+ key: 'vfs.file.contents["/proc/sys/net/netfilter/nf_conntrack_count"]'