Robot/contrib-munin
2
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2018-11-08 00:59:34 +01:00
Code Issues Releases Wiki Activity
e3b2a3fc24
contrib-munin/plugins/other/pf
Gergely Czuczy 52651cc471 Initial version
2011-12-18 15:10:21 +01:00

144 lines
3.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# OpenBSD's pf(4) monitoring for FreeBSD
# 2007, Gergely Czuczy <phoemix@harmless.hu>
#
# Needs to run as root.
# Add "user root" for the [pf] into plugins.conf.
#
# Options:
# - env.do_searches yes: to enable state table search monitoring`
#
# 0.1 - initial release:
# - state table usage
# - search rate
# - match rate
# - state mismatch rate
# - blocked packets
# - monitoring of labelled rules
#
# 0.2 - feature improvements:
# - Labelled rules for packet count
# - OpenBSD compatibility
# - Warning and critical on state table
#
# 0.3 - feature improvements:
# - Aggregate rules with the same label
#
# 0.4 - feature changes:
# - State searches are optional. it can shrink others.
# - Labelled targets are marked with a leading L
#
#
#%# family=auto
#%# capabilities=autoconf
pfctl='/sbin/pfctl'
case $1 in
config)
cat <<EOF
graph_title OpenBSD pf statistics
graph_vlabel Entries per second
graph_scale no
graph_category network
graph_args -l 0
graph_info OpenBSD's pf usage statistics
states.label States
states.type GAUGE
EOF
${pfctl} -sm 2> /dev/null | awk '
/states/ {print "states.warning "$4*0.9; print "states.critical "$4*0.95}
'
if [ "x${do_searches}" = "xyes" ]; then
cat <<EOF
searches.label Searches
searches.min 0
searches.type DERIVE
EOF
fi
cat <<EOF
matches.label Matches
matches.min 0
matches.type DERIVE
mismatches.label State mismatches
mismatches.min 0
mismatches.type DERIVE
blocks.label Blocked packets
blocks.type DERIVE
blocks.min 0
EOF
pfctl -sl | awk '
{
l="";
for (i=1; i<NF-2; i=i+1) l=l" "$i;
sub(/^ /, "", l);
f=l;
gsub(/[^a-z0-9A-Z]/, "_", f);
print f".label L: "l;
print f".type DERIVE"
print f".min 0"}'
exit 0
;;
autoconf)
# FreeBSD
ostype=`uname -s`
if [ ${ostype} = "FreeBSD" ]; then
# enabled?
if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
echo "no (pf(4) is not enabled, consult pfctl(8)"
exit 1
fi
# OpenBSD
elif [ ${ostype} = "OpenBSD" ]; then
# pf(4) module loaded?
if [ `kldstat -v | grep pf | wc -l` -eq 0 ]; then
echo "no (pf(4) is not loaded)"
exit 1
fi
# enabled?
if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
echo "no (pf(4) is not enabled, consult pfctl(8)"
exit 1
fi
# Other OSes
else
echo "no (this plugin is not supported on your OS)"
exit 1
fi
echo "yes"
exit 0
;;
suggest)
exit 0;
;;
esac
#
${pfctl} -si 2>/dev/null | awk '
/current entries/{print "states.value",$3}
/searches/{if ( "'${do_searches}'" == "yes" ) print "searches.value",$2}
$1~/^match$/{print "matches.value",$2}
/state-mismatch/{print "mismatches.value",$2}'
${pfctl} -vsr 2> /dev/null| grep -A 1 ^block | awk 'BEGIN {sum=0}/^[ \t]*\[/{sum=sum+$5} END {print "blocks.value",sum}'
# the labeled ones
pfctl -sl | awk '
BEGIN {
total=0
}
{
l="";
for (i=1; i<NF-2; i=i+1) l=l" "$i;
sub(/^ /, "", l);
f=l;
gsub(/[^a-z0-9A-Z]/, "_", f);
total=total+1;
fields[f]=fields[f]+$(NF-i+2);
}
END {
if ( total == 0 ) exit 0;
for ( k in fields ) print k".value "fields[k]
}'
Reference in New Issue View Git Blame Copy Permalink