Configuring the checks on Nagios XI
This is the third and final part to monitoring pfSense with Nagios XI using SSH. If you missed either of the previous parts, I’ve included them below.
Finally, let’s configure the checks on Nagios XI! Go to the SSH Proxy wizard. I like to change the OS to FreeBSD, but all that really does is change the icon in the web interface.
Change the host name to whatever you’d like. In my example, I chose pfSense-home. At this time, take the checkboxes out of the 2 other remote commands and leave it for the check_disk remote command only. Also, change the remote command to the text below. Make sure you pay attention to the path because the default Nagios entry flip flops libexec and nagios! I recommend changing the display name to “Disk – Root” so when you monitor other partitions, they are all in order in the web GUI.
/usr/local/libexec/nagios/check_disk / -w 20% -c 5%
Answer the remaining questions/screens as you see fit. Once the configuration changes are made and the service checks run, you should see something in your Nagios service details.
Great start! But where are the rest of the checks from part 2? In Nagios XI, to add more you can do one of two things. Either a) go to the Core Config Manager and copy configs or b) go *back* through the wizard and copy/paste each of the lines below. I prefer the 2nd method because it is far less mouse clicking.
Obviously, you will need to omit or change lines to meet the needs of your firewall/environment. For instance, if you use a VPN, you will need to change the IP address and name. You will also need to change the interface names if you want to monitor those. If you use a Windows server for DHCP or DNS, don’t add the service monitors for dhcpd or unbound (DNS).
Also note the two entries that have ‘sudo’ before them. If you receive any errors stating there is a problem with “remote command execution failed” or permissions, that is likely the issue. If you need help on configuring sudo on pfSense, refer to part 1 of this series. If you would like a little more details on the individual checks, refer to part 2 of this series.
|/usr/local/libexec/nagios/check_disk /var/run -w 20% -c 5%||Disk – VarRun|
|/usr/local/libexec/nagios/check_ping -H 220.127.116.11 -w 80,10% -c 150,40%||Ping to OpenDNS|
|/usr/local/libexec/nagios/check_ntp_time -H time.google.com||NTP Variation|
|/usr/local/libexec/nagios/check_load -w 3,2.8,2.6 -c 10,7,5 -r||Load|
|/usr/local/libexec/nagios/check_procs -w 200 -c 400||Total Processes|
|/usr/local/libexec/nagios/check_swap -w 90% -c 40%||Swap Usage|
|/usr/local/libexec/nagios/check_pf_cpu -w 85 -c 95||CPU Usage|
|/usr/local/libexec/nagios/check_pf_mem -w 90 -c 95||Memory Usage|
|/usr/local/libexec/nagios/check_pf_interface -i em1_vlan5 -name DEVICES||Interface DEVICES|
|sudo /usr/local/libexec/nagios/check_pf_ipsec_tunnel -e <IP address> -name DallasTX||VPN to DallasTX|
|sudo /usr/local/libexec/nagios/check_pf_state_table -w 60 -c 90||State Table|
|/usr/local/libexec/nagios/check_pf_services -name snort||Service: snort|
|/usr/local/libexec/nagios/check_pf_services -name pinger||Service: pinger|
|/usr/local/libexec/nagios/check_pf_services -name dhcpd||Service: dhcpd|
|/usr/local/libexec/nagios/check_pf_services -name unbound||Service: unbound-DNS|
So what does the final result look like (see below)? Beautiful! Now that is how you monitor a firewall! I’m going to add more services to monitor at some point soon. If there are some particular checks you would like to see added, let me know and I’ll add it in. Better yet, write them up and/or add them to the GitHub repo and I’ll give you credit! I’ve also included the services config file below so Nagios Core users would have a better idea of how to configure it.