Netgate SG-1000 microFirewall

Author Topic: pfSense 2.3 Check_mk working with xinetd  (Read 7291 times)

0 Members and 1 Guest are viewing this topic.

Offline toddh

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #15 on: May 06, 2017, 03:11:35 pm »

Trying to get this running on pfSense 2.3.3 for external monitoring and I am running into a problem. 

When I modify filter.inc and then reload filter I get this message in the System Log
"Unable to read included directory: /opt/etc/xinetd.d [file=/var/etc/xinetd.conf] [line=1]"

The /var/etc/xinetd.conf files contains
includedir /opt/etc/xinetd.d

I am not sure if I have made an error, or something otherwise is happening.





Offline Programie

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
    • SelfCoders
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #16 on: July 21, 2017, 05:39:16 pm »
Thanks for a working Check_MK Agent on pfSense!

I've written a simple local check for Check_MK to check whether a new version of pfSense is available. Maybe someone is interested in it.

Create a new file (I've named it "check_version.php") in your $LOCALDIR of Check_MK (which is "$MK_LIBDIR/local") containing the following content:
Code: [Select]
#! /usr/bin/env php
<?php
include "pkg-utils.inc";

$info get_system_pkg_version();

if (
$info["installed_version"] == $info["version"]) {
    echo 
"0 pfSense_Version - No new update available\n";
} else {
    echo 
"1 pfSense_Version - Version " $info["version"] . " available\n";
}

Make it executable: chmod +x check_version.php

You probably don't want to check for a new version on every run of check_mk_agent, so move the script into a subfolder containing the run interval as the name. I've saved the script to $LOCALDIR/3600/check_update.php so it will be executed every hour.

Offline lebernd

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #17 on: September 08, 2017, 12:09:59 pm »
Thank you for the guide!

Everything it still works for me under 2.4rc - just remember to grab a new libstatgrab-0.91.txz for Freebsd11.

Best, Bernd

Offline Programie

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
    • SelfCoders
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #18 on: October 12, 2017, 01:10:28 pm »
I've also updated pfSense (in my case the final release of version 2.4) and can confirm it still works. I didn't had to grab a new libstatgrab, it just works for me out of the box (I only had to add the additional include in /etc/inc/filter.inc just like on every update).

Offline steini

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #19 on: October 19, 2017, 12:14:42 pm »
Hey guys

I just updated to 2.4 and started getting these errors:


**EDIT / SOLVED

Needed to update libstatgrab
fetch http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/libstatgrab-0.91.txz && pkg install libstatgrab-0.91.txz
« Last Edit: October 20, 2017, 11:07:51 am by steini »

Offline matthewfearnley

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #20 on: November 17, 2017, 05:16:03 am »
After an upgrade to 2.4(.1) I seem to be getting errors now with the Memory Used plugin: UNKNOWN - check failed - please submit a crash report!
(The crash report says: KeyError: 'MemTotal')

Agent output:
Relevant Check_MK output:
Code: [Select]
<<<mem>>>
SwapTotal: 782336 kB
SwapFree: 782336 kB
(No MemTotal line)

My copy of the agent includes a <<<mem>>> section:
Code: [Select]
# Memory Usage
# currently we'll need sysutils/muse for this.
if [ -x /usr/local/bin/muse ]
then
echo '<<<mem>>>'
# yes, i don't know sed well.
muse -k 2>/dev/null | sed 's/Total/MemTotal/' | sed 's/Free/MemFree/'
swapinfo -k 1K | tail -n 1 | awk '{ print "SwapTotal: "$2" kB\nSwapFree: "$4" kB" }'
fi

I've installed muse with 'fetch http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/muse-0.2.txz && pkg install muse-0.2.txz'

But 'muse -k' outputs:
Code: [Select]
kvm_open: kvm_nlist: No such file or directory
kvm_open: kvm_nlist: No such file or directory
kvm_open: kvm_nlist: No such file or directory
kvm_open: kvm_nlist: No such file or directory
kvm_nlist failed

Possibly the <<<mem>>> code no longer works?  It looks like it used to be in check_mk_agent.freebsd but is not there now.

EDIT: I realised we are using an old, customised version of the agent.  I'm not willing to update wholesale at this point, but this seems to work now, from a less old version of the agent.  It also means we don't have to install muse now.
Code: [Select]
# Memory Usage. First we try statgrab, since
# muse does not seem to support >4GB
if [ -x /usr/local/bin/statgrab ] ; then
    echo '<<<mem>>>'
    statgrab -K mem.total mem.free swap.total swap.free | \
    awk '{gsub(/swap\./,"Swap");}{gsub(/mem\./,"Mem");}{gsub(/tot/,"Tot");}{gsub(/free/,"Free");} { print $1":  "$3" kB"}'
elif [ -x /usr/local/bin/muse ] ; then
    echo '<<<mem>>>'
    muse -k 2>/dev/null | sed 's/Total/MemTotal/' | sed 's/Free/MemFree/'
    swapinfo -k 1K | tail -n 1 | awk '{ print "SwapTotal: "$2" kB\nSwapFree: "$4" kB" }'
fi
It seems to have been removed entirely in a later version, in favour of a <<<statgrab_mem>>> section.
« Last Edit: November 17, 2017, 05:19:12 am by matthewfearnley »

Offline azekiel

  • Jr. Member
  • **
  • Posts: 47
  • Karma: +3/-0
    • View Profile
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #21 on: December 08, 2017, 06:13:40 am »
Just update /opt/bin/check_mk_agent with the newest version available from http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob_plain;f=agents/check_mk_agent.freebsd;hb=HEAD and install libstatgrab for the memory display to work (fetch http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/libstatgrab-0.91.txz && pkg install libstatgrab-0.91.txz)

Offline Overlord

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #22 on: December 17, 2017, 03:10:35 pm »
Didn't work for me (pfSense 2.4.2-RELEASE-p1 (amd64)). I did all steps without any problems, but after reloading the filters, nothing happens. Nothing with xinetd or check_mk in the system logs and I can't to "nc localhost 6556" or "telnet localhost 6556".

Offline Programie

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
    • SelfCoders
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #23 on: December 17, 2017, 03:51:02 pm »
Didn't work for me (pfSense 2.4.2-RELEASE-p1 (amd64)). I did all steps without any problems, but after reloading the filters, nothing happens. Nothing with xinetd or check_mk in the system logs and I can't to "nc localhost 6556" or "telnet localhost 6556".
Does the Check_MK Agent work if called from the terminal?

Try to execute "/opt/bin/check_mk_agent" on your pfSense host.

And what exact error are you getting if you try to reach port 6556? Connection refused? Connection timed out?

A filter reload should show nothing special (i.e. does not contain anything with check_mk). But you should see something like "readjusting service check_mk" in "Status -> System Logs -> System -> General" after reloading the filters.

After a filter reload, the file "/var/etc/xinetd.conf" should contain a line "includedir /opt/etc/xinetd.d". /opt/etc/xinetd.d should be a directory containing your xinetd config file for Check_MK.

Also make sure, xinetd is running: "ps ax | grep xinetd" should return something like "/usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid"
« Last Edit: December 17, 2017, 05:18:14 pm by Programie »

Offline toddh

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #24 on: January 30, 2018, 11:57:44 pm »

Worked perfectly for me on 2.4.2! 

Really appreciate the instructions!

Thank you!!!!!!!


Offline karls0

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-1
    • View Profile
Re: pfSense 2.3 Check_mk working with xinetd
« Reply #25 on: February 24, 2018, 10:05:53 am »
Didn't work for me (pfSense 2.4.2-RELEASE-p1 (amd64)). I did all steps without any problems, but after reloading the filters, nothing happens. Nothing with xinetd or check_mk in the system logs and I can't to "nc localhost 6556" or "telnet localhost 6556".
Does the Check_MK Agent work if called from the terminal?

Try to execute "/opt/bin/check_mk_agent" on your pfSense host.

And what exact error are you getting if you try to reach port 6556? Connection refused? Connection timed out?

A filter reload should show nothing special (i.e. does not contain anything with check_mk). But you should see something like "readjusting service check_mk" in "Status -> System Logs -> System -> General" after reloading the filters.

After a filter reload, the file "/var/etc/xinetd.conf" should contain a line "includedir /opt/etc/xinetd.d". /opt/etc/xinetd.d should be a directory containing your xinetd config file for Check_MK.

Also make sure, xinetd is running: "ps ax | grep xinetd" should return something like "/usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid"
HI,
I have also a problem with check_mk and xinetd.

check_mk works from the terminal.  I cannot find a xinetd-process on my box. Also, after reloading the filters (with the manually added line to include /opt/etc/xinetd.d) I only find

Feb 24 16:58:45    check_reload_status       Reloading filter
in the logs.     /var/etc/xinetd.conf is empty

ps doesn't show a xinetd.

How do I start xinetd on pfsense? Shouldn*t it be running by default?

Any help appreciated,
Karl