Any interests in development of extended OPNsense checks?

MarsellusWallace · May 12, 2021, 3:31pm

Hi guys,

I got a new OPNsense firewall for my SOHO and will/want to create some extended checks for this nice device, with more information additionally to SNMP- and/or FreeBSD-agent data.

Still not sure if I should only create a special agent gathering data from OPNAPI or if an agent plugin utilizing things like pfctl or similar is needed, too.

If you’re interested in monitoring your OPN in an extended way, I’d be pleased to hear your ideas here in this topic - and maybe you could also act as tester during development, before it’s published at exchange.checkmk.com…

I currently have OPN in version 21.1.5 and this will be the tested version for me. CMK version will be 2.0.
As first step only things from OPN core system are planned, maybe one or the other OPN plugin could follow in futrue.

I’m sure one or the oter of you is missing something in OPN monitoring, so let’s get those things monitored together!

Hope to hear from you,
Marsellus W.

ralf.kirmis · May 14, 2021, 5:15am

Hi Marsellus,
it would be great, if the FreeBSD Agent could return some Hardware Inventory Data like the Linux Agent.

regards,
Ralf

MarsellusWallace · May 14, 2021, 5:24am

Hey Ralf,

not exactly what I wanted to do for OPNsense, but I will keep it on my list. Maybe we could start with dmidecode output regarding HW inventory…

Do you use OPN, too, or are you just asking for the FreeBSD part? If OPN, what are you missing?

BR,
Marsellus W.

ralf.kirmis · May 14, 2021, 5:46am

Dear Marsellus,
we are using OPNSense Boxes.
Currently we monitor them through SSH with the librenms_agent.
Additional we use the Version Check as Classic Check.

What we miss is the monitoring for the IPEC oder OpenVPN VPN Tunnel.

regards,
Ralf

MarsellusWallace · May 14, 2021, 12:34pm

@ralf.kirmis , I’ve sent a DM to you, just not to blow up this thread too much…

darkfader · June 17, 2021, 11:41am

Hi,

I’d created pretty comprehensive checks for pfSense/OPNsense a while back.

It works with both flavours of the BSD firewall distros, and has adjusted haproxy monitoring, squid, updates etc.

I’m also interested in merging these so in the end there can be a proper OPN package that one just installs from the package management.
Would be nice to work on it together, but if it’s faster for you, you can also just grab the pieces you need.

McMarius11 · December 15, 2021, 11:11am

it would be amazing if someone could create a opnsense plugin for the mk check

fox-octi · December 30, 2021, 2:46pm

Hi, perhaps it is interesting you:

https://forum.opnsense.org/index.php?topic=26165.0

NilsS · February 5, 2022, 2:31pm

if someone is still interested.
full daemon implementation in python3.
Firmware status/updates/age
OpenVPN Server/Tunnel/Clients
IPSec
Wireguard
Interfaces with internal Names as Description/Alias
CPU load/util
ACME Cert Age/Expire
DHCP
HAProxy
Unbound
Services

Bleeding Edge Version.
https://nc.cloudistboese.de/index.php/s/8LmMSbXgDJMjCZr/download (install see github)
Encryption (currently only with commandline (notrecommend) will add config file support later
OnlyFrom

maybe later will make this a plugin for opnsense.

unrelated but similar approach https://nc.cloudistboese.de/index.php/s/69JtL3w6FX8KtsW/download for TrueNAS

danielhainich · March 22, 2022, 7:08am

Hi,
@MarsellusWallace - there are any news on this Topic?
the agent from bashclub seems to be working, but some plugins to extend the existing freebsd-agent would be pretty cool.
i dont have the skills to create some plugins from the bashclub-code.

thanks
daniel

danielhainich · May 13, 2022, 6:40pm

@MarsellusWallace Do you Plan to develop some opnsense checks at the Moment?