pf
Sadly there is no documentation for this plugin.
#!/bin/sh
#
# OpenBSD's pf(4) monitoring for FreeBSD
# 2007, Gergely Czuczy <phoemix@harmless.hu>
#
# Needs to run as root.
# Add "user root" for the [pf] into plugins.conf.
#
# Options:
# - env.do_searches yes: to enable state table search monitoring`
#
# 0.1 - initial release:
# - state table usage
# - search rate
# - match rate
# - state mismatch rate
# - blocked packets
# - monitoring of labelled rules
#
# 0.2 - feature improvements:
# - Labelled rules for packet count
# - OpenBSD compatibility
# - Warning and critical on state table
#
# 0.3 - feature improvements:
# - Aggregate rules with the same label
#
# 0.4 - feature changes:
# - State searches are optional. it can shrink others.
# - Labelled targets are marked with a leading L
#
#
#%# family=auto
#%# capabilities=autoconf
PATH=/bin:/sbin:/usr/bin:/usr/sbin
export PATH
pfctl="/sbin/pfctl"
case $1 in
config)
echo "graph_title OpenBSD pf statistics"
echo "graph_vlabel Entries per second"
echo "graph_scale no"
echo "graph_category network"
echo "graph_args -l 0"
echo "graph_info OpenBSD's pf usage statistics"
echo "states.label States"
echo "states.type GAUGE"
${pfctl} -sm 2> /dev/null | awk '/states/ {print "states.warning "$4*0.9; print "states.critical "$4*0.95}'
if [ "x${do_searches}" = "xyes" ]; then
echo "searches.label Searches"
echo "searches.min 0"
echo "searches.type DERIVE"
fi
echo "matches.label Matches"
echo "matches.min 0"
echo "matches.type DERIVE"
echo "mismatches.label State mismatches"
echo "mismatches.min 0"
echo "mismatches.type DERIVE"
echo "blocks.label Blocked packets"
echo "blocks.type DERIVE"
echo "blocks.min 0"
${pfctl} -sl 2>/dev/null | awk '{
l="";
for (i=1; i<NF-2; i=i+1) l=l" "$i;
sub(/^ /, "", l);
f=l;
gsub(/[^a-z0-9A-Z]/, "_", f);
print f".label L: "l;
print f".type DERIVE"
print f".min 0"}'
exit 0
;;
autoconf)
ostype=`uname -s`
# NetBSD
if [ ${ostype} = "NetBSD" ]; then
# enabled?
if [ `${pfctl} -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
echo "no (pf(4) is not enabled, consult pfctl(8))"
exit 0
fi
# FreeBSD
elif [ ${ostype} = "FreeBSD" ]; then
# enabled?
if [ `${pfctl} -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
echo "no (pf(4) is not enabled, consult pfctl(8))"
exit 0
fi
# OpenBSD
elif [ ${ostype} = "OpenBSD" ]; then
# pf(4) module loaded?
if [ `kldstat -v | grep pf | wc -l` -eq 0 ]; then
echo "no (pf(4) is not loaded)"
exit 0
fi
# enabled?
if [ `${pfctl} -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
echo "no (pf(4) is not enabled, consult pfctl(8))"
exit 0
fi
# Other OSes
else
echo "no (this plugin is not supported on your OS)"
exit 0
fi
echo "yes"
exit 0
;;
suggest)
exit 0;
;;
esac
#
${pfctl} -si 2>/dev/null | awk '
/current entries/{print "states.value",$3}
/searches/{if ( "'${do_searches}'" == "yes" ) print "searches.value",$2}
$1~/^match$/{print "matches.value",$2}
/state-mismatch/{print "mismatches.value",$2}'
${pfctl} -vsr 2> /dev/null| grep -A 1 ^block | awk 'BEGIN {sum=0}/^[ \t]*\[/{sum=sum+$5} END {print "blocks.value",sum}'
# the labeled ones
${pfctl} -sl 2>/dev/null | awk '
BEGIN {
total=0
}
{
l="";
for (i=1; i<NF-2; i=i+1) l=l" "$i;
sub(/^ /, "", l);
f=l;
gsub(/[^a-z0-9A-Z]/, "_", f);
total=total+1;
fields[f]=fields[f]+$(NF-i+2);
}
END {
if ( total == 0 ) exit 0;
for ( k in fields ) print k".value "fields[k]
}'