Zabbix monitoring OPNsense?

[Greg_E]

I'm finally starting to roll out Zabbix on my system to try and reduce the effort of finding issues when they first occur, I had an issue with a server that was a couple weeks old and finally found it, Zabbix would have given me a single place to look and found it in a day.

Anyway, I see very little about what the Zabbix Agent can do or see, even less on which template I should select. I also see talk about an SNMP template and how OPNsense uses an older SNMPd which may or may not be a problem.

Could someone give me a rundown of what I need to do to monitor things? Ultimately I'd really like to see Suricata warnings and blocks, and Zenarmor threats and blocks. As well as is it operating, out of ram, cpu stuck at 100%, etc.

Or am I wanting too much?

Currently running a Zabbix 7.0.3 server on Debian if any of this matters, no proxies yet. And so far only a single Windows server connected, I want to read a bit more before putting important servers on the system. OPNsense is on hardware and the servers are all on XCP-NG hypervisors.

[aristide]

Anyway, I see very little about what the Zabbix Agent can do or see, even less on which template I should select. I also see talk about an SNMP template and how OPNsense uses an older SNMPd which may or may not be a problem.

With the agent (and the FreeBSD template), you get similar data as for a basic computer (aka disk-, cpu- and ram-usage, network interfaces and traffic).

[Patrick M. Hausen]

You can put scripts into the directory /usr/local/etc/zabbix64/zabbix/externalscripts and have them called from your Zabbix template.

For example we collect statistics per jail in our hosting environment - the Zabbix agent with the FreeBSD template would only collect per host data - with a script named jails.stats. This script takes one of four arguments:

ram
cpu
limit_ram
limit_cpu

and outputs the corresponding value that we simply retrieve with some shell commands. Then in the Zabbix template you reference e.g. jail.stats["cpu"] and there you have it.

Deploying a monitoring solution means scripting. Write a shell script that collects whatever data you are interested in. If I deploy Icinga 2 today I need to define every single variable on every single host I want to monitor. If something is not in some arbitrary default template that does not mean it cannot be monitored. Zabbix is a good step more modern than Icinga 2 by using templates and inheritance at all.

[Greg_E]

Patrick,

Thank you for the thorough explanation, I wasn't even thinking about needing custom scripts to pull data from the stats. I'll have to look into this deeper when I have time, so far I'm just trying to get basic Windows error messages pulled, and watch each machine to see if the IP address changes (yes that happened to me). Most of my stuff is running in XCP-NG, but OPNsense is bare metal (not that it really matters for Zabbix).

I also want to pull some SNMP stuff from my switches, I know this part needs a lot more research before I can get it working. Time is always against me, and this is a "free time" project to help me do my job.

[Patrick M. Hausen]

Just look at the sheer number of default Nagios plugins:

http://nagios-plugins.org/doc/man/index.html

Each of these monitors a single type of service for a single variable. You configure all of that separately for each host, although templating is available and helps a lot, of course. That's the "state of the art" for monitoring. How should the Zabbix project know that you might be interested in the number of active pf states - and how to get that number in the first place. One needs to script that.

[Greg_E]

Lots more learning to do, too many things really.

I'll have to look at the 3rd party SNMP OPNsense template, that might give me some clues as to what I should be working towards.