General questions understanding monit and its integration with opnsense

[ralfonat]

Hi there,

I am relatively new to opnsense (21.1) and trying to understand some architectural concepts.

So as the documentation states, notifications are to be handled by monit.

1) in system -> settings -> cron there are entries for "Firmware changelog update" and "Firmware update check". What do these do, I am not sure which does what? Will they emit a notification if new updates are detected? If not do I have to setup monit to emit these via email? I see no preconfigured entries...

2) I am trying to make notifications for OpenVPN. I want to receive an email if a client connects. There doesn't seem to be a preconfigured entry for this so I digged a little deeper in monit configuration.

It seems like for this I need to watch the /var/log/openvpn.log and look for a "connection initiated" strings. I thought I had it configured correctly but it would not trigger.

I wondered why the file is a fixed size and has strange binary leftovers at the end. So I found out that this is caused by a mechanism called circular logs which is not recommended (anymore?).

So I disabled them. However now, the file is not called /var/log/openvpn.log anymore, but instead /var/log/openvpn/openvpn_20210828.log.

So it seems like the

Code Select Expand

check file openvpn with path "/var/log/openvpn.log" syntax doesn't work with dynamic file names? That would lead to having to use a program output content test with a bash script that collects the correct log data. But it is limited to 511 characters which means depending on the monit checking interval it could miss data.

This is my understanding so far and before I dig even deeper maybe someone could help me out a bit whether I am totally wrong and can help me nudge in the correct direction.

Many thanks

[ralfonat]

OK seems like check PROGRAM with IF CONTENT is only supported from monit 5.29.0 onwards which is currently not available in opnsense

[rman50]

I just started testing a workaround for Monit to do a content check for a dynamic log file name (in my case filter_.log) and so far it seems to be working. I setup a simple cron job that runs at midnight and updates a symbolic link to the current log file name. I have Monit pointing to that symbolic link for a content check.

[mimugmail]

I just started testing a workaround for Monit to do a content check for a dynamic log file name (in my case filter_.log) and so far it seems to be working. I setup a simple cron job that runs at midnight and updates a symbolic link to the current log file name. I have Monit pointing to that symbolic link for a content check.

This sounds interesting, but you still need the daily cron correct?

[rman50]

This sounds interesting, but you still need the daily cron correct?

Yes, the daily cron was the only way I could find to get it to work so far.

[mimugmail]

This was my FR via github
https://github.com/opnsense/core/issues/4993

[rman50]

Thank you for sharing the FR and updating it with our requests. I used touch to create the log file in case it isn't there when I create the link. I don't know if that will cause problems but so far it seems fine. This is the script I call at midnight from cron:

#! /bin/sh
touch /var/log/filter/filter_$(date +%Y%m%d).log
ln -s -f /var/log/filter/filter_$(date +%Y%m%d).log /root/filter.log

[ralfonat]

hey guys,

thanks for the healthy discussion. Looking at the 4993 issue thats exactly what I was fearing, it is more or less a crutch. Not meaning any ill intention - something thats supposed to be THE alerting/notification method in opnsense should be build on more solid ground? I am hoping the new monit version (29) will be updated soon!

Does anyone have an answer to 1) in the OP?

thanks