Plugin Apps-OPNSense-SSH : Différence entre versions
(15 révisions intermédiaires par le même utilisateur non affichées) | |||
Ligne 1 : | Ligne 1 : | ||
− | + | <html><a href="#null" onclick="javascript:history.back();">Précédent</a></html> | |
==Pré-requis== | ==Pré-requis== | ||
Le serveur centreon doit pouvoir accéder sans mot de passe en ssh à la machine à superviser | Le serveur centreon doit pouvoir accéder sans mot de passe en ssh à la machine à superviser | ||
*depuis le compte: '''centreon-engine''' | *depuis le compte: '''centreon-engine''' | ||
− | *vers le compte: ''' | + | *vers le compte: '''remote-centreon''' |
− | |||
+ | === Generer une clé SSH === | ||
+ | Si ça n'est pas dejà fait, nous allons créer une clé pour l'utilisateur centreon-engine | ||
+ | |||
+ | Sur le serveur centreon: | ||
+ | su centreon-engine | ||
+ | ssh-keygen -t rsa -b 2048 | ||
+ | |||
+ | Copier le contenue de la clé public | ||
+ | cat /var/lib/centreon-engine/.ssh/id_rsa.pub | ||
+ | |||
+ | ===Créer un compte sur OPNSense=== | ||
+ | ''Système: Accès: Utilisateurs'' | ||
+ | |||
+ | Renseigner: | ||
+ | *Nom d'utilisateur: remote-centreon | ||
+ | *Cocher: Générer un mot de passe aléatoire | ||
+ | *Shell de connexion: /bin/sh | ||
+ | *Membre du groupe: admins | ||
+ | *Clés autorisées: coller la clé public créer précedement (Exemple: ssh-rsa AAAAB3NzaC1yc... ...XOQKm/x root) | ||
+ | |||
+ | Sauvegarder | ||
+ | |||
+ | Ajouter l'utilisateur au groupe proxy afin de pouvoir exécuter les commandes pf | ||
+ | pw group mod proxy -m remote-centreon | ||
+ | |||
+ | ===Tester la connexion en ssh depuis le serveur Centreon=== | ||
+ | su centreon-engine | ||
+ | ssh remote-centreon@10.10.10.1 -p 8022 | ||
+ | |||
+ | ECDSA key fingerprint is SHA256:SoX8QCm... ...6CRPJMI. | ||
+ | Are you sure you want to continue connecting (yes/no)? yes | ||
+ | |||
+ | Si il ne demande pas de mot de passe, c'est gagné | ||
+ | |||
+ | ==Installation Plugin== | ||
+ | Installation du plugin coté OPNSense | ||
+ | |||
+ | sudo pkg install nagios-plugins | ||
+ | Les plugins précompilés se trouvent maintenant dans le répertoire: | ||
+ | /usr/local/libexec/nagios | ||
+ | |||
+ | Tester avec la commande | ||
+ | /usr/local/libexec/nagios/check_procs | ||
+ | PROCS OK: 69 processes | procs=69;;;0; | ||
+ | |||
+ | Installer les plugins pour PFsense | ||
+ | <nowiki>curl -LO https://github.com/oneoffdallas/pfsense-nagios-checks/archive/master.zip | ||
+ | sudo unzip -j master.zip -d /usr/local/libexec/nagios/ | ||
+ | sudo chmod +x /usr/local/libexec/nagios/check_pf_*</nowiki> | ||
+ | |||
+ | Autoriser l'utilisateur remote-centreon à lancer des commandes pf | ||
+ | pw group mod proxy -m remote-centreon | ||
+ | |||
+ | == Les commandes Nagios== | ||
+ | |||
+ | === Nombre de processus en cours === | ||
+ | |||
+ | /usr/local/libexec/nagios/check_procs -w 200 -c 400 | ||
+ | |||
+ | === Nombre d'utilisateur connecté === | ||
+ | /usr/local/libexec/nagios/check_users -w 5 -c 1 | ||
+ | |||
+ | |||
+ | === Ping depuis opnsense === | ||
+ | /usr/local/libexec/nagios/check_icmp -H 208.67.222.222 -w 80,10% -c 150,40% | ||
+ | |||
+ | === NTP === | ||
+ | /usr/local/libexec/nagios/check_ntp_time -H time.google.com | ||
+ | |||
+ | === DISK === | ||
+ | root | ||
+ | /usr/local/libexec/nagios/check_disk -w 20% -c 5% -p / | ||
+ | |||
+ | /usr/local/libexec/nagios/check_disk -w 20% -c 5% -p /var/run | ||
+ | |||
+ | === Load === | ||
+ | /usr/local/libexec/nagios/check_load -w 3,2.8,2.6 -c 10,7,5 -r | ||
+ | |||
+ | === SWAP === | ||
+ | /usr/local/libexec/nagios/check_swap -w 90% -c 40% | ||
+ | |||
+ | == Les commandes PFSense == | ||
+ | |||
+ | === CPU === | ||
+ | /usr/local/libexec/nagios/check_pf_cpu -w 85 -c 95 | ||
+ | |||
+ | === Memoire === | ||
+ | /usr/local/libexec/nagios/check_pf_mem -w 90 -c 95 | ||
+ | |||
+ | === Service === | ||
+ | {{Rouge|Attention:}} Ne fonctionne que sur pfsense, pas sur opnsense | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_services -name snort | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_services -name pinger | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_services -name dhcpd | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_services -name squid | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_services -name pfb_dnsbl | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_services -name pfb_filter | ||
+ | |||
+ | === interface === | ||
+ | /usr/local/libexec/nagios/check_pf_interface -i igb0 -name WAN | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_interface -i igb1 -name LAN | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_interface -i igb1_vlan6 -name VOIP | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_interface -i ovpns1 | ||
+ | |||
+ | === VPN === | ||
+ | /usr/local/libexec/nagios/check_pf_ipsec_tunnel -e <IP address or hostname of remote> | ||
+ | |||
+ | /usr/local/libexec/nagios/check_pf_ipsec_tunnel -e <IP address or hostname of remote> -name DallasTX | ||
+ | |||
+ | === FIREWALL === | ||
+ | /usr/local/libexec/nagios/check_pf_state_table -w 60 -c 90 | ||
+ | |||
+ | === Version === | ||
+ | {{Rouge|Attention:}} Ne fonctionne pas que sur pfsense, pas sur opnsense | ||
+ | /usr/local/libexec/nagios/check_pf_version | ||
+ | |||
+ | A voir un jour pour adapter le code | ||
+ | |||
+ | pour info: | ||
+ | |||
+ | Récupérer version disponible | ||
+ | opnsense-update -v | ||
+ | |||
+ | Récupérer version instalé | ||
+ | opnsense-version -v | ||
+ | |||
+ | === Uptime === | ||
+ | /usr/local/libexec/nagios/check_pf_uptime | ||
+ | |||
+ | === Temperature CPU === | ||
+ | {{Rouge|Attention:}} Ne fonctionne pas avec les APU2 | ||
+ | /usr/local/libexec/nagios/check_pf_cpu_temp -w 75 -c 90 | ||
==Plugin== | ==Plugin== | ||
+ | ===Le template d’hôte=== | ||
+ | Nous regrouperons les services dans un template dhôte nommé OS-Linux-ssh | ||
+ | <syntaxhighlight lang="shell" line>clapi -o HTPL -a add -v "APP-OPNSense-SSH-SLM;APP-OPNSense-SSH-SLM;;;;" | ||
+ | clapi -o HTPL -a addtemplate -v "APP-OPNSense-SSH-SLM;generic-active-host-custom" | ||
+ | clapi -o HTPL -a setmacro -v "APP-OPNSense-SSH-SLM;PORTSSH;22" | ||
+ | clapi -o HTPL -a setmacro -v "APP-OPNSense-SSH-SLM;USERLOGIN;remote-centreon"</syntaxhighlight> | ||
+ | |||
+ | ===Cpu=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Cpu;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_cpu -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Cpu;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Cpu;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Cpu;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Cpu;Cpu;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Cpu;check_command;Check_APP_OPNSense_SSH_Cpu" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Cpu;WARNING;'70'" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Cpu;CRITICAL;'90'" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Cpu;graphtemplate;CPU" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Cpu;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Connected-Users=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Connected-Users;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_users -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Connected-Users;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Connected-Users;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Connected-Users;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Connected-Users;Connected-Users;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Connected-Users;check_command;Check_APP_OPNSense_SSH_Connected-Users" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Connected-Users;WARNING;5" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Connected-Users;CRITICAL;1" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Connected-Users;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Disk=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Disk-Name;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_disk -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$' -p \$_SERVICEDISKNAME\$" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Disk-Name;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Disk-Name;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Disk-Name;command_locked;0"</syntaxhighlight> | ||
+ | |||
+ | ====Disk-root==== | ||
+ | <syntaxhighlight lang="shell" line>#Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Disk-root;Disk-root;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-root;check_command;Check_APP_OPNSense_SSH_Disk-Name" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-root;DISKNAME;/" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-root;WARNING;20%" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-root;CRITICAL;10%" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-root;graphtemplate;Storage" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Disk-root;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ====Disk-tmp==== | ||
+ | <syntaxhighlight lang="shell" line>#Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Disk-tmp;Disk-tmp;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-tmp;check_command;Check_APP_OPNSense_SSH_Disk-Name" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-tmp;DISKNAME;/tmp" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-tmp;WARNING;20%" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-tmp;CRITICAL;10%" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-tmp;graphtemplate;Storage" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Disk-tmp;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ====Disk-var==== | ||
+ | <syntaxhighlight lang="shell" line>#Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Disk-var;Disk-var;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-var;check_command;Check_APP_OPNSense_SSH_Disk-Name" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-var;DISKNAME;/var" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-var;WARNING;20%" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-var;CRITICAL;10%" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-var;graphtemplate;Storage" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Disk-var;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Firewall=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Firewall;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_state_table -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Firewall;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Firewall;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Firewall;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Firewall;Firewall;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Firewall;check_command;Check_APP_OPNSense_SSH_Firewall" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Firewall;WARNING;60" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Firewall;CRITICAL;90" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Firewall;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Interface=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Interface-Name;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_interface -i \$_SERVICEINTERFACE\$ -name \$_SERVICEINTERFACENAME\$" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Interface-Name;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Interface-Name;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Interface-Name;command_locked;0"</syntaxhighlight> | ||
+ | |||
+ | ====WAN==== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande#Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Interface-WAN;Interface;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Interface-WAN;check_command;Check_APP_OPNSense_SSH_Interface-Name" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Interface-WAN;INTERFACENAME;WAN" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Interface-WAN;INTERFACE;igb0" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Interface-WAN;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ====LAN==== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande#Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Interface-LAN;Interface;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Interface-LAN;check_command;Check_APP_OPNSense_SSH_Interface-Name" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Interface-LAN;INTERFACENAME;LAN" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Interface-LAN;INTERFACE;igb1" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Interface-LAN;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Load=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Load;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_load -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$' -r" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Load;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Load;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Load;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Load;Load;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Load;check_command;Check_APP_OPNSense_SSH_Load" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Load;WARNING;'4,3,2'" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Load;CRITICAL;'6,5,4'" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Load;graphtemplate;LOAD_Average" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Load;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Memory=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Memory;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_mem -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Memory;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Memory;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Memory;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Memory;Memory;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Memory;check_command;Check_APP_OPNSense_SSH_Memory" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Memory;WARNING;70" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Memory;CRITICAL;90" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Memory;graphtemplate;Memory" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Memory;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Ntp=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Ntp;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_ntp_time -H \$_SERVICEHOST\$" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ntp;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ntp;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ntp;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Ntp;Ntp;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Ntp;check_command;Check_APP_OPNSense_SSH_Ntp" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Ntp;HOST;time.google.com" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Ntp;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Ping-From-Host=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Ping-From-Host;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_icmp -H \$_SERVICEHOST\$ -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ping-From-Host;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ping-From-Host;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ping-From-Host;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;Ping-From-Host;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;check_command;Check_APP_OPNSense_SSH_Ping-From-Host" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;HOST;208.67.222.222" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;WARNING;80,10%" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;CRITICAL;150,40%" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Process=== | ||
+ | ====Process-Generic==== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Process-Generic;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_procs -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Process-Generic;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Process-Generic;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Process-Generic;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Process-Generic;Process-Generic;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Process-Generic;check_command;Check_APP_OPNSense_SSH_Process-Generic" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Process-Generic;WARNING;200" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Process-Generic;CRITICAL;400" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Process-Generic;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===Uptime=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Uptime;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_uptime" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Uptime;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Uptime;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Uptime;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Uptime;Uptime;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Uptime;check_command;Check_APP_OPNSense_SSH_Uptime" | ||
+ | |||
+ | #Ajout de la template service à la template d hôte | ||
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Uptime;APP-OPNSense-SSH-SLM"</syntaxhighlight> | ||
+ | |||
+ | ===VPN-IPSEC=== | ||
+ | <syntaxhighlight lang="shell" line>#Création commande | ||
+ | clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_VPN-IPSEC;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_ipsec_tunnel -e \$_SERVICEREMOTE\$ -name \$_SERVICENAME\$" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_VPN-IPSEC;enable_shell;0" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_VPN-IPSEC;command_activate;1" | ||
+ | clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_VPN-IPSEC;command_locked;0" | ||
+ | |||
+ | #Création template service | ||
+ | clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;VPN-IPSEC;generic-active-service-custom" | ||
+ | clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;check_command;Check_APP_OPNSense_SSH_VPN-IPSEC" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;REMOTE;(ex: 1.1.1.1 ou host.fr)" | ||
+ | clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;NAME;" | ||
− | + | #Ajout de la template service à la template d hôte | |
+ | clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;APP-OPNSense-SSH-SLM"</syntaxhighlight> |
Version actuelle datée du 9 janvier 2021 à 14:37
Pré-requis
Le serveur centreon doit pouvoir accéder sans mot de passe en ssh à la machine à superviser
- depuis le compte: centreon-engine
- vers le compte: remote-centreon
Generer une clé SSH
Si ça n'est pas dejà fait, nous allons créer une clé pour l'utilisateur centreon-engine
Sur le serveur centreon:
su centreon-engine ssh-keygen -t rsa -b 2048
Copier le contenue de la clé public
cat /var/lib/centreon-engine/.ssh/id_rsa.pub
Créer un compte sur OPNSense
Système: Accès: Utilisateurs
Renseigner:
- Nom d'utilisateur: remote-centreon
- Cocher: Générer un mot de passe aléatoire
- Shell de connexion: /bin/sh
- Membre du groupe: admins
- Clés autorisées: coller la clé public créer précedement (Exemple: ssh-rsa AAAAB3NzaC1yc... ...XOQKm/x root)
Sauvegarder
Ajouter l'utilisateur au groupe proxy afin de pouvoir exécuter les commandes pf
pw group mod proxy -m remote-centreon
Tester la connexion en ssh depuis le serveur Centreon
su centreon-engine ssh remote-centreon@10.10.10.1 -p 8022
ECDSA key fingerprint is SHA256:SoX8QCm... ...6CRPJMI. Are you sure you want to continue connecting (yes/no)? yes
Si il ne demande pas de mot de passe, c'est gagné
Installation Plugin
Installation du plugin coté OPNSense
sudo pkg install nagios-plugins
Les plugins précompilés se trouvent maintenant dans le répertoire:
/usr/local/libexec/nagios
Tester avec la commande
/usr/local/libexec/nagios/check_procs PROCS OK: 69 processes | procs=69;;;0;
Installer les plugins pour PFsense
curl -LO https://github.com/oneoffdallas/pfsense-nagios-checks/archive/master.zip sudo unzip -j master.zip -d /usr/local/libexec/nagios/ sudo chmod +x /usr/local/libexec/nagios/check_pf_*
Autoriser l'utilisateur remote-centreon à lancer des commandes pf
pw group mod proxy -m remote-centreon
Les commandes Nagios
Nombre de processus en cours
/usr/local/libexec/nagios/check_procs -w 200 -c 400
Nombre d'utilisateur connecté
/usr/local/libexec/nagios/check_users -w 5 -c 1
Ping depuis opnsense
/usr/local/libexec/nagios/check_icmp -H 208.67.222.222 -w 80,10% -c 150,40%
NTP
/usr/local/libexec/nagios/check_ntp_time -H time.google.com
DISK
root
/usr/local/libexec/nagios/check_disk -w 20% -c 5% -p /
/usr/local/libexec/nagios/check_disk -w 20% -c 5% -p /var/run
Load
/usr/local/libexec/nagios/check_load -w 3,2.8,2.6 -c 10,7,5 -r
SWAP
/usr/local/libexec/nagios/check_swap -w 90% -c 40%
Les commandes PFSense
CPU
/usr/local/libexec/nagios/check_pf_cpu -w 85 -c 95
Memoire
/usr/local/libexec/nagios/check_pf_mem -w 90 -c 95
Service
Attention: Ne fonctionne que sur pfsense, pas sur opnsense
/usr/local/libexec/nagios/check_pf_services -name snort
/usr/local/libexec/nagios/check_pf_services -name pinger
/usr/local/libexec/nagios/check_pf_services -name dhcpd
/usr/local/libexec/nagios/check_pf_services -name squid
/usr/local/libexec/nagios/check_pf_services -name pfb_dnsbl
/usr/local/libexec/nagios/check_pf_services -name pfb_filter
interface
/usr/local/libexec/nagios/check_pf_interface -i igb0 -name WAN
/usr/local/libexec/nagios/check_pf_interface -i igb1 -name LAN
/usr/local/libexec/nagios/check_pf_interface -i igb1_vlan6 -name VOIP
/usr/local/libexec/nagios/check_pf_interface -i ovpns1
VPN
/usr/local/libexec/nagios/check_pf_ipsec_tunnel -e <IP address or hostname of remote>
/usr/local/libexec/nagios/check_pf_ipsec_tunnel -e <IP address or hostname of remote> -name DallasTX
FIREWALL
/usr/local/libexec/nagios/check_pf_state_table -w 60 -c 90
Version
Attention: Ne fonctionne pas que sur pfsense, pas sur opnsense
/usr/local/libexec/nagios/check_pf_version
A voir un jour pour adapter le code
pour info:
Récupérer version disponible
opnsense-update -v
Récupérer version instalé
opnsense-version -v
Uptime
/usr/local/libexec/nagios/check_pf_uptime
Temperature CPU
Attention: Ne fonctionne pas avec les APU2
/usr/local/libexec/nagios/check_pf_cpu_temp -w 75 -c 90
Plugin
Le template d’hôte
Nous regrouperons les services dans un template dhôte nommé OS-Linux-ssh
1 clapi -o HTPL -a add -v "APP-OPNSense-SSH-SLM;APP-OPNSense-SSH-SLM;;;;"
2 clapi -o HTPL -a addtemplate -v "APP-OPNSense-SSH-SLM;generic-active-host-custom"
3 clapi -o HTPL -a setmacro -v "APP-OPNSense-SSH-SLM;PORTSSH;22"
4 clapi -o HTPL -a setmacro -v "APP-OPNSense-SSH-SLM;USERLOGIN;remote-centreon"
Cpu
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Cpu;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_cpu -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Cpu;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Cpu;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Cpu;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Cpu;Cpu;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Cpu;check_command;Check_APP_OPNSense_SSH_Cpu"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Cpu;WARNING;'70'"
11 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Cpu;CRITICAL;'90'"
12 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Cpu;graphtemplate;CPU"
13
14 #Ajout de la template service à la template d hôte
15 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Cpu;APP-OPNSense-SSH-SLM"
Connected-Users
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Connected-Users;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_users -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Connected-Users;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Connected-Users;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Connected-Users;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Connected-Users;Connected-Users;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Connected-Users;check_command;Check_APP_OPNSense_SSH_Connected-Users"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Connected-Users;WARNING;5"
11 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Connected-Users;CRITICAL;1"
12
13 #Ajout de la template service à la template d hôte
14 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Connected-Users;APP-OPNSense-SSH-SLM"
Disk
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Disk-Name;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_disk -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$' -p \$_SERVICEDISKNAME\$"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Disk-Name;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Disk-Name;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Disk-Name;command_locked;0"
Disk-root
1 #Création template service
2 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Disk-root;Disk-root;generic-active-service-custom"
3 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-root;check_command;Check_APP_OPNSense_SSH_Disk-Name"
4 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-root;DISKNAME;/"
5 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-root;WARNING;20%"
6 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-root;CRITICAL;10%"
7 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-root;graphtemplate;Storage"
8
9 #Ajout de la template service à la template d hôte
10 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Disk-root;APP-OPNSense-SSH-SLM"
Disk-tmp
1 #Création template service
2 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Disk-tmp;Disk-tmp;generic-active-service-custom"
3 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-tmp;check_command;Check_APP_OPNSense_SSH_Disk-Name"
4 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-tmp;DISKNAME;/tmp"
5 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-tmp;WARNING;20%"
6 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-tmp;CRITICAL;10%"
7 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-tmp;graphtemplate;Storage"
8
9 #Ajout de la template service à la template d hôte
10 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Disk-tmp;APP-OPNSense-SSH-SLM"
Disk-var
1 #Création template service
2 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Disk-var;Disk-var;generic-active-service-custom"
3 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-var;check_command;Check_APP_OPNSense_SSH_Disk-Name"
4 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-var;DISKNAME;/var"
5 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-var;WARNING;20%"
6 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Disk-var;CRITICAL;10%"
7 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Disk-var;graphtemplate;Storage"
8
9 #Ajout de la template service à la template d hôte
10 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Disk-var;APP-OPNSense-SSH-SLM"
Firewall
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Firewall;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_state_table -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Firewall;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Firewall;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Firewall;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Firewall;Firewall;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Firewall;check_command;Check_APP_OPNSense_SSH_Firewall"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Firewall;WARNING;60"
11 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Firewall;CRITICAL;90"
12
13 #Ajout de la template service à la template d hôte
14 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Firewall;APP-OPNSense-SSH-SLM"
Interface
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Interface-Name;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_interface -i \$_SERVICEINTERFACE\$ -name \$_SERVICEINTERFACENAME\$"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Interface-Name;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Interface-Name;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Interface-Name;command_locked;0"
WAN
1 #Création commande#Création template service
2 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Interface-WAN;Interface;generic-active-service-custom"
3 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Interface-WAN;check_command;Check_APP_OPNSense_SSH_Interface-Name"
4 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Interface-WAN;INTERFACENAME;WAN"
5 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Interface-WAN;INTERFACE;igb0"
6
7 #Ajout de la template service à la template d hôte
8 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Interface-WAN;APP-OPNSense-SSH-SLM"
LAN
1 #Création commande#Création template service
2 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Interface-LAN;Interface;generic-active-service-custom"
3 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Interface-LAN;check_command;Check_APP_OPNSense_SSH_Interface-Name"
4 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Interface-LAN;INTERFACENAME;LAN"
5 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Interface-LAN;INTERFACE;igb1"
6
7 #Ajout de la template service à la template d hôte
8 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Interface-LAN;APP-OPNSense-SSH-SLM"
Load
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Load;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_load -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$' -r"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Load;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Load;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Load;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Load;Load;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Load;check_command;Check_APP_OPNSense_SSH_Load"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Load;WARNING;'4,3,2'"
11 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Load;CRITICAL;'6,5,4'"
12 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Load;graphtemplate;LOAD_Average"
13
14 #Ajout de la template service à la template d hôte
15 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Load;APP-OPNSense-SSH-SLM"
Memory
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Memory;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_mem -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Memory;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Memory;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Memory;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Memory;Memory;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Memory;check_command;Check_APP_OPNSense_SSH_Memory"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Memory;WARNING;70"
11 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Memory;CRITICAL;90"
12 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Memory;graphtemplate;Memory"
13
14 #Ajout de la template service à la template d hôte
15 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Memory;APP-OPNSense-SSH-SLM"
Ntp
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Ntp;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_ntp_time -H \$_SERVICEHOST\$"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ntp;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ntp;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ntp;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Ntp;Ntp;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Ntp;check_command;Check_APP_OPNSense_SSH_Ntp"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Ntp;HOST;time.google.com"
11
12 #Ajout de la template service à la template d hôte
13 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Ntp;APP-OPNSense-SSH-SLM"
Ping-From-Host
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Ping-From-Host;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_icmp -H \$_SERVICEHOST\$ -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ping-From-Host;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ping-From-Host;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Ping-From-Host;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;Ping-From-Host;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;check_command;Check_APP_OPNSense_SSH_Ping-From-Host"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;HOST;208.67.222.222"
11 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;WARNING;80,10%"
12 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;CRITICAL;150,40%"
13
14 #Ajout de la template service à la template d hôte
15 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Ping-From-Host;APP-OPNSense-SSH-SLM"
Process
Process-Generic
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Process-Generic;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_procs -w '\$_SERVICEWARNING\$' -c '\$_SERVICECRITICAL\$'"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Process-Generic;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Process-Generic;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Process-Generic;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Process-Generic;Process-Generic;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Process-Generic;check_command;Check_APP_OPNSense_SSH_Process-Generic"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Process-Generic;WARNING;200"
11 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_Process-Generic;CRITICAL;400"
12
13 #Ajout de la template service à la template d hôte
14 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Process-Generic;APP-OPNSense-SSH-SLM"
Uptime
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_Uptime;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_uptime"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Uptime;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Uptime;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_Uptime;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_Uptime;Uptime;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_Uptime;check_command;Check_APP_OPNSense_SSH_Uptime"
10
11 #Ajout de la template service à la template d hôte
12 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_Uptime;APP-OPNSense-SSH-SLM"
VPN-IPSEC
1 #Création commande
2 clapi -o CMD -a ADD -v "Check_APP_OPNSense_SSH_VPN-IPSEC;2;ssh \$HOSTADDRESS\$ -p \$_HOSTPORTSSH\$ -l \$_HOSTUSERLOGIN\$ /usr/local/libexec/nagios/check_pf_ipsec_tunnel -e \$_SERVICEREMOTE\$ -name \$_SERVICENAME\$"
3 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_VPN-IPSEC;enable_shell;0"
4 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_VPN-IPSEC;command_activate;1"
5 clapi -o CMD -a setparam -v "Check_APP_OPNSense_SSH_VPN-IPSEC;command_locked;0"
6
7 #Création template service
8 clapi -o STPL -a add -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;VPN-IPSEC;generic-active-service-custom"
9 clapi -o STPL -a setparam -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;check_command;Check_APP_OPNSense_SSH_VPN-IPSEC"
10 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;REMOTE;(ex: 1.1.1.1 ou host.fr)"
11 clapi -o STPL -a setmacro -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;NAME;"
12
13 #Ajout de la template service à la template d hôte
14 clapi -o STPL -a addhost -v "Stpl_APP_OPNSense_SSH_VPN-IPSEC;APP-OPNSense-SSH-SLM"