From 2772a5990067679bde106883f39a30aa2fe196e6 Mon Sep 17 00:00:00 2001 From: Robin Roevens Date: Thu, 17 Jul 2025 19:52:01 +0200 Subject: [PATCH] zabbix_agentd: Add ARPing method for checking Internet Gateway Since some ISP's block ICMP ping to their gateway ARPing can be an alternative. This change adds arping alternatives for the regular (icmp) ping checks: - ipfire.net.gateway.arping: Check if the Internet Gateway is reachable via ARPing - ipfire.net.gateway.arpingtime: Measure the time it takes to ARPing the Internet Gateway Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer --- config/rootfiles/packages/zabbix_agentd | 1 + config/zabbix_agentd/sudoers | 3 ++- config/zabbix_agentd/userparameter_gateway.conf | 12 ++++++++++++ config/zabbix_agentd/userparameter_ipfire.conf | 4 ---- lfs/zabbix_agentd | 2 ++ 5 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 config/zabbix_agentd/userparameter_gateway.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index ffa66f3071..cc75a49bd8 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -21,6 +21,7 @@ var/ipfire/zabbix_agentd/userparameters var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf +var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf var/ipfire/zabbix_agentd/scripts var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 78e175980a..921e20c894 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -8,6 +8,7 @@ # To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user # Defaults:zabbix !requiretty -zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log +zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat +zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/userparameter_gateway.conf b/config/zabbix_agentd/userparameter_gateway.conf new file mode 100644 index 0000000000..cfae001ae4 --- /dev/null +++ b/config/zabbix_agentd/userparameter_gateway.conf @@ -0,0 +1,12 @@ +# Parameters to monitor Internet gateway connectivity +# +# ICMP Ping +# Internet Gateway ping timings, can be used to measure "Internet Line Quality" +UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 +# Internet Gateway availability, can be used to check Internet connection +UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $? +# ARP Ping +# Internet Gateway ping timings, can be used to measure "Internet Line Quality" when ICMP ping is not available +UserParameter=ipfire.net.gateway.arpingtime,sudo /usr/sbin/arping -i red0 -c 3 gateway | awk 'match($0, /time=([0-9\.]+) (\w+)$/, arr) { n++; if (arr[2] == "usec") { arr[1]/=1000; }; sum+=arr[1] } END { print sum / n }' +# Internet Gateway availability, can be used to check Internet connection when ICMP ping is not available +UserParameter=ipfire.net.gateway.arping,sudo /usr/sbin/arping -q -c 3 gateway; [ ! $? == 0 ]; echo $? diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf index c8ead1608e..e88c202985 100644 --- a/config/zabbix_agentd/userparameter_ipfire.conf +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -1,9 +1,5 @@ # Parameters for monitoring IPFire specific metrics # -# Internet Gateway ping timings, can be used to measure "Internet Line Quality" -UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 -# Internet Gateway availability, can be used to check Internet connection -UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $? # Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/\* DROP_.* \*/$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{\"chain\": \"%s\", \"bytes\": \"%s\"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }' # Number of currently Active DHCP leases diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index c2b8533b46..ebd184628f 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -112,6 +112,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ovpn.conf \ /var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \ + /var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf # Install IPFire-specific Zabbix Agent scripts -mkdir -pv /var/ipfire/zabbix_agentd/scripts -- 2.47.3