check_pf is a plugin intended for use with the Nagios network monitoring system. This
plugin checks the status of PF,
the (excellent) OpenBSD packet filter, and compares
the current state count to given or default thresholds, returning the
result. It is written in C.
The thresholds may be specified on the command-line, but if they are not, check_pf will base the thresholds off of the current hard state limit set in pf(4).
PF OK - states: 4342 (14.5% - limit: 30000)
#check_pf -hcheck_pf 0.1 This plugin checks if PF is enabled, and if it is, the number of states currently in the state table. The current state count is compared to the given (or default) thresholds and the proper Nagios state value is returned. Usage: check_pf [-Vh] [-w number] [-c number] -V - Print the plugin version -h - Print the plugin help -w number - Warning when <number> states (default: 80% of state limit) -c number - Critical when <number> states (default: 90% of state limit)
If you are using FreeBSD, there is a port for check_pf (net-mgmt/nagios-pf-plugin).
Or, to install this plugin manually, do the following:You can manually specify the location to install the plugin:#tar xzf check_pf-XX.tar.gz#cd check_pf-XX#make && make install
You can remove it as follows:#make install DESTDIR=/path/to/plugins/
check_pf needs read-access to pf(4). You will probably be running check_pf through Nagios/NRPE, so the following should work:#make uninstall DESTDIR=/path/to/plugins/
To make sure the changes persist across reboots (FreeBSD 5.x and later), add the following to /etc/devfs.conf:#chmod 640 /dev/pf#chgrp nagios /dev/pf
# nrpe2/nagios needs to be able to read statistics own pf root:nagios perm pf 0640There are other ways to do accomplish the same thing, but DON'T just make the device available to everyone.