Archive for March, 2007
monitoring PF with nagios: part II
March 7th, 2007

A while back I mentioned a way to monitor PF (specifically, the number of states in the state table) with Nagios/nrpe2. A while after that, I decided to go ahead and write a plugin that will allow Nagios to alert me based on the results, instead of just printing out a line parsed from pfctl(8) since I was unable to find one online.

I was originally planning to do it in Perl, but that would involve parsing the output of pfctl(8) which I didn’t like very much at all—quite ugly. I decided to do it in C instead, because it is the “right way to do it.”

From the README:


This plugin checks the number of states in the pf (OpenBSD packet filter) state table, and compares this number against the WARNING and CRITICAL thresholds, which may be specified on the command-line or omitted.

If the thresholds are not manually specified on the command-line, the plugin will return WARNING if the state count is over 80% of the hard state limit, or CRITICAL if it is over 90%.

Output of the program looks like this:

PF OK - states: 5508 (18.4% - limit: 30000)

Gordon gave me a diff with a few good style fixes, and then I created a subversion project for it on my Dreamhost account for later changes. It is also running on each of the ResTek servers, and probably the firewalls in the near future.

Check it out here.

Posted in Uncategorized by kian
No Comments