Munin contributed plugins

#!/bin/sh

#

# OpenBSD's pf(4) monitoring for OpenBSD

# 2007, Originally by Gergely Czuczy <phoemix@harmless.hu>

# for FreeBSD systems. Ported and splitted by the

# immerda admin team admin(at)immerda.ch

# this version is adapted for openbsd and is only tested on

# openbsd systems.

#

# Needs to run as root.

# Add "user root" for the [pf] into plugins.conf.

#

# Options:

#  - env.do_searches yes: to enable state table search monitoring`

#

#%# family=auto

#%# capabilities=autoconf

pfctl='/sbin/pfctl'

case $1 in

    config)

    cat <<EOF

graph_title OpenBSD pf statistics

graph_vlabel Entries per second

graph_scale no

graph_category network

graph_args -l 0

graph_info OpenBSD's pf usage statistics

EOF

    cat <<EOF

matches.label Matches

matches.min 0

matches.type DERIVE

mismatches.label State mismatches

mismatches.min 0

mismatches.type DERIVE

blocks.label Blocked packets

blocks.type DERIVE

blocks.min 0

EOF

    exit 0

    ;;

    autoconf)

	# FreeBSD

	ostype=`uname -s`

	if [ ${ostype} = "FreeBSD" ]; then

	    # pf(4) module loaded?

	    if [ `kldstat -v | grep pf | wc -l` -eq 0 ]; then

		echo "no (pf(4) is not loaded)"

		exit 1

	    fi

	    # enabled?

	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then

		echo "no (pf(4) is not enabled, consult pfctl(8)"

		exit 1

	    fi

	# OpenBSD

	elif [ ${ostype} = "OpenBSD" ]; then

            # enabled?

	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then

		echo "no (pf(4) is not enabled, consult pfctl(8)"

		exit 1

	    fi

	# Other OSes

	else

	    echo "no (this plugin is not supported on your OS)"

	    exit 1

	fi

	echo "yes"

	exit 0

	;;

    suggest)

	exit 0;

	;;

esac

#

${pfctl} -si 2>/dev/null | awk '

$1~/^match$/{print "matches.value",$2}

/state-mismatch/{print "mismatches.value",$2}'

${pfctl} -vsr 2> /dev/null| grep -A 1 ^block | awk 'BEGIN {sum=0}/^[ \t]*\[/{sum=sum+$5} END {print "blocks.value",sum}'