rbicelli/pfsense-zabbix-template

Monitoring Table Usage Count

GuillaumeHullin opened this issue · 5 comments

This is not an issue but an idea.

I encountered a problem with my pfSense recently, where my table-entries hard limit was too low. In the GUI it's under "Firewall Maximum Table Entries" (https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html)

I was wondering if we could monitor the two items:

  • Firewall Maximum Table Entries
  • Table Usage Count

The trigger would be "Firewall Maximum Table Entries is too low" when Table Usage Count is more than half Maximum Table Entries.

The only place I could find the Table Usage Count is in the Update of pfBlocker (at the end).

pfSense Table Stats
-------------------
table-entries hard limit  2000000
Table Usage Count         420743

Anybody have an idea which command to use?

Hi!
I think is easy to implement with pfctl command:

pfctl -sm
states        hard limit   809000
src-nodes     hard limit   809000
frags         hard limit     5000
table-entries hard limit  1200000

Check https://www.openbsdhandbook.com/pf/cheat_sheet/

For example, for table usage, the syntax could be:

pfctl -s info | grep "current entries" | tr -s ' ' | cut -d " " -f4

For example, for table usage, the syntax could be:

pfctl -s info | grep "current entries" | tr -s ' ' | cut -d " " -f4

Correct me if I'm wrong but this is the state table.

I went through the link you sent (btw, now I know what "pf" means in the name pfSense)

Is this command make a logical result for you?

pfctl -vvsTables | grep 'Addresses:   ' | awk '{sum += $2} END {print sum}'

Looks like that

pfctl -s info | grep "current entries" | tr -s ' ' | cut -d " " -f4

Outputs a value closer to this:
immagine

pfctl -vvsTables | grep 'Addresses:   ' | awk '{sum += $2} END {print sum}'

outputs a value way higher than what is displayed in GUI (in my case 17281).

Sorry, I read with more attention what you wrote.
You want to monitor not only the state table but the whole table usage, so your one-liner return more meaningful value.