Monitoring m0n0wall Firewalls with Xymon
- The CGI scripts to update the config file are not yet available to the public. They will be up as soon as the directions to configure and install them are complete. For now, the config file will need to be manually modified when your m0n0walls's config has been changed
The instructions and scripts that follow are intended to be used to monitor m0n0wall firewalls and report back the m0n0wall's version, platform, uptime, last config change, and notes fields to a Xymon monitoring server for status monitoring and alerting.
In addition to presenting the basic system information to Xymon about each m0n0wall, the xymon_m0n0CFG.rb script also has the following features:
- Set a yellow alert when the m0n0wall has been up for less than 24 hours
- Set a yellow alert when the last configuration change date reported by the m0n0wall is different than a "known good" date stored in a config file
Here you will find the most current versions of our:
- Instructions on integrating, monitoring, the output from the script below with a Xymon server
- xymon_m0n0CFG.rb - Xymon script to monitor m0n0wall firewalls
We have also written several other scripts that you may find useful. You may find them HERE
Since our xymon_m0n0CFG.rb script will be connecting to the m0n0wall via m0n0wall's web GUI, we will first need to set up a GUI login on the m0n0wall with limited access.
- Create a m0n0CFG group with access ONLY to the main status page
- Log into the m0n0wall web GUI with an admin user account
- Select System --> User Manager
- Click the "Groups" tab
- Click the "+" to create a new group
- Give the group a sensible name - like m0n0CFG
- Check ONLY the "Landing Page after Login" box to give the group very limited access
- Scroll to the bottom of the page and click "Save" to save the new group
- Create a m0n0CFG user in the m0n0CFG group
- Click the "Users" tab
- Click the "+" to create a new user
- Give the user a sensible name - like m0n0CFG
- Set the password
- Choose the m0n0CFG group from the "Group name" drop-down list
- Click "Save" to save the new user
- Test the m0n0CFG user login to your m0n0wall firewall
- Close your web browser, then re-open it
- Log in as the new m0n0CFG user that you just created
- Verify that you see the main "System Information" m0n0wall page
- Verify that the ONLY option in the left menu is "System" under "Status"
The m0n0wall is now ready to be integrated into Xymon with our xymon_m0n0CFG.rb Ruby script.
Add the m0n0CFG test to each of your m0n0walls
- Edit ~xymon/server/etc/bb-hosts and add the m0n0CFG test along with the m0n0CFGlogin settings to your m0n0wall hosts like so:
192.168.1.254 m0n0wall_one.example.com # m0n0CFG \ m0n0CFGlogin:user:pass:proto:port https://m0n0wall_one.example.com/ 192.168.2.254 m0n0wall_two.example.com # m0n0CFG \ m0n0CFGlogin:user:pass:proto:port https://m0n0wall_two.example.com/ ...and so on
- user and password represent the limited m0n0wall GUI user created above in the m0n0wall Configuration section
- proto is one of either http or https
- port is the port that your m0n0wall's web GUI is configured to listen on
- Next, create a ~xymon/server/etc/m0n0walls.cfg file. This file is where xymon_m0n0CFG.rb reads each firewall's FQDN and "Last configuration change" time/date which it will compare to the "Last configuration change" it receives from the m0n0wall's web GUI:
m0n0wall_one.example.com: last_config: Tue Jun 29 10:00:13 EDT 2010 m0n0wall_two.example.com: last_config: Tue Jun 29 10:00:13 EDT 2010
Install the custom external script
- Copy the Ruby script below into ~xymon/server/ext/xymon_m0n0CFG.rb
- Set the ownership and execution permissions on the script
chown xymon:xymon ~xymon/server/ext/xymon_m0n0CFG.rb chmod +x ~xymon/server/ext/xymon_m0n0CFG.rb
Edit script to match your environment
- The script is pretty well documented, but you do need to modify just a couple of the pre-configured variables to get started:
- System binaries - wget, date. date should not need to be changed since it is defined in ~xymon/server/etc/hobbitserver.cfg and is passed to xymon_m0n0CFG.rb by hobbitlaunch
- allow_cgi_fix - Set to "1" to have the "Click to Remedy" link on the m0n0CFG status page when a config change is detected. This link calls the CGI scripts that write the current "Last Config change" timestamp as reported by the m0n0wall back to the m0n0walls.cfg file. Set to "0" to force manual updating of the m0n0walls.cfg file
- debug - Set to "1" to log all output to the logfile defined in the next step
Tell Xymon (hobbitlaunch) to start running the new script
- Tell Xymon to start running the new external script by adding these lines to ~xymon/server/etc/hobbitlaunch.cfg:
[m0n0CFG] ENVFILE /usr/local/xymon/server/etc/hobbitserver.cfg CMD $BBHOME/ext/xymon_m0n0CFG.rb LOGFILE $BBSERVERLOGS/xymon_m0n0CFG.log INTERVAL 5m
- Wait a few minutes and you should see a new column called m0n0CFG on your Xymon page for each host that you added the m0n0CFG test to in your bb-hosts file
- Click on a m0n0CFG icon and you should see the output of the m0n0CFG test similar to the following image:
- Now log back into your m0n0wall and make a simple change and save the settings.
- Either wait 5 minutes for the xymon_m0n0CFG.rb script to be run again or run the following command manually as the xymon user:
xymon@server $ ./server/bin/bbcmd ./server/ext/xymon_m0n0CFG.rb (Which should output something like the following) 2010-07-19 13:25:48 Using default environment file /usr/local/xymon/server/etc/hobbitserver.cfg ---- date: Mon Jul 19 13:25:49 EDT 2010 host: host.example.com hostip: 192.168.254.xx Version: 1.32 Platform: PC Engines ALIX Uptime: 53 days, 04:52 cur_cfg: Mon Jul 19 13:11:30 EDT 2010 last_cfg: Thu Jul 15 12:55:09 EDT 2010 color: yellow notes: 20100417 - waa - 1.32 installed 20100306 - waa - 1.31 installed 20091201 - waa - 1.3 installed 20090413 - waa - 1.3b16 installed 20081111 - waa - 1.3b15 installed 20080823 - waa - 1.3b14 installed 20080713 - waa - 1.3b13 installed 20080710 - waa - 1.3b13-pre installed 20070113 - waa - 1.3b2 installed 20061217 - waa - 1.3b1 installed 20060403 - waa - 1.22 installed
- Now reload the m0n0CFG page, and you should see a yellow status page showing that the m0n0wall's current configuration date/time as reported by the xymon_m0n0CFG.rb script is different than the date/time stored in the m0n0walls.cfg file.
- If the allow_cgi_fix variable was set to "1", then simply clicking on the "Click to Remedy" link will update the m0n0walls.cfg file with the current date/time of the "Last config change" reported by the xymon_m0n0CFG.rb script.
- If the allow_cgi_fix variable was set to "0", then you will need to manually edit the m0n0walls.cfg file to clear up the yellow alert.
- Thanks to Darrik Mazey for helping me to convert an idea that was born as a bash shell script into the Ruby script you see below, and for all the time he spent testing and debugging my newly-found Ruby "skills"
- Thanks to Matthew Tidd for helping me figure out a couple tricky regexes in Ruby!
Xymon m0n0wall Script