supported by zabbix_agentd addon
IPFire Services
| Item key | Description | Available since |
|---|---|---|
ipfire.services.get |
Summary of IPFire services, their state, pids and memory usage. | Core Update 189 / zabbix_agentd addon v6.0.33 |
Gateway availability
| Item key | Description | Available since |
|---|---|---|
ipfire.net.gateway.arpingtime |
Internet Gateway ARP ping timings. | Core Update 197 / zabbix_agentd addon v7.0.16 |
ipfire.net.gateway.arping |
Internet Gateway reachable by ARP ping. | Core Update 197 / zabbix_agentd addon v7.0.16 |
ipfire.net.gateway.pingtime |
Internet Gateway ICMP ping timings. | Core Update 170 / zabbix_agentd addon v6.0.6 |
ipfire.net.gateway.ping |
Internet Gateway reachable by ICMP ping. | Core Update 170 / zabbix_agentd addon v6.0.6 |
Firewall
| Item key | Description | Available since |
|---|---|---|
ipfire.net.fw.hits.raw |
Firewall Filter Forward chain drops in bytes/chain. | Core Update 170 / zabbix_agentd addon v6.0.6 |
DHCP server
| Item key | Description | Available since |
|---|---|---|
ipfire.dhcpd.clients |
Number of currently Active DHCP leases | Core Update 170 / zabbix_agentd addon v6.0.6 |
Captive Portal
| Item key | Description | Available since |
|---|---|---|
ipfire.captive.clients |
Number of Captive Portal clients | Core Update 170 / zabbix_agentd addon v6.0.6 |
Pakfire
| Item key | Description | Available since |
|---|---|---|
pakfire.status |
Pakfire status message containing IPFire Core Update version information and available update information | Core Update 132 / zabbix_agentd addon v4.2.1 |
OpenVPN
| Item key | Description | Available since |
|---|---|---|
ipfire.ovpn.clients.discovery |
Discovery of configured ovpn clients. | Core Update 179 / zabbix_agentd addon v6.0.19 |
ipfire.ovpn.statusreport.get |
OpenVPN server statusreport. | Core Update 179 / zabbix_agentd addon v6.0.19 |
ipfire.ovpn.clientcert |
OpenVPN certificate details/validation. | Core Update 185 / zabbix_agentd addon v6.0.27 |
ipfire.ovpn.cacert |
OpenVPN CA certificate details/validation. | Core Update 185 / zabbix_agentd addon v6.0.27 |
WireGuard
| Item key | Description | Available since |
|---|---|---|
ipfire.wireguard.peers.discovery |
Discovery of configured WireGuard peers. | Core Update 197 / zabbix_agentd addon v7.0.16 |
ipfire.wireguard.statusreport.get |
WireGuard statusreport. | Core Update 197 / zabbix_agentd addon v7.0.16 |
Intrusion Protection
| Item key | Description | Available since |
|---|---|---|
ipfire.ips.throughput.get |
IPS Throughput. | Core Update 191 / zabbix_agentd addon v6.0.37 |
Guardian
| Item key | Description | Available since |
|---|---|---|
ipfire.guardian.blocked.count |
Number of blocked IP addresses by Guardian. | Core Update 191 / zabbix_agentd addon v6.0.37 |
Location DB
| Item key | Description | Available since |
|---|---|---|
ipfire.locationdb.lookup[*] |
Location DB lookup for one or more IP addresses. | Core Update 197 / zabbix_agentd addon v7.0.16 |
ipfire.locationdb.version |
Location DB version. | Core Update 197 / zabbix_agentd addon v7.0.16 |
Item key details
Parameters without angle brackets are mandatory. Parameters marked with angle brackets < > are optional.
ipfire.services.get
Summary of IPFire services, their state, pids and memory usage. Can be used for low-level discovery.
Return value: JSON object
This item returns a JSON with information about IPFire builtin and addon services, for example:
[
{
"service": "DHCP Server",
"servicename": "dhcpd",
"state": 1,
"pids": [
3855
],
"memory": 6684672
},
{
"service": "Addon: zabbix_agentd",
"servicename": "zabbix_agentd",
"onboot": 1,
"state": 1,
"pids": [
17207
],
"memory": 2740224
}
]
ipfire.net.gateway.arpingtime
Internet Gateway ARP ping timings, can be used to measure "Internet Line Quality", in case ICMP ping is blocked by the ISP.
Return value: Integer
ipfire.net.gateway.arping
Internet Gateway availability by ARPing, can be used to check Internet connection, in case ICMP ping is blocked by the ISP.
Return value: Integer
ipfire.net.gateway.pingtime
Internet Gateway ICMP ping timings, can be used to measure "Internet Line Quality"
Return value: Integer
ipfire.net.gateway.ping
Internet Gateway availability by ICMP ping, can be used to check Internet connection
Return value: Integer
ipfire.net.fw.hits.raw
Firewall Filter Forward chain drops in bytes/chain, can be used for low-level discovery of firewall chains and monitoring of firewall hits on each chain
Return value: JSON object
This item returns a JSON with Firewall filter chain drops in bytes/chain, for example:
[
{
"chain": "CTINVALID",
"bytes": "739395"
},
{
"chain": "FORWARD",
"bytes": "12506820"
},
{
"chain": "INPUT",
"bytes": "1005809"
},
{
"chain": "OUTPUT",
"bytes": "0"
}
]
ipfire.dhcpd.clients
Number of currently Active DHCP leases
Return value: Integer
ipfire.captive.clients
Number of Captive Portal clients
Return value: Integer
pakfire.status
Pakfire status message containing IPFire Core Update version information and available update information
Return value: Text
ipfire.ovpn.clients.discovery
Discovery of configured ovpn clients for use with low-level discovery.
Return value: JSON object
This item returns a JSON with configured OpenVPN clients, for example:
[
{
"{#NAME}": "Laptop",
"{#COMMONNAME}": "Ideapad",
"{#STATE}": "on",
"{#REMARK}": "",
"{#TYPE}": "host"
},
{
"{#NAME}": "Gsm",
"{#COMMONNAME}": "Oneplus",
"{#STATE}": "on",
"{#REMARK}": "",
"{#TYPE}": "host"
}
]
Supported macros
The following macros are supported for use in the discovery rule filter and prototypes of items, triggers and graphs:
| Macro | Description |
|---|---|
{#NAME} |
Name of the OpenVPN client as entered in IPFire webUI |
{#COMMONNAME} |
Common name as used in the OpenVPN client certificate |
{#STATE} |
Whether the client is Enabled ("on") or Disabled ("off") in IPFire webUI |
{#REMARK} |
Remark as entered in IPFire webUI |
{#TYPE} |
OpenVPN client type: "host" for Host-to-Net, "net" for Net-to-Net |
ipfire.ovpn.statusreport.get
OpenVPN statusreport.
Return value: JSON object
Comments:
- Can also be called with empty parameters:
ipfire.ovpn.statusreport.get[]for use as an item prototype in a discovery rule with an empty{#SINGLETON}macro.
This item parses /var/run/ovpnserver.log and returns a JSON with the parsed result, for example:
{
"timestamp": 1729283374,
"clients": [
{
"common_name": "Oneplus",
"real_address": "192.168.1.100:59650",
"bytes_in": "99023277",
"bytes_out": "1683354183",
"connected_since": "1729183106"
}
],
"routing_table": [
{
"common_name": "Oneplus",
"virtual_address": "10.220.189.18",
"real_address": "192.168.1.100:59650",
"last_ref": "1729283354"
}
]
}
ipfire.ovpn.clientcert[ovpn_clientname]
Validates the OpenVPN server or client certificate and returns certificate details.
Return value: JSON object
Parameters:
- ovpn_clientname - OpenVPN client-name as returned in the
{#NAME}macro byipfire.ovpn.clients.discoveryfor client certificate orserverfor the OpenVPN server certificate.
Comments:
- This item turns unsupported if the resource specified in ovpn_clientname does not exist
Example:
ipfire.ovpn.clientcert[server] # To get/validate the OpenVPN server certificate
ipfire.ovpn.clientcert[Laptop001] # To get/validate the OpenVPN client certificate for client "Laptop001"
This item returns a JSON with requested certificate details and validation result, for example:
{
"x509": {
"version": "3",
"serial_number": "1",
"signature_algorithm": "sha256WithRSAEncryption",
"issuer": "C=DE, O=IPFire, CN=IPFire appliance CA, emailAddress=info@ipfire.example.domain",
"not_before": {
"value": "Feb 13 18:58:17 2022 GMT",
"timestamp": "1644778697"
},
"not_after": {
"value": "Jan 10 18:58:17 4760 GMT",
"timestamp": "88044692297"
},
"subject": "C=DE, O=IPFire, CN=ipfire.example.domain",
"public_key_algorithm": "rsaEncryption"
},
"result": {
"value": "valid",
"message": "certificate verified successfully"
},
"sha1_fingerprint": "A4:23:1C:0F:EF:FE:8C:43:F5:14:43:83:BD:5C:E1:3E:AC:5E:A1:E7",
"sha256_fingerprint": "A5:64:D9:BA:35:4D:43:9E:F0:7D:BC:AD:EC:62:93:BD:C9:82:3B:95:D5:83:78:11:D4:40:60:6D:AF:42:3C:E5"
}
ipfire.ovpn.cacert
Validates the OpenVPN CA certificate and returns certificate details.
Return value: JSON object
Comments:
- Can also be called with empty parameters:
ipfire.ovpn.cacert[]for use as an item prototype in a discovery rule with an empty{#SINGLETON}macro. - The returned JSON object has the same format as
ipfire.ovpn.clientcert.
ipfire.wireguard.peers.discovery
Discovery of configured WireGuard peers for use with low-level discovery.
Return value: JSON object
This item returns a JSON with configured WireGuard peers, for example:
[
{
"{#NAME}":"GSM",
"{#ID}":"GkxGYoQagndpjBb4LmO/+aoFdalUVenSBwZQlkWHKyw=",
"{#STATE}":"on",
"{#REMARK_B64}":"T25lUGx1cyBOb3JkIDM=",
"{#TYPE}":"host"
},
{
"{#NAME}":"Laptop",
"{#ID}":"sn2McCt61iIZX8ZdKUs5HcI/JEkFHE5buoN+LCRzhlo=",
"{#STATE}":"on",
"{#REMARK_B64}":"",
"{#TYPE}":"host"
}
]
Supported macros
The following macros are supported for use in the discovery rule filter and prototypes of items, triggers and graphs:
| Macro | Description |
|---|---|
{#NAME} |
Name of the WireGuard peer as entered in IPFire webUI |
{#ID} |
Public key of the WireGuard peer |
{#STATE} |
Whether the client is Enabled ("on") or Disabled ("off") in IPFire webUI |
{#REMARK_B64} |
Remark as entered in IPFire webUI, Base64 encoded |
{#TYPE} |
WireGuard client type: "host" for Host-to-Net, "net" for Net-to-Net |
ipfire.wireguard.statusreport.get
WireGuard statusreport.
Return value: JSON object
This item returns a JSON with statistics of all peers, for example:
[
{
"id":"GkxGYoQagndpjBb4LmO/+aoFdalUVenSBwZQlkWHKyw=",
"endpoint":"192.168.1.100:38391",
"allowed_ip":"10.220.190.1/32",
"handshake_timestamp":1753897790,
"bytes_in":970542448,
"bytes_out":5426505240
},
{
"id":"sn2McCt61iIZX8ZdKUs5HcI/JEkFHE5buoN+LCRzhlo=",
"endpoint":"192.168.1.171:51820",
"allowed_ip":"10.220.190.2/32",
"handshake_timestamp":1750934933,
"bytes_in":2556,
"bytes_out":308
}
]
ipfire.ips.throughput.get
Summary of Intrusion Detection Prevention (IPS) throughput.
Return value: JSON object
Comments:
- Can also be called with empty parameters:
ipfire.ips.throughput.get[]for use as an item prototype in a discovery rule with an empty{#SINGLETON}macro.
This item returns a JSON with whitelisted, scanned and bypassed IPS throughput in bytes per second, for example:
{
"bypassed": 2608332316,
"whitelisted": 0,
"scanned": 908881957
}
ipfire.guardian.blocked.count
Number of blocked IP addresses by Guardian.
Return value: Integer
Comments:
- Can also be called with empty parameters:
ipfire.guardian.blocked.count[]for use as an item prototype in a discovery rule with an empty{#SINGLETON}macro.
ipfire.locationdb.lookup[ip,<ip>,<ip>,...]
Lookup one or more IP's in IPFire's Location DB.
Return value: JSON Object
This item returns a JSON containing the network, Country of origin and the AS that owns the IP for each requested IP.
Parameters:
- ip - the IP to look up in the LocationDB. This parameter can be repeated up to 9 times to get the location of up to 9 IP addresses in one call.
Example:
{
"8.8.8.8":{
"network":"8.8.8.0/24",
"country":"United States of America",
"as":"AS15169 - Google LLC"
},
"1.1.1.1":{
"network":"1.1.1.0/24",
"country":"Australia",
"as":"AS13335 - Cloudflare, Inc."
}
}
ipfire.locationdb.version
Current version of LocationDB.
Return value: Integer
LocationDB version is a timestamp. This item returns the timestamp in unixtime for easy interpretation by Zabbix server.