search

nbuchwitz / check_opnsense

Check script for opnsense firewall
GNU General Public License v2.0
17 stars 13 forks source link

./check_opnsense.py makes a error #3

Closed syswombat closed 6 years ago

syswombat commented 6 years ago

hello each time i enter the whole code i got a error and the line brake with error ./check_opnsense.py -H 10.147.42.7 --api-key gZY632BtFxwZrkQ9w

maybe because the code is soooo long to use and to help my self i wrote down what to do... http://wombat3.kozo.ch/j/icinga-list/9780-icinga2-add-opnsense

please have a look and tell me if i am wrong or how to make it better

nbuchwitz commented 6 years ago

It looks like you forgot to add the --api-secret <api-secret>?

syswombat commented 6 years ago

no it did, just break befor all is copy pasted have the information to be put between "" or <> or nothing? my key are extremly long tooo

syswombat commented 6 years ago

a part of the error output (the line 15 is where the api-key is - ) [2018-07-26 18:50:29 +0200] critical/config: Error: syntax error, unexpected T_STRING_ANGLE Location: in /etc/icinga2/conf.d/opnsense/opnsene-update.conf: 15:28-15:109 /etc/icinga2/conf.d/opnsense/opnsene-update.conf(13): /etc/icinga2/conf.d/opnsense/opnsene-update.conf(14): vars.opnsense_host = "10.147.42.7" /etc/icinga2/conf.d/opnsense/opnsene-update.conf(15): vars.opnsense_api-key = <gZY632BtFxwZrkQ

nbuchwitz commented 6 years ago

You have to put the key and the secret between ". The < and > characters are part of the example string and shouldn't be part of your config.

syswombat commented 6 years ago

[2018-07-26 21:41:33 +0200] critical/config: Error: Expression cannot be assigned to. Location: in /etc/icinga2/conf.d/opnsense/opnsene-update.conf: 15:1-15:109 /etc/icinga2/conf.d/opnsense/opnsene-update.conf(13): /etc/icinga2/conf.d/opnsense/opnsene-update.conf(14): vars.opnsense_host = "10.147.42.7" /etc/icinga2/conf.d/opnsense/opnsene-update.conf(15): vars.opnsense_api-key = "gZY632BtFxwZrkQ9wTVCx" ^^^^^^^^^^^^^^^^^^^^^^^^^

As you could see the " " is not helping either. i cut a bit of the api-key code. The ^^^^^ starts just below the vars.opnsense

i just scarry i have a spelling mistake in it.

nbuchwitz commented 6 years ago

Could you share your full config?

syswombat commented 6 years ago

1 object CheckCommand "check_opnsense-update" { 2 3 command = [ PluginCustomDir + "/opnsense/check_opnsense.py" ] 4 5 arguments = { 6 "-H" = "$opnsense_host$" 7 "--api-key" = "$opnsense_api-key$" 8 "--api-secret" = "$opnsense_api-secret$" 9 "-m" = "$opnsense_function$" 10 "-w" = "$opnsense_TRESHOLD_WARNING$" 11 "-c" = "$opnsense_TRESHOLD_CRITICAL$" 12 } 13 14 vars.opnsense_host = "10.147.42.7" 15vars.opnsense_api-key = "gZY632BtFxwZrkQ+mDxl8qsqirqDuFsrxCCe" 16vars.opnsense_api-secret = "Y0yi/QxfLYHLD807SSnKaL1K/uRqejMiR32vipUHglYg" 17 vars.opnsense_function = "updates" 18 }

Installed like this - http://wombat3.kozo.ch/j/icinga-list/9780-icinga2-add-opnsense

nbuchwitz commented 6 years ago

The problem are your variable names: opnsense_api-key and opnsense_api-secret

Change the minus to a underscore and everything should be fine:

object CheckCommand "check_opnsense-update" {

  command = [ PluginCustomDir + "/opnsense/check_opnsense.py" ]

  arguments = {
    "-H"            = "$opnsense_host$"
    "--api-key"     = "$opnsense_api_key$"
    "--api-secret"  = "$opnsense_api_secret$"
    "-m"            = "$opnsense_function$"
    "-w"            = "$opnsense_TRESHOLD_WARNING$"
    "-c"            = "$opnsense_TRESHOLD_CRITICAL$"
  }

  vars.opnsense_host = "10.147.42.7"
  vars.opnsense_api_key = "gZY632BtFxwZrkQ+mDxl8qsqirqDuFsrxCCe"
  vars.opnsense_api_secret = "Y0yi/QxfLYHLD807SSnKaL1K/uRqejMiR32vipUHglYg"
  vars.opnsense_function = "updates"
}
syswombat commented 6 years ago

icinga2 daemon -C gave no error - so this helped! will check the GUI tonight.

did the System get confused with --api-key and opnsense_api-key because the opnsense part where cut away? Thanks a lot for your help as next i will try the pve part ;-) is the tutorial to config it ok?

syswombat commented 6 years ago

UNKNOWN - Could not connect to OPNsense: Certificate validation failed and i don't know why ;-(

nbuchwitz commented 6 years ago

This happens, if your opnsense doesn't have a valid (=trusted) cert. You have set the -k flag to ignore the cert validation.

syswombat commented 6 years ago

Perfect - thanks a lot - it works fine ;-) i also add this to my howto http://wombat3.kozo.ch/j/icinga-list/9780-icinga2-add-opnsense