Installing complementary monitoring with or on the IPFire server

Add-Ons Monitoring
1

Since I do not seem to be able to get my Ubiquiti UISP to work with IPFire I am diverging towards other solutions and Pakfire already hints on Zabbix and Observium as more elaborate solutions, even if the latter seems a bit limited in comparison.

What I want to accomplish is a monitor and alert system for all, or most, of my devices routed via IPFire and if that also include additional protection, topology, configuration advice and systems resource usage, among other things, so much the better.

Since I think I have enough hardware resources for this:

8-Core Intel(R) Atomā„¢ CPU C2758 @ 2.40GHz
16 GB DDR4 RAM
Plenty of fast disk
NIC with 4 ports
(all based on this server: 5018A-FTN4 | 1U | SuperServers | Products | Super Micro Computer, Inc. )

I would prefer installing the monitoring app on the same server I run IPFire.

  1. Is this possible? Would it cause any adverse effects on IPFire itself?
  2. What installation method, as in what Linux distro, should I base my installation upon? Zabbix has methods for several different distributions.

Oh, and Nagios of course: wiki.ipfire.org - NRPE I donā€™t really mind, but that script seems from 2007 ?

2

Hopefully @robinr1 will add his comments about Zabbix. Iā€™d like to hear more about that add-on. I have not looked into Observium.

1 Like
3

Got a tip about this, can perhaps be added to the list: Download Checkmk for free | Checkmk

But question still stands, if installing it on the same server as IPFire is okā€¦? And what distro to base it upon?

4

I suspect from these that your question is about installing the Zabbix server itself on IPFire.

For Zabbix to run you also would need either mysql or postgresql and you would need a web server with php enabled and you would need php installed.

None of this is available on IPFire.

You need to install the Zabbix server on a server machine on your network.

The Zabbix addon is for installing a zabbix agent onto IPFire, which then sends the info collected to the zabbix server elsewhere on your network.

5

Considering future upgrades perhaps just a bad idea to install ?

I know how an agent is supposed to work, but I think me and @jon wonder about the actuality of the codeā€¦

6

@robinr1 is keeping the zabbix agent well updated. In July 2022 he brought the zabix agent up to date from version 4.2.6 to 6.0.6 (LTS) and it has been updated to 6.0.16, 6.0.19, 6.0.21 and 6.0.22 back in October this year.

The zabbix addon is being well maintained by someone who uses it and is very familiar with it.

If you decide to use it I am sure that @robinr1 will support for any questions or difficulties that you have.

7

ok, I got Zabbix on my spare supermicro serverā€¦Installed it as OS from ISO. Based upon Almalinux it seems, but uses RHEL syntax so I may be not completely lost in that having used Fedora a bit.
ā€¦ hours upon hours of conf remainsā€¦

it is VERY underwhelming setting up a new system from scratch that requires tons of config and discovery. Well see how smart it is and what it discovers by itself after scanning my network rangesā€¦

need to look up what stuff in IPFire FW may need addressing for it to run all over
the place and access everything

Thanks Adolfā€¦

8

@robinr1 has created a zabbix template for IPFire which is mentioned in the wiki and info available from the github source
https://github.com/RobinR1/zbx-template-ipfire

9

Just had a power outage for about 45 minutes. It broke the Zabbix.

I will see if I can repair, but I honestly think it is the first time ever I have experienced an application to actually break due to the computer I is hosted on having a power outage.

Maybe a clean reboot will be enough.

(I realize this is not a Zabbix support threadā€¦ )

Na. Dead. :skull:

10

Hi! ā€¦ Iā€™m already a bit late to the party, it seems :slight_smile: @bonnietwin is completely correct in his answers.
Zabbix has a set of default templates for different OSā€™es and applications, so it should be able to monitor already quite a few things in your network straight out of the box. And it has built in alerting to a bunch of services including mail, slack, telegram etcā€¦ making it quite easy to set that up. So it should be able to fit all your monitoring needs.

At first the learning curve may look steep and the configuration options are many and can be overwhelming. I suggest you start by checking out the Quickstart chapter in the documentation and/or this Zabbix Concepts youtube video. Make sure you clearly understand those concepts, but you should not yet bother too much about the server configuration file and all settings in it. The defaults should get you started just fine, and you can start fiddling with those once you are more familiar with how Zabbix works.
Make sure to check out the Zabbix blog and Zabbix YouTube channel as well as the YouTube channel of Dmitry Lambert, a Zabbix employee, for tons of useful guides, tutorials, explanations, etcā€¦

As for deployment, on IPFire itself is, as @bonnietwin correctly pointed out, is not recommended, if even possible at all since it would require manually building all required dependencies for IPFire.
From what you wrote earlier, I understand you have installed the Zabbix appliance ISO. This is probably great for evaluating and exploring Zabbix a bitā€¦ but it is absolutely not recommended for production use.
See the requirements in the Zabbix documentation to get an idea of the minimal hw requirements.
I myself run Zabbix at home in a kvm virtual machine with 2vcpuā€™s and 4Gb ram assigned, running openSUSE Leap 15.5 with Apache, php, MariaDB and Zabbix, all in the same VM. Currently it processes an average of 33 incoming values per second monitoring 15 hosts (including IPFire) without breaking any sweat.
Anyway, I would recommend to install Zabbix server on a supported OS you are familiar with. Also check out this step-by-step deployment quide video.

About the breaking of your Zabbix instanceā€¦ I donā€™t know what to sayā€¦ I have been using Zabbix since 2009, set it up and maintained it in a handful of companies, and Iā€™m still maintaining quite a big instance at my current company as well as experimenting with it at home. With several sudden and unexpected downtimes over the years due to power, failing network, storage/SAN etcā€¦ I may have been lucky, but I have never seen Zabbix break, unable to be recovered. Certainly not due to a power failure. The underlying databases Iā€™ve used (MySQL, MariaDB, PostgreSQL/TimescaleDB) where always able to recover themselves without much manual intervention.
I do actually have never used the appliance ISOā€¦ maybe thatā€™s one of the reasons why it is not recommended to use for productionā€¦

3 Likes
11

Welcome and donā€™t worry, as it is right now I am testing stuff and Zabbix is of course a prime candidate. There will be hiccups.

Tried the Hyper-V images but my Server 2022 did not like those at all, so I went for the ISO-on-hw to just get something started.

I will probably keep using the hardware server approach, since I have it available, but set up some Linux and following the basics of your recipe. Or maybe install the ISO in a Hyper-V could work too. It is less fiddly with databases and such doing it that wayā€¦ I should go for more virtual, but as it is I can just do backups of the machines, not mirroring or clustering.

But I divergeā€¦ need to read more.

12

Iā€™m sure you can a Zabbix Docker.

13

Yes indeed I can, but my docker is virtualized in Hyper-V so it would not be standalone - not that it needs to be. I even got Portainer running on it, I thought it would make things easier, but even if some things are easier, others are not.

14

Zabbix is working.

I spent about 10 hours on and off with several unexpected hurdles getting this up and running as a container in my Portainer environment. No conf done yet.

15

Hi all,
may a little OT even it is not available via Pakfire but i tried to get an Wazuh agent ready for IPFire whereby the Manager works on a CentOS VM even on a headless platform it was a fast setup.

The results are nice even with default settings and a platform (IPFire) which is not known in Wazuh.

Screenshot 2023-12-11 at 14-38-41 Wazuh - Wazuh
Screenshot 2023-12-11 at 14-38-41 Wazuh - Wazuh1990Ɨ1434 244 KB

Screenshot 2023-12-11 at 14-41-07 Wazuh - Wazuh
Screenshot 2023-12-11 at 14-41-07 Wazuh - Wazuh1990Ɨ1233 203 KB

Screenshot 2023-12-11 at 14-39-27 Wazuh - Wazuh
Screenshot 2023-12-11 at 14-39-27 Wazuh - Wazuh1920Ɨ2570 239 KB

ā† just a little overview of much more availableā€¦
And it even like SuricataĀ“s eve.json logsā€¦ But am not sure if this makes sense for you and for sure for the IPFire devĀ“s opinion :innocent: but i will keep on working on it not only looking on some PFsense decoders :upside_down_face: .

Best,

Erik

2 Likes
16

Also tried Wazuh. Still not doable on the IPFire machine, but I will not rant on that.
Wazuh has a greater focus on malware and vulnerabilities, hence you are recommended to install agents on monitored devices. I donƤt know how much actual ā€œnetwork monitoringā€ you get out of it.

17

Have spend a little time to get this LFS to workā€¦ my point of interest would be how you managed to get an Wazuh agent workable on IPFire machines (IPFire server or IPFire FW only)?
Network Monitoring: A lot for my opinion, even it is highly configurable but if you are interested, would you mind to open up a new topic ?

Best,

Erik

1 Like
18

Didnā€™t. Not even tried. IPFire as such should be among the absolute safest machines I have, so not really a prority.

19

Sure, but this started with Zabbix and similars. You want one with Wazuh? In my opinion they have different focus.

20

:+1:

Best,

Erik